pptpd连接故障问题求教

Ruclinux

日志如下：

Aug 16 05:10:23 JiaYuBlog ipsec_setup: Stopping Openswan IPsec...
Aug 16 05:10:24 JiaYuBlog ipsec_setup: ...Openswan IPsec stopped
Aug 16 05:10:24 JiaYuBlog ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.32-openvz-042stab090.5-amd64...
Aug 16 05:10:24 JiaYuBlog ipsec_setup: Using NETKEY(XFRM) stack
Aug 16 05:10:24 JiaYuBlog ipsec_setup: multiple ip addresses, using  127.0.0.1 on venet0
Aug 16 05:10:24 JiaYuBlog ipsec_setup: ...Openswan IPsec started
Aug 16 05:10:24 JiaYuBlog ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Aug 16 05:10:24 JiaYuBlog pluto: adjusting ipsec.d to /etc/ipsec.d
Aug 16 05:10:25 JiaYuBlog ipsec__plutorun: 003 no secrets filename matched "/etc/ipsec.d/*.secrets"
Aug 16 05:10:25 JiaYuBlog ipsec__plutorun: 003 "/etc/ipsec.secrets" line 2: PSK data malformed (input does not begin with format prefix): *********
Aug 16 05:11:17 JiaYuBlog pptpd[1356]: MGR: Maximum of 100 connections reduced to 6, not enough IP addresses given
Aug 16 05:11:17 JiaYuBlog pptpd[1357]: MGR: Manager process started
Aug 16 05:11:17 JiaYuBlog pptpd[1357]: MGR: Maximum of 6 connections available
Aug 16 05:15:16 JiaYuBlog pptpd[1375]: MGR: Maximum of 100 connections reduced to 6, not enough IP addresses given
Aug 16 05:15:16 JiaYuBlog pptpd[1376]: MGR: Manager process started
Aug 16 05:15:16 JiaYuBlog pptpd[1376]: MGR: Maximum of 6 connections available
Aug 16 05:16:08 JiaYuBlog pptpd[1409]: MGR: Maximum of 100 connections reduced to 6, not enough IP addresses given
Aug 16 05:16:08 JiaYuBlog pptpd[1410]: MGR: Manager process started
Aug 16 05:16:08 JiaYuBlog pptpd[1410]: MGR: Maximum of 6 connections available

配置如下：

###############################################################################
# $Id: pptpd.conf,v 1.11 2011/05/19 00:02:50 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################

# TAG: ppp
#        Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
#        Specifies the location of the PPP options file.
#        By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd

# TAG: debug
#        Turns on (more) debugging to syslog
#
#debug

# TAG: stimeout
#        Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
#       Suppress the passing of the client's IP address to PPP, which is
#       done by default otherwise.
#
#noipparam

# TAG: logwtmp
#        Use wtmp(5) to record client connections and disconnections.
#
logwtmp

# TAG: vrf <vrfname>
#        Switches PPTP & GRE sockets to the specified VRF, which must exist
#        Only available if VRF support was compiled into pptpd.
#
#vrf test

# TAG: bcrelay <if>
#        Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1

# TAG: delegate
#        Delegates the allocation of client IP addresses to pppd.
#
#       Without this option, which is the default, pptpd manages the list of
#       IP addresses for clients and passes the next free address to pppd.
#       With this option, pptpd does not pass an address, and so pppd may use
#       radius or chap-secrets to allocate an address.
#
#delegate

# TAG: connections
#       Limits the number of client connections that may be accepted.
#
#       If pptpd is allocating IP addresses (e.g. delegate is not
#       used) then the number of connections is also limited by the
#       remoteip option.  The default is 100.
connections 100

# TAG: localip
# TAG: remoteip
#        Specifies the local and remote IP address ranges.
#
#        These options are ignored if delegate option is set.
#
#       Any addresses work as long as the local machine takes care of the
#       routing.  But if you want to use MS-Windows networking, you should
#       use IP addresses out of the LAN address space and use the proxyarp
#       option in the pppd options file, or run bcrelay.
#
#        You can specify single IP addresses seperated by commas or you can
#        specify ranges, or both. For example:
#
#                192.168.0.234,192.168.0.245-249,192.168.0.254
#
#        IMPORTANT RESTRICTIONS:
#
#        1. No spaces are permitted between commas or within addresses.
#
#        2. If you give more IP addresses than the value of connections,
#           it will start at the beginning of the list and go until it
#           gets connections IPs.  Others will be ignored.
#
#        3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#           you must type 234-238 if you mean this.
#
#        4. If you give a single localIP, that's ok - all local IPs will
#           be set to the given one. You MUST still give at least one remote
#           IP for each simultaneous client.
#
# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

iptables转发如下：

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 192.168.40.128/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.40.128/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
iptables -A INPUT -p tcp --dport 1194 -j ACCEPT
iptables -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --dport 47 -j ACCEPT
iptables -A INPUT -p tcp --dport 2009 -j ACCEPT
iptables -A INPUT -p udp --dport 2009 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 10.8.0.20/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 10.8.0.1/24 -j SNAT --to-source 201.123.123.10
iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -j SNAT --to-source 201.123.123.10
/etc/init.d/iptables save
service iptables restart

service pptpd restart 出错如下：

Warning: a pptpd restart does not terminate existing
connections, so new connections may be assigned the same IP
address and cause unexpected results.  Use restart-kill to
destroy existing connections during a restart.

谢谢了.

h0stl0c

remoteip 192.168.0.234-238,192.168.0.245

ip太少了，改为：
remoteip 192.168.0.2-200

另外，不要用 192.168.0.x 1.x 2.x 这种ip，可能有冲突。

Ruclinux

lxqfff 发表于 2014-8-16 07:45
service pptpd restart-kill  ？

service pptpd restart-kill
service pptpd start
没有效果，谢谢

Ruclinux

h0stl0c 发表于 2014-8-16 12:04
remoteip 192.168.0.234-238,192.168.0.245

ip太少了，改为：

192.168.2.4

没有效果，谢谢，以前没有这种情况，升级过后就这样了，会不会与内核有关？

Ruclinux

[root@JiaYuBlog ~]# modprobe ppp-compress-18 && echo ok
FATAL: Could not load /lib/modules/2.6.32-openvz-042stab090.5-amd64/modules.dep: No such file or directory
[root@JiaYuBlog ~]# cat /dev/net/tun
cat: /dev/net/tun: 文件描述符处于错误状态

是不是与母鸡有关？ 谢谢了

h0stl0c

Ruclinux 发表于 2014-8-16 12:27
[root@JiaYuBlog ~]# modprobe ppp-compress-18 && echo ok
FATAL: Could not load /lib/modules/2.6.32-op ...

从log看不是，但难说。
换个机器试试看咯。

Ruclinux

继续求助，谢谢

walkman660

remoteip 192.168.0.234-238,192.168.0.245
Maximum of 100 connections reduced to 6, not enough IP addresses given

Ruclinux

h0stl0c 发表于 2014-8-16 12:04
remoteip 192.168.0.234-238,192.168.0.245

ip太少了，改为：

我将192.168这类改成10.0这类的也不行，IP已经在段里隔开一百多位了，然后iptables转发也更新了规则，但就是连接不了，open扶墙可以连接但却上不了网.