*CentOS5(64bit)でpptpd [#c44d8a34]

RIGHT:更新日 &lastmod();

**iptable(ファイアウォール)の設定 [#gbbb1b9d]

-/etc/sysconfig/iptables

 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
 -A INPUT -p icmp -j ACCEPT ←追加
 -A INPUT -i lo -j ACCEPT   ←追加
 -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT ←確認なければ追加
 
 -A INPUT -p gre -j ACCEPT
 -A OUTPUT -p gre -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
 -A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT ←追加
 
 -A INPUT -m state --state NEW -m tcp -p tcp --dport 5080 -j ACCEPT


-クライアント接続時ログ(/var/log/messages)

接続成功時

 Jan  8 19:57:18 gw2 pptpd[1860]: CTRL: Client 180.131.111.189 control connection started
 Jan  8 19:57:18 gw2 pptpd[1860]: CTRL: Starting call (launching pppd, opening GRE)
 Jan  8 19:57:18 gw2 kernel: conntrack: generic helper won't handle protocol 47. Please consider loading the specific helper module.
 Jan  8 19:57:18 gw2 pppd[1861]: Warning: can't open options file /root/.ppprc: Permission denied
 Jan  8 19:57:18 gw2 pppd[1861]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
 Jan  8 19:57:18 gw2 pppd[1861]: pptpd-logwtmp: $Version$
 Jan  8 19:57:18 gw2 kernel: PPP generic driver version 2.4.2
 Jan  8 19:57:18 gw2 pppd[1861]: pppd 2.4.5 started by root, uid 0
 Jan  8 19:57:18 gw2 pppd[1861]: Using interface ppp0
 Jan  8 19:57:18 gw2 pppd[1861]: Connect: ppp0 <--> /dev/pts/1
 Jan  8 19:57:18 gw2 pptpd[1860]: GRE: Bad checksum from pppd.
 Jan  8 19:57:20 gw2 pppd[1861]: peer from calling number 180.131.111.189 authorized
 Jan  8 19:57:20 gw2 pppd[1861]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
 Jan  8 19:57:20 gw2 kernel: PPP MPPE Compression module registered
 Jan  8 19:57:20 gw2 pppd[1861]: MPPE 128-bit stateless compression enabled
 Jan  8 19:57:23 gw2 pppd[1861]: found interface eth0 for proxy arp
 Jan  8 19:57:23 gw2 pppd[1861]: local  IP address 192.168.31.1
 Jan  8 19:57:23 gw2 pppd[1861]: remote IP address 192.168.31.121
 Jan  8 19:57:23 gw2 pppd[1861]: pptpd-logwtmp.so ip-up ppp0 okada-p 180.131.111.189
 Jan  8 19:57:23 gw2 pppd[1895]: Can't execute /etc/ppp/ip-up: Permission denied


**インストール [#y3c4d9d5]

http://poptop.sourceforge.net/yum/stable/packages/からpptpd-1.3.4-1.rhel5.1.x86_64.rpmをDownlaod~

vine4.xにインストールするときはpptpd-1.3.4-1.rhel3.i386.rpmを使用すれば
同じようにインストールできた。

 # rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm

''マシン構成''
 eth1      Link encap:Ethernet  HWaddr 00:00:21:DD:DE:CE
           inet addr:10.1.5.217  Bcast:10.255.255.255  Mask:255.0.0.0
           inet6 addr: fe80::200:21ff:fedd:dece/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:270436 errors:0 dropped:0 overruns:0 frame:0
           TX packets:29742 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0
           RX bytes:63947788 (60.9 MiB)  TX bytes:3462243 (3.3 MiB)
 
 eth1:0    Link encap:Ethernet  HWaddr 00:00:21:DD:DE:CE
           inet addr:192.168.40.1  Bcast:192.168.40.255  Mask:255.255.255.0
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 
**設定 [#aceace6f]
以下の3つのファイルを設定する

''/etc/pptpd.conf''

 option /etc/ppp/options.pptpd  <==オプション記述ファイルの指定(確認)
 
 ##debug
 debug      <==デバッグモードにしておく接続の様子がわかる。
 
 # (Recommended)
 #localip 192.168.0.1
 #remoteip 192.168.0.234-238,192.168.0.245
 # or
 #localip 192.168.0.234-238,192.168.0.245
 #remoteip 192.168.1.234-238,192.168.1.245
 
 localip 192.168.40.1  <=pptpサーバのインターフェイスになるIP
 remoteip 192.168.40.201-220   <=pptpクライアントに配布するIPアドレス範囲


