I contacted Linux a couple of weeks ago, so maybe I don’t know anything else. The situation is this: in a virtual machine, Centos 7 , a VPN connection via pptp is not established. According to the logs, I could understand / fix something, something - no. Below are the settings and logs that I made:

chap-secrets

 # client server secret IP addresses mylogin * mypassword *

/ etc / ppp / peers / myvpn

 pty "pptp vpn.campus.kharkov.ua --nolaunchpppd --debug" user mylogin password "mypassword" #remotename pptp file /etc/ppp/options.pptp lock nodeflate nobsdcomp noauth nopcomp noaccomp

Options.pptp

+ ################################################# ##############################

 # $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $ # # Sample PPTP PPP options file /etc/ppp/options.pptp # Options used by PPP when a connection is made by a PPTP client. # This file can be referred to by an /etc/ppp/peers file for the tunnel. # Changes are effective on the next connection. See "man pppd". # You are expected to change this file to suit your system. As # packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/ # and the kernel MPPE module available from the CVS repository also on # http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe. # Lock the port lock # Authentication # We don't need the tunnel server to authenticate itself noauth # We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2 # (you may need to remove these refusals if the server is not using MPPE) #refuse-pap #refuse-eap #refuse-chap #refuse-mschap #refuse-mschap-v2 # Compression # Turn off compression protocols we know won't be used nobsdcomp nodeflate persist # Encryption # (There have been multiple versions of PPP with encryption support, # choose which of the following sections you will use. Note that MPPE # requires the use of MSCHAP-V2 during authentication) # # Note that using PPTP with MPPE and MSCHAP-V2 should be considered # insecure: # http://marc.info/?l=pptpclient-devel&m=134372640219039&w=2 # https://github.com/moxie0/chapcrack/blob/master/README.md # http://technet.microsoft.com/en-us/security/advisory/2743314 # http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o # If the kernel is booted in FIPS mode (fips=1), the ppp_mppe.ko module # is not allowed and PPTP-MPPE is not available. # {{{ # Require MPPE 128-bit encryption #require-mppe-128 require-mschap-v2 # }}} # http://mppe-mppc.alphacron.de/ fork from PPP project by Jan Dubiec # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o # {{{ # Require MPPE 128-bit encryption #mppe required,stateless # }}}

After starting (pppd call myvpn) tail -f /var/log/messages

 Jul 27 23:28:27 Sanduka pppd[2982]: LCP: timeout sending Config-Requests Jul 27 23:28:27 Sanduka pppd[2982]: Connection terminated. Jul 27 23:28:27 Sanduka pppd[2982]: Modem hangup Jul 27 23:28:27 Sanduka pptp[2995]: anon warn[decaps_hdlc:pptp_gre.c:217]: short read (-1): Input/output error Jul 27 23:28:27 Sanduka pptp[2995]: anon warn[decaps_hdlc:pptp_gre.c:229]: pppd may have shutdown, see pppd log Jul 27 23:28:27 Sanduka pptp[3003]: anon log[callmgr_main:pptp_callmgr.c:242]: Closing connection (unhandled) Jul 27 23:28:27 Sanduka pptp[3003]: anon log[ctrlp_rep:pptp_ctrl.c:254]: Sent control packet type is 12 'Call-Clear-Request' Jul 27 23:28:27 Sanduka pptp[3003]: anon log[call_callback:pptp_callmgr.c:81]: Closing connection (call state) Jul 27 23:28:27 Sanduka pppd[2982]: Using interface ppp0 Jul 27 23:28:27 Sanduka pppd[2982]: Connect: ppp0 <--> /dev/pts/2 Jul 27 23:28:27 Sanduka NetworkManager[650]: <info> (ppp0): new Generic device (driver: 'unknown' ifindex: 16) Jul 27 23:28:27 Sanduka NetworkManager[650]: <info> (ppp0): exported as /org/freedesktop/NetworkManager/Devices/15 Jul 27 23:28:27 Sanduka pptp[3007]: anon log[main:pptp.c:333]: The synchronous pptp option is NOT activated Jul 27 23:28:27 Sanduka pptp[3015]: anon log[ctrlp_rep:pptp_ctrl.c:254]: Sent control packet type is 1 'Start-Control-Connection-Request' Jul 27 23:28:27 Sanduka pptp[3015]: anon log[ctrlp_disp:pptp_ctrl.c:754]: Received Start Control Connection Reply Jul 27 23:28:27 Sanduka pptp[3015]: anon log[ctrlp_disp:pptp_ctrl.c:788]: Client connection established. Jul 27 23:28:28 Sanduka pptp[3015]: anon log[ctrlp_rep:pptp_ctrl.c:254]: Sent control packet type is 7 'Outgoing-Call-Request' Jul 27 23:28:28 Sanduka pptp[3015]: anon log[ctrlp_disp:pptp_ctrl.c:873]: Received Outgoing Call Reply. Jul 27 23:28:28 Sanduka pptp[3015]: anon log[ctrlp_disp:pptp_ctrl.c:912]: Outgoing call established (call ID 0, peer's call ID 11291).

