OSX PPTP VPN 伺服器上的 MPPE 困難

tag-icon tag-icon macos vpn encryption pptp
OSX PPTP VPN 伺服器上的 MPPE 困難

我正在嘗試在 Mac OSX 伺服器上啟動並再次運行 VPN,但似乎在 MPPE 方面遇到了障礙。當我嘗試從同一本地網路上的筆記型電腦連接到 VPN 時,我收到以下訊息/var/log/ppp/vpnd.log

2015-07-14 17:01:45 MDT Incoming call... Address given to client = xx.xxx.xx.xxx
Tue Jul 14 17:01:45 2015 : Directory Services Authentication plugin initialized
Tue Jul 14 17:01:45 2015 : Directory Services Authorization plugin initialized
Tue Jul 14 17:01:45 2015 : PPTP incoming call in progress from '192.168.1.154'...
Tue Jul 14 17:01:46 2015 : PPTP connection established.
Tue Jul 14 17:01:46 2015 : using link 0
Tue Jul 14 17:01:46 2015 : Using interface ppp0
Tue Jul 14 17:01:46 2015 : Connect: ppp0 <--> socket[34:17]
Tue Jul 14 17:01:46 2015 : sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4c905d23> <pcomp> <accomp>]
Tue Jul 14 17:01:46 2015 : rcvd [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x5dd17fa9> <pcomp> <accomp>]
Tue Jul 14 17:01:46 2015 : lcp_reqci: returning CONFACK.
Tue Jul 14 17:01:46 2015 : sent [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0x5dd17fa9> <pcomp> <accomp>]
Tue Jul 14 17:01:46 2015 : rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x4c905d23> <pcomp> <accomp>]
Tue Jul 14 17:01:46 2015 : sent [LCP EchoReq id=0x0 magic=0x4c905d23]
Tue Jul 14 17:01:46 2015 : sent [CHAP Challenge id=0x43 <2a596a4a75602b4946642a2d1b12050b>, name = "server"]
Tue Jul 14 17:01:46 2015 : rcvd [LCP EchoRep id=0x0 magic=0x5dd17fa9]
Tue Jul 14 17:01:46 2015 : rcvd [CHAP Response id=0x43 <afb93f9351af212c460cf851eaf6d0580000000000000000e1bda0d312f0542755399c6ca465b7a8878439608d30f16100>, name = "admin"]
Tue Jul 14 17:01:46 2015 : sent [CHAP Success id=0x43 "S=3B614827970F82512A68E1022EF6F7FC0AF4FA3F M=Access granted"]
Tue Jul 14 17:01:46 2015 : CHAP peer authentication succeeded for admin
Tue Jul 14 17:01:46 2015 : DSAccessControl plugin: User 'admin' authorized for access
Tue Jul 14 17:01:46 2015 : sent [CCP ConfReq id=0x1 <mppe +H -M +S +L -D -C>]
Tue Jul 14 17:01:46 2015 : rcvd [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Tue Jul 14 17:01:46 2015 : MPPE required but peer negotiation failed
Tue Jul 14 17:01:46 2015 : sent [LCP TermReq id=0x2 "MPPE required but peer negotiation failed"]
Tue Jul 14 17:01:46 2015 : Connection terminated.
Tue Jul 14 17:01:46 2015 : sent [CCP ConfRej id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
Tue Jul 14 17:01:46 2015 : Connect time 0.0 minutes.
Tue Jul 14 17:01:46 2015 : Sent 0 bytes, received 0 bytes.
Tue Jul 14 17:01:46 2015 : PPTP disconnecting...
Tue Jul 14 17:01:46 2015 : PPTP disconnected
2015-07-14 17:01:46 MDT    --> Client with address = xx.xxx.xx.xxx has hungup

我從網路上搜尋得到的資訊(特別是這裡)是客戶端和伺服器之間存在加密不匹配。我無法在我的伺服器上啟動圖形環境,因此我一直透過 ssh 配置它。伺服器上的適用文件似乎是/Library/Preferences/SystemConfiguration/com.apple.RemoteAccessServers.plist,其中包含以下與 MPPE 相關的行

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
        <key>ActiveServers</key>
        <array>
                <string>com.apple.ppp.pptp</string>
        </array>
        <key>Servers</key>
                ...
                <key>com.apple.ppp.pptp</key>
                <dict>
                        ...
                        <key>PPP</key>
                        <dict>
                                ...
                                <key>CCPProtocols</key>
                                <array>
                                        <string>MPPE</string>
                                </array>
                                ...
                                <key>MPPEKeySize128</key>
                                <integer>1</integer>
                                <key>MPPEKeySize40</key>
                                <integer>1</integer>
                                ...
                        </dict>
                        ...
                </dict>
        </dict>
</dict>
</plist>

看起來應該將其配置為同時使用 40 位元和 128 位元 MPPE 金鑰大小。在我的伺服器上,沒有/etc/ppp/.在客戶端上,我有文件/etc/ppp/,但與 MPPE 相關的所有內容似乎都被註解掉了/etc/ppp/options.pptp

# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use.  Note that MPPE
# requires the use of MSCHAP-V2 during authentication)

# http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# {{{
# Require MPPE 128-bit encryption
#require-mppe-128
# }}}

# http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
#mppe required,stateless
# }}}

我嘗試取消註釋各種 mppe 行(即使有或沒有三重花括號,我無法辨別它們是否意味著什麼)。MPPE required but peer negotiation failed每次啟動 VPN 連線都會收到相同的訊息。

在我的客戶端上,我運行的是 pppd 版本 2.4.5。在伺服器上,嘗試使用 pppd 執行任何選項都會給出訊息

pppd: Can't open options file /etc/ppp/options: No such file or directory

所以我不確定伺服器上運行的是哪個版本。

對於我還應該嘗試什麼有什麼想法嗎?

答案1

好吧,現在我覺得自己很愚蠢。事實證明,MPPE 確實在伺服器上啟用了。不過,我沒有在我的客戶端啟用 MPPE!

我在客戶端上運行 Linux Mint 17 XFCE,因此為了啟用 MPPE,我單擊系統托盤中的網路指示器插件,並在“VPN 連接”下選擇“配置 VPN...”。從那裡我選擇了我想要設定的 VPN,然後點擊“編輯...”。在“VPN”選項卡下,我單擊“進階...”按鈕。在「安全性和壓縮」下有一個標記為「使用點對點加密(MPPE)」的複選框。選中該框並單擊“確定”和“保存”後,我就能夠毫無問題地連接到 VPN。

相關內容