python pptp拨号_Linux下PPTP拨号失败

各路高手好啊，最近折腾一个Linxu下PPTP拨号的奇怪问题，请大家帮忙帮忙。

先说背景：最近开发某Linux下爬虫程序，需要通过PPTP拨号不断切换IP避免被封。

拿到手的PPTP服务在osx［MBA＋OSX 10.11.3］和win［VirtualBox＋WinXP］下测试都没有问题，可以正常连上，正常上网。

但在Linux下面却接二连三出现问题，我曾尝试过几种发行版：

(a)Ubuntu 14.04 LTS (pppd 2.4.6) ［virtualbox／openstack］

(b)CentOS 7 (pppd 2.4.5) ［openstack］

(c)Amazon Linux (pppd 2.4.5) ［aws］

(d)Kali 4.0 Linux (pppd 2.4.6) ［virtualbox］

在Linux下，一律用yum／apt命令更新到最新版，然后统一使用pptpsetup来配置拨号参数

pptpsetup --create cndx --server $PPTPSERVER --username $USERNAME --password $PASSWORD --encrypt

然后用pppd自带的pon命令建立连接，并加上调试参数

pon cndx debug dump logfd 2 nodetach

好了，说这么多，终于要进入正题：

经过测试，只有(c)(d)能正常连上VPN，用ifconfig可以看到ppp0的IP信息。但用curl命令测试，只有(d)能正常上网:

curl --interface ppp0 'http://www.163.com' > /dev/null

(c)无法上网怀疑和大防火墙有关，这里不作深入讨论。

(a)和(b)的典型失败日志：

pppd options in effect:

debug # (from command line)

nodetach # (from command line)

logfd 2 # (from command line)

dump # (from command line)

noauth # (from /etc/ppp/peers/cndx)

name holyung # (from /etc/ppp/peers/cndx)

remotename cndx # (from /etc/ppp/peers/cndx)

# (from /etc/ppp/peers/cndx)

pty pptp XXX.com --nolaunchpppd # (from /etc/ppp/peers/cndx)

ipparam cndx # (from /etc/ppp/peers/cndx)

nobsdcomp # (from /etc/ppp/peers/cndx)

nodeflate # (from /etc/ppp/peers/cndx)

require-mppe-128 # (from /etc/ppp/peers/cndx)

using channel 3

Using interface ppp0

Connect: ppp0 /dev/pts/1

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

sent [LCP ConfReq id=0x1 ]

LCP: timeout sending Config-Requests

Connection terminated.

Modem hangup

Waiting for 1 child processes...

script pptp XXX.com --nolaunchpppd, pid 16550

Script pptp XXX.com --nolaunchpppd finished (pid 16550), status = 0x0

而成功的日志大概长这样

pppd options in effect:

debug # (from command line)

nodetach # (from command line)

logfd 2 # (from command line)

dump # (from command line)

noauth # (from /etc/ppp/peers/cndx)

name holyung # (from /etc/ppp/peers/cndx)

remotename cndx # (from /etc/ppp/peers/cndx)

# (from /etc/ppp/peers/cndx)

pty pptp XXX.com --nolaunchpppd # (from /etc/ppp/peers/cndx)

ipparam cndx # (from /etc/ppp/peers/cndx)

nobsdcomp # (from /etc/ppp/peers/cndx)

nodeflate # (from /etc/ppp/peers/cndx)

require-mppe-128 # (from /etc/ppp/peers/cndx)

using channel 8

Using interface ppp0

Connect: ppp0 /dev/pts/2

sent [LCP ConfReq id=0x1 ]

rcvd [LCP ConfRej id=0x1 ]

sent [LCP ConfReq id=0x2 ]

rcvd [LCP ConfAck id=0x2 ]

rcvd [LCP ConfReq id=0x2 ]

sent [LCP ConfAck id=0x2 ]

rcvd [CHAP Challenge id=0x1 <7b406356ed490dd919ed59a15eb00718>, name = "\37777777670\37777777650-\37777777710\37777777652\37777777726\37777777735"]

sent [CHAP Response id=0x1 <4340c19890d5fd223963050a858a0d4c0000000000000000c6e05aa2a33ab0fe022cd47b566bde019448e1159475c38000>, name = "XXX"]

rcvd [CHAP Success id=0x1 "S=ACED2A8499B919A392FC75426FB0EB81665F317A"]

CHAP authentication succeeded

sent [CCP ConfReq id=0x1 ]

rcvd [IPCP ConfReq id=0x1 ]

sent [IPCP TermAck id=0x1]

rcvd [proto=0x8281] 01 01 00 04

Unsupported protocol 'MPLSCP' (0x8281) received

sent [LCP ProtRej id=0x3 82 81 01 01 00 04]

rcvd [CCP ConfReq id=0x1 ]

sent [CCP ConfAck id=0x1 ]

rcvd [CCP ConfAck id=0x1 ]

MPPE 128-bit stateless compression enabled

sent [IPCP ConfReq id=0x1 ]

rcvd [IPCP ConfRej id=0x1 ]

sent [IPCP ConfReq id=0x2 ]

rcvd [IPCP ConfNak id=0x2 ]

sent [IPCP ConfReq id=0x3 ]

rcvd [IPCP ConfReq id=0x2 ]

sent [IPCP ConfAck id=0x2 ]

rcvd [IPCP ConfAck id=0x3 ]

local IP address 12.12.12.25

remote IP address 12.12.12.254

Script /etc/ppp/ip-up started (pid 26448)

Script /etc/ppp/ip-up finished (pid 26448), status = 0x0

大概表现就是 LCP ConfReq 请求发出后，没有收到正确的响应。

网上搜索了相关的资料，整理出原因大概有几类：

(1)外部网络设备原因，例如路由器禁止GRE协议

很有可能不是，因为在同一个网络环境(家庭宽带＋VirtualBox)，WinXP拨号上网完全没问题，Kali也可以一次拨号成功。但idc的openstack环境是否存在着问题，目前无法确认。

(2)iptables配置错误

暂时也排除这个原因，清空iptables规则也无法连VPN。

(3)pptp配置文件问题

把拨号成功的pptp配置文件(/etc/pptp/下所有目录和文件)复制粘贴，还是不行

(4)Linux发行版/内核配置

目前认为最有可能的原因，因为至少在Kali能连上和正常使用VPN，很可能是不同发行版的内核参数不同所引起。我对这方面实证不熟悉，请各位高人指点。

另外，通过tcpdump观察，目前能确认的是，所有linux发行版在拨号的时候，都能成功连上pptp服务器的1723，上面日志显示的 LCP ConfReq 开始的交换流程，eth1上抓不到，怎样tcpdump这部分的网络包，也请各位高人指点。

暂时实在想不到解决方法，项目只能先放在win服务器上跑，:(，还好是python写，移植花不了多少工夫