各路高手好啊���,最近折騰一個Linxu下PPTP撥號的奇怪問題�,請大家?guī)兔兔Α?/p>
先說背景:最近開發(fā)某Linux下爬蟲程序�,需要通過PPTP撥號不斷切換IP避免被封。
拿到手的PPTP服務(wù)在osx[MBA+OSX 10.11.3]和win[VirtualBox+WinXP]下測試都沒有問題��,可以正常連上��,正常上網(wǎng)�。
但在Linux下面卻接二連三出現(xiàn)問題����,我曾嘗試過幾種發(fā)行版:
(a)Ubuntu 14.04 LTS (pppd 2.4.6) [virtualbox/openstack]
(b)CentOS 7 (pppd 2.4.5) [openstack]
(c)Amazon Linux (pppd 2.4.5) [aws]
(d)Kali 4.0 Linux (pppd 2.4.6) [virtualbox]
在Linux下,一律用yum/apt命令更新到最新版����,然后統(tǒng)一使用pptpsetup來配置撥號參數(shù)
pptpsetup --create cndx --server $PPTPSERVER --username $USERNAME --password $PASSWORD --encrypt
然后用pppd自帶的pon命令建立連接,并加上調(diào)試參數(shù)
pon cndx debug dump logfd 2 nodetach
好了����,說這么多,終于要進入正題:
經(jīng)過測試�,只有(c)(d)能正常連上VPN����,用ifconfig可以看到ppp0的IP信息��。但用curl命令測試�����,只有(d)能正常上網(wǎng):
curl --interface ppp0 'http://www.163.com' > /dev/null
(c)無法上網(wǎng)懷疑和大防火墻有關(guān)�����,這里不作深入討論���。
(a)和(b)的典型失敗日志:
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/peers/cndx)
name holyung # (from /etc/ppp/peers/cndx)
remotename cndx # (from /etc/ppp/peers/cndx)
# (from /etc/ppp/peers/cndx)
pty pptp XXX.com --nolaunchpppd # (from /etc/ppp/peers/cndx)
ipparam cndx # (from /etc/ppp/peers/cndx)
nobsdcomp # (from /etc/ppp/peers/cndx)
nodeflate # (from /etc/ppp/peers/cndx)
require-mppe-128 # (from /etc/ppp/peers/cndx)
using channel 3
Using interface ppp0
Connect: ppp0 <--> /dev/pts/1
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x944eec53> <pcomp> <accomp>]
LCP: timeout sending Config-Requests
Connection terminated.
Modem hangup
Waiting for 1 child processes...
script pptp XXX.com --nolaunchpppd, pid 16550
Script pptp XXX.com --nolaunchpppd finished (pid 16550), status = 0x0
而成功的日志大概長這樣
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/peers/cndx)
name holyung # (from /etc/ppp/peers/cndx)
remotename cndx # (from /etc/ppp/peers/cndx)
# (from /etc/ppp/peers/cndx)
pty pptp XXX.com --nolaunchpppd # (from /etc/ppp/peers/cndx)
ipparam cndx # (from /etc/ppp/peers/cndx)
nobsdcomp # (from /etc/ppp/peers/cndx)
nodeflate # (from /etc/ppp/peers/cndx)
require-mppe-128 # (from /etc/ppp/peers/cndx)
using channel 8
Using interface ppp0
Connect: ppp0 <--> /dev/pts/2
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x69564b80> <pcomp> <accomp>]
rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <magic 0x69564b80>]
rcvd [LCP ConfAck id=0x2 <magic 0x69564b80>]
rcvd [LCP ConfReq id=0x2 <auth chap MS-v2> <mru 1450> <magic 0x8d3b8348>]
sent [LCP ConfAck id=0x2 <auth chap MS-v2> <mru 1450> <magic 0x8d3b8348>]
rcvd [CHAP Challenge id=0x1 <7b406356ed490dd919ed59a15eb00718>, name = "\37777777670\37777777650-\37777777710\37777777652\37777777726\37777777735"]
sent [CHAP Response id=0x1 <4340c19890d5fd223963050a858a0d4c0000000000000000c6e05aa2a33ab0fe022cd47b566bde019448e1159475c38000>, name = "XXX"]
rcvd [CHAP Success id=0x1 "S=ACED2A8499B919A392FC75426FB0EB81665F317A"]
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [IPCP ConfReq id=0x1 <addr 12.12.12.254>]
sent [IPCP TermAck id=0x1]
rcvd [proto=0x8281] 01 01 00 04
Unsupported protocol 'MPLSCP' (0x8281) received
sent [LCP ProtRej id=0x3 82 81 01 01 00 04]
rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
sent [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
MPPE 128-bit stateless compression enabled
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 172.31.17.86>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 172.31.17.86>]
rcvd [IPCP ConfNak id=0x2 <addr 12.12.12.25>]
sent [IPCP ConfReq id=0x3 <addr 12.12.12.25>]
rcvd [IPCP ConfReq id=0x2 <addr 12.12.12.254>]
sent [IPCP ConfAck id=0x2 <addr 12.12.12.254>]
rcvd [IPCP ConfAck id=0x3 <addr 12.12.12.25>]
local IP address 12.12.12.25
remote IP address 12.12.12.254
Script /etc/ppp/ip-up started (pid 26448)
Script /etc/ppp/ip-up finished (pid 26448), status = 0x0
大概表現(xiàn)就是 LCP ConfReq 請求發(fā)出后��,沒有收到正確的響應(yīng)���。
網(wǎng)上搜索了相關(guān)的資料,整理出原因大概有幾類:
(1)外部網(wǎng)絡(luò)設(shè)備原因�,例如路由器禁止GRE協(xié)議
很有可能不是,因為在同一個網(wǎng)絡(luò)環(huán)境(家庭寬帶+VirtualBox)�����,WinXP撥號上網(wǎng)完全沒問題,Kali也可以一次撥號成功�。但idc的openstack環(huán)境是否存在著問題,目前無法確認�����。
(2)iptables配置錯誤
暫時也排除這個原因���,清空iptables規(guī)則也無法連VPN�����。
(3)pptp配置文件問題
把撥號成功的pptp配置文件(/etc/pptp/下所有目錄和文件)復(fù)制粘貼���,還是不行
(4)Linux發(fā)行版/內(nèi)核配置
目前認為最有可能的原因�,因為至少在Kali能連上和正常使用VPN,很可能是不同發(fā)行版的內(nèi)核參數(shù)不同所引起����。我對這方面實證不熟悉,請各位高人指點����。
另外�,通過tcpdump觀察�����,目前能確認的是��,所有l(wèi)inux發(fā)行版在撥號的時候����,都能成功連上pptp服務(wù)器的1723,上面日志顯示的 LCP ConfReq 開始的交換流程���,eth1上抓不到���,怎樣tcpdump這部分的網(wǎng)絡(luò)包,也請各位高人指點�。
暫時實在想不到解決方法,項目只能先放在win服務(wù)器上跑�,:(,還好是python寫����,移植花不了多少工夫
0 
1
2432
收藏