I tried to configure via KDE (nm-connection-editor, is it possible to configure it at all in this way?), For which I received such a message.

screenshot

As a result, suspicions fell upon the fact that the core lacks either drivers or modules. But my experience in this matter is scanty. I ask those who know: what is wrong and how to fix it?

    2 answers 2

    1. You should not shine your account with a password for the whole world, even if it is campus :) I highly recommend changing the password as compromised!

    2. To raise the tunnel you need two files: / etc / ppp / peers / KHARKOV

       # cat /etc/ppp/peers/KHARKOV pty "pptp vpn.campus.kharkov.ua --nolaunchpppd" lock noauth nobsdcomp nodeflate name vasnievda remotename KHARKOV ipparam KHARKOV refuse-pap refuse-eap refuse-chap

    3

      # cat /etc/ppp/chap-secrets vasnievda KHARKOV "mysecretpasswd" *

    1. At the same time, it is also necessary to allow gre in the firewall, and not to forget that this may not be eth0 at all, since this is the seventh version of Centos :) Naturally, all this is done from the root!

       # iptables --insert OUTPUT 1 --source 0.0.0.0/0.0.0.0 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --protocol gre --out-interface eth0 # iptables --insert INPUT 1 --source 0.0.0.0/0.0.0.0 --destination 0.0.0.0/0.0.0.0 --jump ACCEPT --protocol gre --in-interface eth0

    2. Approximate log:

       Jul 28 12:21:08 myserver pppd[15902]: pppd 2.4.5 started by root, uid 0 Jul 28 12:21:08 myserver pppd[15902]: Using interface ppp0 Jul 28 12:21:08 myserver pppd[15902]: Connect: ppp0 <--> /dev/pts/3 Jul 28 12:21:08 myserver pptp[15903]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated Jul 28 12:21:08 myserver pptp[15911]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request' Jul 28 12:21:08 myserver pptp[15911]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply Jul 28 12:21:08 myserver pptp[15911]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established. Jul 28 12:21:09 myserver pptp[15911]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request' Jul 28 12:21:09 myserver pptp[15911]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply. Jul 28 12:21:09 myserver pptp[15911]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 11305). Jul 28 12:21:10 myserver pppd[15902]: CHAP authentication succeeded Jul 28 12:21:10 myserver pppd[15902]: CCP terminated by peer (No compression negotiated) Jul 28 12:21:10 myserver pppd[15902]: Compression disabled by peer. Jul 28 12:21:10 myserver pppd[15902]: local IP address yyy.yyy.yyy.yyy Jul 28 12:21:10 myserver pppd[15902]: remote IP address xxx.xxx.xxx.xxx

    Once again: I highly recommend changing the password as compromised!

    • one
      at one time, the collective mind unixforum.org (then still bearing the original name linuxforum.ru, subsequently pilfered from the forum staff by the nominal owner of the domain) constituted a universal instruction . it is mirrored in many places (right up to wiki.debian.org ), easily found under the heading “Just about the complex. VPN for beginners. - aleksandr barakin
    • O MIRACLE, THANK YOU VERY MUCH !!! And at the expense of the login passwords, while I edited, I forgot to change it, I hid it in chap-secrets, no more. Thanks again! - Sanduka

    I will add the previous speaker

    Setting up a VPN клиента connection in CentOS 7

    to VPN Серверу on Windows

    The following packages must be installed beforehand: yum install ppp pptp

    1. the contents of the file / etc / ppp / peers / harkiv_vpn

       # pty "pptp xxx.xxx.xxx.xxx --nolaunchpppd" # можно по IP-адресу pty "pptp vpn.campus.harkiv.ua --nolaunchpppd" lock noauth nobsdcomp nodeflate nodefaultroute usepeerdns name user_name remotename harkiv_vpn ipparam harkiv_vpn refuse-pap refuse-eap refuse-chap refuse-mschap require-mppe nomppe-stateful

    2. the contents of the file / etc / ppp / chap-secrets

       # Secrets for authentication using CHAP # client server secret IP addresses user_name harkiv_vpn "user_password_in_dblquotes" *

    3. create start_vpn1.sh script

       systemctl stop firewalld # останавливаем фаервол pppd call harkiv_vpn # запускаем VPN-соединение # pppd call megarvpn debug nodetach # для запуска VPN вручную

    After running this script, a VPN connection is raised, but the Шлюз in it is taken from the current network connection, and not from a remote VPN-сервера . We fix:

    1. the contents of the file /etc/resolv.conf

       # Generated by NetworkManager search harkiv.local nameserver zzz.zzz.zzz.zzz # Шлюз удаленного VPN сервера <- нужно добавить nameserver xxx.xxx.xxx.xxx # DNS1 сетевого подключения nameserver yyy.yyy.yyy.yyy # DNS2 сетевого подключения

    2. create start_vpn2.sh script

       cp resolv.conf /etc/ route add -net 10.0.0.0 netmask 255.0.0.0 gw zzz.zzz.zzz.zzz

    After launching the second script, resources of the remote VPN server become available to us.

    How to turn off all this, to return to its original state?

    1. create a script stop_vpn.sh

       pkill pptp # останавливаем VPN подключение systemctl start firewalld # запускаем фаервол systemctl restart network # перезапуск службы пересоздает файл resolv.conf