pppd“对等方拒绝认证”

Question

我已经配置了一个可以工作的pptpd+pppd服务器，该服务器目前有两个Windows7客户端成功连接。然而，当我试图连接一个linux客户机时，我得到了一个非常奇怪的交换，在服务器端和客户端都以“对等拒绝身份验证”结束。

这是来自服务器的日志：

pppd[8205]: using channel 51
pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP EchoReq id=0x0 magic=0x20b0750f]
pppd[8205]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[8205]: rcvd [LCP EchoReq id=0x0 magic=0x23d6bed3]
pppd[8205]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[8205]: sent [LCP TermAck id=0x3]
pppd[8205]: rcvd [LCP TermAck id=0x3]
pptpd[8204]: CTRL: Reaping child PPP[8205]

这是客户端的日志：

pppd[12077]: pppd options in effect:
pppd[12077]: debug               # (from command line)
pppd[12077]: holdoff 10          # (from /etc/ppp/peers/home1)
pppd[12077]: persist             # (from /etc/ppp/peers/home1)
pppd[12077]: dump                # (from command line)
pppd[12077]: require-mschap-v2           # (from /etc/ppp/peers/home1)
pppd[12077]: refuse-pap          # (from /etc/ppp/peers/home1)
pppd[12077]: refuse-mschap               # (from /etc/ppp/peers/home1)
pppd[12077]: name <redacted>          # (from /etc/ppp/peers/home1)
pppd[12077]: remotename <redacted>             # (from /etc/ppp/peers/home1)
pppd[12077]:             # (from /etc/ppp/options)
pppd[12077]: pty pptp <redacted> --nolaunchpppd                # (from /etc/ppp/peers/home1)
pppd[12077]: crtscts             # (from /etc/ppp/options)
pppd[12077]:             # (from /etc/ppp/options)
pppd[12077]: asyncmap 0          # (from /etc/ppp/options)
pppd[12077]: lcp-echo-failure 4          # (from /etc/ppp/options)
pppd[12077]: lcp-echo-interval 30                # (from /etc/ppp/options)
pppd[12077]: hide-password               # (from /etc/ppp/options)
pppd[12077]: proxyarp            # (from /etc/ppp/options)
pppd[12077]: nobsdcomp           # (from /etc/ppp/peers/home1)
pppd[12077]: nodeflate           # (from /etc/ppp/peers/home1)
pppd[12077]: nomppe              # (from /etc/ppp/peers/home1)
pppd[12077]: noipx               # (from /etc/ppp/options)
pppd[12078]: pppd 2.4.5 started by <redacted>, uid 0
pppd[12078]: using channel 12
pppd[12078]: Using interface ppp0
pppd[12078]: Connect: ppp0 <--> /dev/pts/14
pptp[12079]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pptp[12086]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
pptp[12086]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 1920).
pppd[12078]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: No auth is possible
pppd[12078]: sent [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[12078]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: sent [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[12078]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: rcvd [LCP ConfNak id=0x1 <auth pap>]
pppd[12078]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[12078]: sent [LCP EchoReq id=0x0 magic=0x23d6bed3]
pppd[12078]: peer refused to authenticate: terminating link
pppd[12078]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[12078]: rcvd [LCP EchoReq id=0x0 magic=0x20b0750f]
pppd[12078]: rcvd [LCP TermReq id=0x3 "peer refused to authenticate"]
pppd[12078]: sent [LCP TermAck id=0x3]
pppd[12078]: rcvd [LCP TermAck id=0x3]
pppd[12078]: Connection terminated.

我对这些行(从服务器日志中)感到非常困惑：

pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]

如果我读取正确，服务器请求mschap-v2auth，那么客户机拒绝这个请求(为什么？)；在此之后，客户机请求mschap-v2auth，然后服务器拒绝pap (wtf?)导致双方的同龄人都不适应和连接失败。

有人能说明一下这里发生了什么吗？

Answer 1

弄明白了。

问题是在客户端为pppd提供了"auth“和”request-mschap-v2“选项。显然，只有服务器端必须配置为向配置为不请求任何类型auth的客户端请求身份验证。所发生的情况是客户端要求服务器对自身进行身份验证，但失败了。

Answer 2

我希望我的经历能帮助其他人来到这里。

当我得到这样的交流调度时，我发现的问题最常见的原因是：

pppd[8205]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfRej id=0x1 <auth chap MS-v2>]
pppd[8205]: sent [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfAck id=0x2 <asyncmap 0x0> <magic 0x20b0750f> <pcomp> <accomp>]
pppd[8205]: rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x23d6bed3> <pcomp> <accomp>]
pppd[8205]: sent [LCP ConfNak id=0x1 <auth pap>]
pppd[8205]: rcvd [LCP ConfReq id=0x2 <asyncmap 0x0> <magic 0x23d6bed3> <pcomp> <accomp>]

..。GRE数据包未正确到达目的地。

注意日志中的sent和rcvd行:有某种类型的通信，但还不够。

许多路由器不允许GRE数据包(PPTP上强制的)穿越它们，但大多数路由器有一些选项来启用/禁用GRE数据包。

在我的例子中(NetGear Genie CG3100D电缆调制解调器)，您可以解决它的检查：

Advanced --> Advanced Configuration --> Services -> PPTP PassThrough