''/etc/ppp/options.pptpd''

 name pptpd   <==サーバネーム
 
 # Enable connection debugging facilities.
 # (see your syslog configuration for where pppd sends to)
 ##debug
 debug     <==デバッグモードにしておく接続の様子がわかる。
 
 # Print out all the option values which have been set.
 # (often requested by mailing list to verify options)
 ##dump
 dump     <==デバッグモードにしておく接続の様子がわかる。


''/etc/ppp/chap-secrets''

接続するユーザおよびパスワードと接続許可アドレスを指定する

 # Secrets for authentication using CHAP
 # client        server  secret                  IP addresses
 ####### redhat-config-network will overwrite this part!!! (begin) ##########
 ####### redhat-config-network will overwrite this part!!! (end) ############
  
 okada  pptpd   [パスワード]     *  <==「*」ですべて許可
       ^^^options.pptpdのサーバネーム


***起動 [#ua28bb2f]

 # /etc/rc.d/init.d/pptpd start

***再起動 [#mfcc4d49]

 # /etc/rc.d/init.d/pptpd restart-kill

&color(red){注)接続がうまくいかなくなったときはrestart-killをしただけでは以下のようなppp0のネットワークが残るので、そのときはstopさせてstartさせる};

 $ netstat -rn
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
 192.168.30.202  0.0.0.0         255.255.255.255 UH        0 0          0 ppp0

そしてそのときは/var/log/messagesに以下のlogがあるかも

 Jan 12 20:58:45 localhost pptpd[5907]: CTRL: Client xxx.xxx.xx.xxx control connection started
 Jan 12 20:58:46 localhost pptpd[5907]: CTRL: Starting call (launching pppd, opening GRE)
 Jan 12 20:58:46 localhost pppd[5908]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
 Jan 12 20:58:46 localhost pppd[5908]: pppd 2.4.4 started by root, uid 0
 Jan 12 20:58:46 localhost pppd[5908]: Using interface ppp0
 Jan 12 20:58:46 localhost pppd[5908]: Connect: ppp0 <--> /dev/pts/1
 Jan 12 20:59:16 localhost pppd[5908]: LCP: timeout sending Config-Requests
 Jan 12 20:59:16 localhost pppd[5908]: Connection terminated.
 Jan 12 20:59:16 localhost pppd[5908]: Modem hangup
 Jan 12 20:59:16 localhost pppd[5908]: Exit.
 Jan 12 20:59:16 localhost pptpd[5907]: GRE: read(fd=6,buffer=611860,len=8196)
 from PTY failed: status = -1 error = Input/output error, usually caused by
 unexpected termination of pppd, check option syntax and pppd logs
 Jan 12 20:59:16 localhost pptpd[5907]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
 Jan 12 20:59:16 localhost pptpd[5907]: CTRL: Client xxx.xxx.xx.xxx control
 connection finished


''IPが2つのときforwardの確認''
 # cat /proc/sys/net/ipv4/ip_forward
 1
必要なら
 # echo 1 > /proc/sys/net/ipv4/ip_forward

**Windowsからの接続 [#nfbfe7fa]

pptp接続で

 ユーザ名:okada
 パスワード:*****

defalutゲートウェイをpptpにしないようにTCP/IPの詳細設定で~
「リモートネットワークでデフォルトゲートウェイを使う」のチェックを外す


**log [#u9212d93]
/var/log/messages

''接続時''

