各路高手好啊,最近折腾一个Linxu下PPTP拨号的奇怪问题,请大家帮忙帮忙。
先说背景:最近开发某Linux下爬虫程序,需要通过PPTP拨号不断切换IP避免被封。
拿到手的PPTP服务在osx[MBA+OSX 10.11.3]和win[VirtualBox+WinXP]下测试都没有问题,可以正常连上,正常上网。
但在Linux下面却接二连三出现问题,我曾尝试过几种发行版:
(a)Ubuntu 14.04 LTS (pppd 2.4.6) [virtualbox/openstack]
(b)CentOS 7 (pppd 2.4.5) [openstack]
(c)Amazon Linux (pppd 2.4.5) [aws]
(d)Kali 4.0 Linux (pppd 2.4.6) [virtualbox]
在Linux下,一律用yum/apt命令更新到最新版,然后统一使用pptpsetup来配置拨号参数
pptpsetup --create cndx --server $PPTPSERVER --username $USERNAME --password $PASSWORD --encrypt
然后用pppd自带的pon命令建立连接,并加上调试参数
pon cndx debug dump logfd 2 nodetach
好了,说这么多,终于要进入正题:
经过测试,只有(c)(d)能正常连上VPN,用ifconfig可以看到ppp0的IP信息。但用curl命令测试,只有(d)能正常上网:
curl --interface ppp0 'http://www.163.com' > /dev/null
(c)无法上网怀疑和大防火墙有关,这里不作深入讨论。
(a)和(b)的典型失败日志:
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/peers/cndx)
name holyung # (from /etc/ppp/peers/cndx)
remotename cndx # (from /etc/ppp/peers/cndx)
# (from /etc/ppp/peers/cndx)
pty pptp XXX.com --nolaunchpppd # (from /etc/ppp/peers/cndx)
ipparam cndx # (from /etc/ppp/peers/cndx)
nobsdcomp # (from /etc/ppp/peers/cndx)
nodeflate # (from /etc/ppp/peers/cndx)
require-mppe-128 # (from /etc/ppp/peers/cndx)
using channel 3
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
script pptp XXX.com --nolaunchpppd, pid 16550
Script pptp XXX.com --nolaunchpppd finished (pid 16550), status = 0x0
而成功的日志大概长这样
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/peers/cndx)
name holyung # (from /etc/ppp/peers/cndx)
remotename cndx # (from /etc/ppp/peers/cndx)
# (from /etc/ppp/peers/cndx)
pty pptp XXX.com --nolaunchpppd # (from /etc/ppp/peers/cndx)
ipparam cndx # (from /etc/ppp/peers/cndx)
nobsdcomp # (from /etc/ppp/peers/cndx)
nodeflate # (from /etc/ppp/peers/cndx)
require-mppe-128 # (from /etc/ppp/peers/cndx)
using channel 8
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x69564b80> <pcomp> <accomp>]
rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <magic 0x69564b80>]
rcvd [LCP ConfAck id=0x2 <magic 0x69564b80>]
rcvd [LCP ConfReq id=0x2 <auth chap MS-v2> <mru 1450> <magic 0x8d3b8348>]
sent [LCP ConfAck id=0x2 <auth chap MS-v2> <mru 1450> <magic 0x8d3b8348>]
rcvd [CHAP Challenge id=0x1 <7b406356ed490dd919ed59a15eb00718>, name = "\37777777670\37777777650-\37777777710\37777777652\37777777726\37777777735"]
sent [CHAP Response id=0x1 <4340c19890d5fd223963050a858a0d4c0000000000000000c6e05aa2a33ab0fe022cd47b566bde019448e1159475c38000>, name = "XXX"]
rcvd [CHAP Success id=0x1 "S=ACED2A8499B919A392FC75426FB0EB81665F317A"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x1 <addr 12.12.12.254>]
sent [IPCP TermAck id=0x1]
rcvd [proto=0x8281] 01 01 00 04
Unsupported protocol 'MPLSCP' (0x8281) received
sent [LCP ProtRej id=0x3 82 81 01 01 00 04]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 172.31.17.86>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 172.31.17.86>]
rcvd [IPCP ConfNak id=0x2 <addr 12.12.12.25>]
sent [IPCP ConfReq id=0x3 <addr 12.12.12.25>]
rcvd [IPCP ConfReq id=0x2 <addr 12.12.12.254>]
sent [IPCP ConfAck id=0x2 <addr 12.12.12.254>]
rcvd [IPCP ConfAck id=0x3 <addr 12.12.12.25>]
local IP address 12.12.12.25
remote IP address 12.12.12.254
Script /etc/ppp/ip-up started (pid 26448)
Script /etc/ppp/ip-up finished (pid 26448), status = 0x0
大概表现就是 LCP ConfReq 请求发出后,没有收到正确的响应。
网上搜索了相关的资料,整理出原因大概有几类:
(1)外部网络设备原因,例如路由器禁止GRE协议
很有可能不是,因为在同一个网络环境(家庭宽带+VirtualBox),WinXP拨号上网完全没问题,Kali也可以一次拨号成功。但idc的openstack环境是否存在着问题,目前无法确认。
(2)iptables配置错误
暂时也排除这个原因,清空iptables规则也无法连VPN。
(3)pptp配置文件问题
把拨号成功的pptp配置文件(/etc/pptp/下所有目录和文件)复制粘贴,还是不行
(4)Linux发行版/内核配置
目前认为最有可能的原因,因为至少在Kali能连上和正常使用VPN,很可能是不同发行版的内核参数不同所引起。我对这方面实证不熟悉,请各位高人指点。
另外,通过tcpdump观察,目前能确认的是,所有linux发行版在拨号的时候,都能成功连上pptp服务器的1723,上面日志显示的 LCP ConfReq 开始的交换流程,eth1上抓不到,怎样tcpdump这部分的网络包,也请各位高人指点。
暂时实在想不到解决方法,项目只能先放在win服务器上跑,:(,还好是python写,移植花不了多少工夫
What version of the pptp server? Try deploying a server yourself and grab it. Try wireshark to see if there are any OS restrictions on the server