LINUX.ORG.RU
решено ФорумAdmin

PPTP не заводится на Arch

 , , , ,


0

2

Суть

В мою глушь наконец-то завели оптоволокно и подключили мой дом.

Роутер работает на Arch Linux (не спрашивайте зачем, надо).

Проблема одна: PPTP.

pptpclient никак не хочет подключаться по CHAP MD5:

rcvd [LCP ConfReq id=0x1 <auth chap MD5> <mru 1436> <magic 0x5e9f9414>]
No auth is possible
sent [LCP ConfRej id=0x1 <auth chap MD5>]

В чём может быть проблема?

Логи:

root@Chiruno:~# pon wan debug dump logfd 2 nodetach
pppd options in effect:
debug           # (from command line)
nodetach                # (from command line)
logfd 2         # (from command line)
ifname wan              # (from /etc/ppp/peers/wan)
dump            # (from command line)
noauth          # (from /etc/ppp/options.pptp)
refuse-pap              # (from /etc/ppp/options.pptp)
                # (from /etc/ppp/options)
                # (from /etc/ppp/options.pptp)
refuse-mschap-v2                # (from /etc/ppp/options.pptp)
refuse-eap              # (from /etc/ppp/options.pptp)
name юзернейм           # (from /etc/ppp/peers/wan)
remotename PPTP         # (from /etc/ppp/options.pptp)
                # (from /etc/ppp/options.pptp)
pty /usr/sbin/pptp pptp.провайдера --nolaunchpppd          # (from /etc/ppp/peers/wan)
ipparam $TUNNEL         # (from /etc/ppp/peers/wan)
defaultroute            # (from /etc/ppp/peers/wan)
replacedefaultroute             # (from /etc/ppp/peers/wan)
nobsdcomp               # (from /etc/ppp/options)
nodeflate               # (from /etc/ppp/options)
using channel 672
Using interface wan
Connect: wan <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6fec8267> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x1 <auth chap MD5> <mru 1436> <magic 0x5e9f9414>]
No auth is possible
sent [LCP ConfRej id=0x1 <auth chap MD5>]
rcvd [LCP ConfRej id=0x1 <asyncmap 0x0> <pcomp> <accomp>]
sent [LCP ConfReq id=0x2 <magic 0x6fec8267>]
rcvd [LCP ConfReq id=0x2 <auth chap MD5> <mru 1436> <magic 0x5e9f9414>]
No auth is possible
sent [LCP ConfRej id=0x2 <auth chap MD5>]
Modem hangup
Connection terminated.
Script /usr/sbin/pptp pptp.провайдера --nolaunchpppd finished (pid 40392), status = 0x0

Конфиг

/etc/ppp/options.pptp

###############################################################################
# $Id: options.pptp,v 1.4 2012/08/30 21:34:13 quozl Exp $
#
# Sample PPTP PPP options file /etc/ppp/options.pptp
# Options used by PPP when a connection is made by a PPTP client.
# This file can be referred to by an /etc/ppp/peers file for the tunnel.
# Changes are effective on the next connection.  See "man pppd".
#
# You are expected to change this file to suit your system.  As
# packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/
# and the kernel MPPE module available from the CVS repository also on
# http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.
###############################################################################

# Lock the port
lock

# Authentication
# We don't need the tunnel server to authenticate itself
noauth

# We won't do PAP, EAP, MSCHAP or MSCHAP-V2 but we will accept CHAP
# (you may need to remove these refusals if the server is not using MPPE)
refuse-pap
refuse-eap
refuse-mschap
refuse-mschap-v2

remotename PPTP

# Compression
# Turn off compression protocols we know won't be used
#nobsdcomp
#nodeflate

# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose which of the following sections you will use.  Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
#
# Note that using PPTP with MPPE and MSCHAP-V2 should be considered
# insecure:
# http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2
# https://github.com/moxie0/chapcrack/blob/master/README.md
# http://technet.microsoft.com/en-us/security/advisory/2743314

# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module
# is not allowed and PPTP-MPPE is not available.
# {{{
# Require MPPE 128-bit encryption
#require-mppe-128
# }}}

# http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
#mppe required,stateless
# }}}

/etc/ppp/peers/wan

pty "/usr/sbin/pptp pptp.провайдера --nolaunchpppd"
name юзернейм
remotename PPTP
require-chap
file /etc/ppp/options.pptp
ifname wan
ipparam $TUNNEL
defaultroute
replacedefaultroute

/etc/ppp/chap-secrets

# user          remote  secret          IP addresses
"юзернейм"      PPTP    "пароль тут"    *


Последнее исправление: toxamactep (всего исправлений: 4)
Posftix+Dovecot перестали принимать почту
Не даёт сделать снимок

