我有一个正在运行的pptpd pppd服务器,它目前有两个成功连接的
Windows 7客户端.但是,当我尝试连接一个
Linux客户端时,我得到一个非常奇怪的交换,以服务器端和客户端端的“peer refused authenticate”结尾.
这是来自服务器的日志:
pppd[8205]: using channel 51 pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>] pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>] pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>] pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>] pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>] pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[8205]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[8205]: sent [LCP EchoReq id=0x0 magic=0x20b0750f] pppd[8205]: sent [LCP TermReq id=0x3 "peer refused to authenticate"] pppd[8205]: rcvd [LCP EchoReq id=0x0 magic=0x23d6bed3] pppd[8205]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"] pppd[8205]: sent [LCP TermAck id=0x3] pppd[8205]: rcvd [LCP TermAck id=0x3] pptpd[8204]: CTRL: Reaping child PPP[8205]
这是来自客户端的日志:
pppd[12077]: pppd options in effect: pppd[12077]: debug # (from command line) pppd[12077]: holdoff 10 # (from /etc/ppp/peers/home1) pppd[12077]: persist # (from /etc/ppp/peers/home1) pppd[12077]: dump # (from command line) pppd[12077]: require-mschap-v2 # (from /etc/ppp/peers/home1) pppd[12077]: refuse-pap # (from /etc/ppp/peers/home1) pppd[12077]: refuse-mschap # (from /etc/ppp/peers/home1) pppd[12077]: name <redacted> # (from /etc/ppp/peers/home1) pppd[12077]: remotename <redacted> # (from /etc/ppp/peers/home1) pppd[12077]: # (from /etc/ppp/options) pppd[12077]: pty pptp <redacted> --nolaunchpppd # (from /etc/ppp/peers/home1) pppd[12077]: crtscts # (from /etc/ppp/options) pppd[12077]: # (from /etc/ppp/options) pppd[12077]: asyncmap 0 # (from /etc/ppp/options) pppd[12077]: lcp-echo-failure 4 # (from /etc/ppp/options) pppd[12077]: lcp-echo-interval 30 # (from /etc/ppp/options) pppd[12077]: hide-password # (from /etc/ppp/options) pppd[12077]: proxyarp # (from /etc/ppp/options) pppd[12077]: nobsdcomp # (from /etc/ppp/peers/home1) pppd[12077]: nodeflate # (from /etc/ppp/peers/home1) pppd[12077]: nomppe # (from /etc/ppp/peers/home1) pppd[12077]: noipx # (from /etc/ppp/options) pppd[12078]: pppd 2.4.5 started by <redacted>,uid 0 pppd[12078]: using channel 12 pppd[12078]: Using interface ppp0 pppd[12078]: Connect: ppp0 <--> /dev/pts/14 pptp[12079]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request' pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established. pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>] pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request' pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply. pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0,peer's call ID 1920). pppd[12078]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>] pppd[12078]: No auth is possible pppd[12078]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>] pppd[12078]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>] pppd[12078]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>] pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[12078]: rcvd [LCP ConfNak id=0x1 <auth pap>] pppd[12078]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[12078]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[12078]: sent [LCP EchoReq id=0x0 magic=0x23d6bed3] pppd[12078]: peer refused to authenticate: terminating link pppd[12078]: sent [LCP TermReq id=0x3 "peer refused to authenticate"] pppd[12078]: rcvd [LCP EchoReq id=0x0 magic=0x20b0750f] pppd[12078]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"] pppd[12078]: sent [LCP TermAck id=0x3] pppd[12078]: rcvd [LCP TermAck id=0x3] pppd[12078]: Connection terminated.
我对这些行感到困惑(来自服务器日志):
pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>] pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>] pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>] pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>] pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>] pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>] pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
如果我正确读取,服务器请求mschap-v2 auth,那么客户端拒绝(为什么?);在此之后客户端请求mschap-v2 auth,然后服务器拒绝pap(wtf?),导致两个对等体都没有使用auth并且连接失败.
有人可以了解这里发生的事情吗?
解决方法
弄清楚了.
问题是在客户端给pppd提供了“auth”和“require-mschap-v2”选项.显然,只有服务器端必须配置为请求身份验证,客户端配置为不请求任何类型的身份验证.发生的事情是客户端要求服务器验证自己,但失败了.
