Зависает pptpd (ищу ошибку)

Зависает весь pptpd или только один сеанс? С каких клиентов идёт подключение? Что в логах сервера?

Честно сказать, зависают иногда все, иногда те которые добавлялись последними, подключение идет с разных устройства, вин, мак, иос и т.п

Логи в порядке, ошибок нет вообще

Логи в порядке, ошибок нет вообще

Конфиги /etc/pptpd.conf и /etc/ppp/options.pptpd в студию

############################################################################### # $Id$ # # Sample Poptop configuration file /etc/pptpd.conf # # Changes are effective when pptpd is restarted. ###############################################################################

# TAG: ppp # Path to the pppd program, default '/usr/sbin/pppd' on Linux # #ppp /usr/sbin/pppd

# TAG: option # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' #

option /etc/ppp/pptpd-options

# TAG: debug # Turns on (more) debugging to syslog #

debug

# TAG: stimeout # Specifies timeout (in seconds) on starting ctrl connection #

# stimeout 10

# TAG: noipparam # Suppress the passing of the client's IP address to PPP, which is # done by default otherwise. #

#noipparam

# TAG: logwtmp # Use wtmp(5) to record client connections and disconnections. #

logwtmp

# TAG: bcrelay <if> # Turns on broadcast relay to clients from interface <if> #

#bcrelay eth1

# TAG: localip # TAG: remoteip # Specifies the local and remote IP address ranges. # # Any addresses work as long as the local machine takes care of the # routing. But if you want to use MS-Windows networking, you should # use IP addresses out of the LAN address space and use the proxyarp # option in the pppd options file, or run bcrelay. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # # (Recommended)

localip хх.хх.хх.хх

remoteip 192.168.20.10-238

# or

#localip 192.168.0.234-238,192.168.0.245

#remoteip 192.168.1.234-238,192.168.1.245

############################################################################### # $Id$ # # Sample Poptop PPP options file /etc/ppp/pptpd-options # Options used by PPP when a connection arrives from a client. # This file is pointed to by /etc/pptpd.conf option keyword. # Changes are effective on the next connection. See «man

pppd». # # You are expected to change this file to suit your system. As # packaged, it requires PPP 2.4.2 and the kernel MPPE module. ###############################################################################

# Authentication

# Name of the local system for authentication purposes # (must match the second field in /etc/ppp/chap-secrets entries)

name pptpd

# Optional: domain name to use for authentication # domain mydomain.net

# Strip the domain prefix from the username before authentication. # (applies if you use pppd with chapms-strip-domain patch)

#chapms-strip-domain

# Encryption # Debian: on systems with a kernel built with the package # kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ... # {{{

refuse-pap

refuse-chap

refuse-mschap # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft # Challenge Handshake Authentication Protocol, Version 2] authentication.

require-mschap-v2 # Require MPPE 128-bit encryption # (note that MPPE requires the use of MSCHAP-V2 during authentication)

require-mppe-128 # }}}

mppe-stateful

# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this # option allows pppd to supply one or two DNS (Domain Name Server) # addresses to the clients. The first instance of this option # specifies the primary DNS address; the second instance (if given) # specifies the secondary DNS address. # Attention! This information may not be taken into account by a Windows # client. See KB311218 in Microsoft's knowledge base for more information.

ms-dns 8.8.8.8

ms-dns 8.8.8.8

# If pppd is acting as a server for Microsoft Windows or «Samba» # clients, this option allows pppd to supply one or two WINS (Windows # Internet Name Services) server addresses to the clients. The first # instance of this option specifies the primary WINS address; the # second instance (if given) specifies the secondary WINS address.

#ms-wins 10.0.0.3

#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol] # table with the IP address of the peer and the Ethernet address of this # system. This will have the effect of making the peer appear to other # systems to be on the local ethernet. # (you do not need this if your PPTP server is responsible for routing # packets to the clients — James Cameron)

proxyarp

# Debian: do not replace the default route

nodefaultroute

# Logging

# Enable connection debugging facilities. # (see your syslog configuration for where pppd sends to)

#debug

# Print out all the option values which have been set. # (often requested by mailing list to verify options)

#dump

# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive # access.

lock

# Disable BSD-Compress compression

nobsdcomp

Хорошо. А теперь включи debug в /etc/ppp/options.pptpd(в pptpd.conf он у тебя уже включён, но это разные опции) и покажи лог в момент возникновения ошибок.

Сегодня вот такая ошибка

GRE: read(fd=6,buffer=805a480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs

это не ошибка, это следствие

Покажи 10 строк от нее сверху и снизу. Например, если там есть подстрока Protocol not available - тогда это проблема с файрволом на клиенте.