Ответ на: комментарий от toxamactep

Добавлю, пожалуй, содержимое PBK-файла (с которым всё работает):

[PPTP провайдера]
Encoding=1
PBVersion=5
Type=2
AutoLogon=0
UseRasCredentials=1
LowDateTime=2122997424
HighDateTime=31117806
DialParamsUID=1163828
Guid=9DCFBB15CEA33145B61D7CD776A1634F
VpnStrategy=1
ExcludedProtocols=0
LcpExtensions=1
DataEncryption=8
SwCompression=1
NegotiateMultilinkAlways=0
SkipDoubleDialDialog=0
DialMode=0
OverridePref=15
RedialAttempts=3
RedialSeconds=60
IdleDisconnectSeconds=0
RedialOnLinkFailure=1
CallbackMode=0
CustomDialDll=
CustomDialFunc=
CustomRasDialDll=
ForceSecureCompartment=0
DisableIKENameEkuCheck=0
AuthenticateServer=0
ShareMsFilePrint=0
BindMsNetClient=0
SharedPhoneNumbers=0
GlobalDeviceSettings=0
PrerequisiteEntry=
PrerequisitePbk=
PreferredPort=VPN4-0
PreferredDevice=WAN Miniport (PPTP)
PreferredBps=0
PreferredHwFlow=1
PreferredProtocol=1
PreferredCompression=1
PreferredSpeaker=1
PreferredMdmProtocol=0
PreviewUserPw=1
PreviewDomain=1
PreviewPhoneNumber=0
ShowDialingProgress=1
ShowMonitorIconInTaskBar=1
CustomAuthKey=0
AuthRestrictions=32
IpPrioritizeRemote=1
IpInterfaceMetric=0
IpHeaderCompression=0
IpAddress=0.0.0.0
IpDnsAddress=0.0.0.0
IpDns2Address=0.0.0.0
IpWinsAddress=0.0.0.0
IpWins2Address=0.0.0.0
IpAssign=1
IpNameAssign=1
IpDnsFlags=0
IpNBTFlags=1
TcpWindowSize=0
UseFlags=2
IpSecFlags=0
IpDnsSuffix=
Ipv6Assign=1
Ipv6Address=::
Ipv6PrefixLength=0
Ipv6PrioritizeRemote=1
Ipv6InterfaceMetric=0
Ipv6NameAssign=1
Ipv6DnsAddress=::
Ipv6Dns2Address=::
Ipv6Prefix=0000000000000000
Ipv6InterfaceId=0000000000000000
DisableClassBasedDefaultRoute=0
DisableMobility=0
NetworkOutageTime=0
IDI=
IDR=
ImsConfig=0
IdiType=0
IdrType=0
ProvisionType=0
PreSharedKey=
CacheCredentials=1
NumCustomPolicy=0
NumEku=0
UseMachineRootCert=0
Disable_IKEv2_Fragmentation=0
NumServers=0
RouteVersion=1
NumRoutes=0
NumNrptRules=0
AutoTiggerCapable=0
NumAppIds=0
NumClassicAppIds=0
SecurityDescriptor=
ApnInfoProviderId=
ApnInfoUsername=
ApnInfoPassword=
ApnInfoAccessPoint=
ApnInfoAuthentication=1
ApnInfoCompression=0
DeviceComplianceEnabled=0
DeviceComplianceSsoEnabled=0
DeviceComplianceSsoEku=
DeviceComplianceSsoIssuer=
FlagsSet=0
Options=0
DisableDefaultDnsSuffixes=0
NumTrustedNetworks=0
NumDnsSearchSuffixes=0
PowershellCreatedProfile=0
ProxyFlags=0
ProxySettingsModified=0
ProvisioningAuthority=
AuthTypeOTP=0
GREKeyDefined=0
NumPerAppTrafficFilters=0
AlwaysOnCapable=0
DeviceTunnel=0
PrivateNetwork=0

NETCOMPONENTS=
ms_server=0
ms_msclient=0
ms_psched=1
cntx_vpcnets2=1

MEDIA=rastapi
Port=VPN4-0
Device=WAN Miniport (PPTP)

DEVICE=vpn
PhoneNumber=pptp.провайдера
AreaCode=
CountryCode=0
CountryID=0
UseDialingRules=0
Comment=
FriendlyName=
LastSelectedPhone=0
PromoteAlternates=0
TryNextAlternateOnFail=1
toxamactep
() автор топика
Posftix+Dovecot перестали принимать почту
Admin
Не даёт сделать снимок