 Jan  8 15:16:52 localhost pptpd[19101]: CTRL: Client 10.99.99.104 control connection started
 Jan  8 15:16:52 localhost pptpd[19101]: CTRL: Starting call (launching pppd, opening GRE)
 Jan  8 15:16:52 localhost pppd[19102]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
 Jan  8 15:16:52 localhost pppd[19102]: pptpd-logwtmp: $Version$
 Jan  8 15:16:52 localhost pppd[19102]: pppd options in effect:
 Jan  8 15:16:52 localhost pppd[19102]: debug            # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: nologfd          # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: dump             # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: plugin /usr/lib64/pptpd/pptpd-logwtmp.so         # (from command line)
 Jan  8 15:16:52 localhost pppd[19102]: require-mschap-v2                # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: refuse-pap               # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: refuse-chap              # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: refuse-mschap            # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: name pptpd               # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: pptpd-original-ip 10.99.99.104           # (from command line)
 Jan  8 15:16:52 localhost pppd[19102]: 115200           # (from command line)
 Jan  8 15:16:52 localhost pppd[19102]: lock             # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: local            # (from command line)
 Jan  8 15:16:52 localhost pppd[19102]: novj             # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: novjccomp                # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: ipparam 10.99.99.104             # (from command line)
 Jan  8 15:16:52 localhost pppd[19102]: nodefaultroute           # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: proxyarp         # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: 192.168.40.1:192.168.40.201              # (from command line)
 Jan  8 15:16:52 localhost pppd[19102]: nobsdcomp                # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: require-mppe-128         # (from /etc/ppp/options.pptpd)
 Jan  8 15:16:52 localhost pppd[19102]: pppd 2.4.4 started by root, uid 0
 Jan  8 15:16:52 localhost pppd[19102]: Using interface ppp0
 Jan  8 15:16:52 localhost pppd[19102]: Connect: ppp0 <--> /dev/pts/6
 Jan  8 15:16:52 localhost pptpd[19101]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
 Jan  8 15:16:52 localhost pppd[19102]: MPPE 128-bit stateless compression enabled
 Jan  8 15:16:54 localhost pppd[19102]: found interface eth1 for proxy arp
 Jan  8 15:16:54 localhost pppd[19102]: local  IP address 192.168.40.1
 Jan  8 15:16:54 localhost pppd[19102]: remote IP address 192.168.40.201
 Jan  8 15:16:54 localhost pppd[19102]: pptpd-logwtmp.so ip-up ppp0 okada 10.99.99.104
 Jan  8 15:16:56 localhost setroubleshoot:      SELinux is
 preventing /usr/sbin/pppd (pppd_t) "write" access to wtmp (wtmp_t).      For
 complete SELinux messages. run sealert -l 30ea44bd-6549-4baa-b00b-7c6388bbfdca


''切断時''
 Jan  8 14:45:39 localhost pppd[8407]: LCP terminated by peer (^Dj1^G^@<M-
 Mt^@^@^@^@)
 Jan  8 14:45:39 localhost pppd[8407]: Connect time 3.0 minutes.
 Jan  8 14:45:39 localhost pppd[8407]: Sent 0 bytes, received 15626 bytes.
 Jan  8 14:45:39 localhost pppd[8407]: Modem hangup
 Jan  8 14:45:39 localhost pppd[8407]: Connection terminated.
 Jan  8 14:45:40 localhost pppd[8407]: Exit.
 Jan  8 14:45:40 localhost pptpd[8406]: CTRL: Client 10.99.99.100 control 
 connection finished
 Jan  8 14:45:41 localhost setroubleshoot:      SELinux is  
 preventing /usr/sbin/pppd (pppd_t) "write" access to wtmp (wtmp_t).      For
 complete SELinux messages. run sealert -l 30ea44bd-6549-4baa-b00b-7c6388bbfdca

''サーバから接続様子の確認''~
2台のクライアントからの接続様子それぞれに割り振られたIPが192.168.40.201と192.168.40.202

 $ /sbin/ifconfig ppp0
 ppp0      リンク方法:Point-to-Pointプロトコル
           inetアドレス:192.168.40.1 P-t-P:192.168.40.201  マスク:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
           RXパケット:46 エラー:0 損失:0 オーバラン:0 フレーム:0
           TXパケット:8 エラー:0 損失:0 オーバラン:0 キャリア:0
           衝突(Collisions):0 TXキュー長:3
           RX bytes:4788 (4.6 Kb)  TX bytes:92 (92.0 b)
 
 $ /sbin/ifconfig ppp1
 ppp1      リンク方法:Point-to-Pointプロトコル
           inetアドレス:192.168.40.1 P-t-P:192.168.40.202  マスク:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
           RXパケット:36 エラー:0 損失:0 オーバラン:0 フレーム:0
           TXパケット:8 エラー:0 損失:0 オーバラン:0 キャリア:0
           衝突(Collisions):0 TXキュー長:3
           RX bytes:3940 (3.8 Kb)  TX bytes:92 (92.0 b)
 
 $ /sbin/ifconfig ppp2
 ppp2: error fetching interface information: デバイスが見つかりません

----------

またセキュリティ上chapms-v2のみを使用し、暗号かも128ビットのmppeの確認をプロパティの詳細から確認する

''WindowsXP''~
&ref(pptpd.png);

''Windows Vista''~
&ref(pptpd2.png);

***Android(6.x)で接続 [#obb5374b]

-設定⇒もっと見る⇒VPN

&ref("./android_pptp.jpg");




トップ   編集 差分 バックアップ 添付 複製 名前変更 リロード   新規 一覧 単語検索 最終更新   ヘルプ   最終更新のRSS