Pages

Sunday, 3 March 2013

安卓手机上不能成功连接pptp vpn之解决

在测试vpn从服务器的时候,出现一个问题。不管是PPTP\L2TP在电脑上都能成功连接,但是在手机上都连接失败,这样的问题,解决方法依然是那样,开启debug日志,然后通过客户端与VPN服务器之间的连接调试找出问题。好了,先上error code.


Nov  5 00:12:12 SafeTech pptpd[1753]: MGR: Launching /usr/sbin/pptpctrl to handle client
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: local address = 172.16.36.1
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: remote address = 172.16.36.2
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: pppd options file = /etc/ppp/options.pptpd
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Client 58.19.178.195 control connection started
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Received PPTP Control Message (type: 1)
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Made a START CTRL CONN RPLY packet
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: I wrote 156 bytes to the client.
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Sent packet to client
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Received PPTP Control Message (type: 7)
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Set parameters to 100000000 maxbps, 8192 window size
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Made a OUT CALL RPLY packet
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Starting call (launching pppd, opening GRE)
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: pty_fd = 6
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: tty_fd = 7
Nov  5 00:12:12 SafeTech pptpd[1755]: CTRL (PPPD Launcher): program binary = /usr/sbin/pppd
Nov  5 00:12:12 SafeTech pptpd[1755]: CTRL (PPPD Launcher): local address = 172.16.36.1
Nov  5 00:12:12 SafeTech pptpd[1755]: CTRL (PPPD Launcher): remote address = 172.16.36.2
Nov  5 00:12:12 SafeTech pppd[1755]: Plugin /usr/lib/pppd/2.4.4/radius.so loaded.
Nov  5 00:12:12 SafeTech pppd[1755]: RADIUS plugin initialized.
Nov  5 00:12:12 SafeTech pppd[1755]: pppd 2.4.4 started by root, uid 0
Nov  5 00:12:12 SafeTech pppd[1755]: Using interface ppp0
Nov  5 00:12:12 SafeTech pppd[1755]: Connect: ppp0 <--> /dev/pts/1
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: I wrote 32 bytes to the client.
Nov  5 00:12:12 SafeTech pptpd[1753]: CTRL: Sent packet to client
Nov  5 00:12:42 SafeTech pppd[1755]: LCP: timeout sending Config-Requests
Nov  5 00:12:42 SafeTech pppd[1755]: Connection terminated.
Nov  5 00:12:43 SafeTech pppd[1755]: Modem hangup
Nov  5 00:12:43 SafeTech pppd[1755]: Exit.
很明显 这里主要的问题在于LCP: timeout sending Config-Requests,超时发送设置文件,后来经过各种调试,网上有的说是因为服务器加密导致的,好吧!我先去掉加密,还是不行,后来发现要让pptp支持穿透,可能某些环境需要吧~,这里谈下怎样让其支持路由穿透。

这里提到的就是ip_nat_pptp模块,通过加载ip_nat_pptp模块使iptables支持PPTP穿透,配置需要在iptables中进行,就像一般的路由器一样。通过lsmod查询,发现确实没有pptp模块,于是就通过以下命令加载了一下该模块:
modprobe ip_nat_pptp
加载之后,手机成功连接vpn,我的手机是安卓4.0,不过这里不得不说一下,安卓L2TP方式我压根就没成功过!这是bug么? 为了能够让iptables在每次启动的时候都自动加载该模块。我们需要在/etc/sysconfig/iptables-config加入该模块:
IPTABLES_MODULES="ip_conntrack_netbios_ns ip_conntrack_ftp ip_nat_pptp"
----------------------------------------------------------------------
怎样开启pptp vpn的调试模式
开启PPTP日志:

vim /etc/pptpd.conf 将debug前的# 去掉
分离PPTP日志:
由于日志使用的软件不一样,请使用下面的相应设置。

# nano /etc/syslog.conf (添加如下 daemon.* /var/log/ppp.log )
# nano /etc/rsyslog.conf  (添加如下 daemon.* /var/log/ppp.log )
# service syslog restart 
# service rsyslog restart