Erreur VPN PPTP

ValentinG · Février 21, 2016, 7:16pm

Bonjour à tous,

Je poste sur ici, je suis sous debian 7 et PPTP (dernière version).

Je l’ai configurer pour recevoir les connections MS Win (Require MS-CHAPv2 et Require MPPE-128)
Les logins et MDP sont bien configurés et avec IP FIXE dans “Chap-secret”

J’ai deux clients WinSrv 2012 qui ce connectent sans soucis et récupère correctement leur conf IPv4

Conf WinSrv2012 :
" - Activation LCP

Activation compression logiciel
Mode PPTP avec authentification seulement MS-CHAP-V2"

Cette configuration fonctionne très bien.

Lundi j’installe un 3° serveur WinSrv2012 et la boooom je VPN ne fonctionne pas avec les mêmes confs

Donc je me prend pas trop la tête et je recopie la VM d’un WinSrv2012 qui fonctionne pour la redéployer et re-booom le VPN ne fonctionne toujours pas.

Donc j’active les logs sur mon petit debian et j’obtiens cela :

Nov 29 10:49:08 SRV-VPN pptpd[4219]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Nov 29 10:49:36 SRV-VPN pptpd[4228]: CTRL: Client xxx.xxx.xxx.xxx control connection started Nov 29 10:49:37 SRV-VPN pptpd[4228]: CTRL: Starting call (launching pppd, opening GRE) Nov 29 10:49:37 SRV-VPN pppd[4229]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Nov 29 10:49:37 SRV-VPN pppd[4229]: pptpd-logwtmp: $Version$ Nov 29 10:49:37 SRV-VPN pppd[4229]: pppd 2.4.5 started by root, uid 0 Nov 29 10:49:37 SRV-VPN pppd[4229]: using channel 21 Nov 29 10:49:37 SRV-VPN pppd[4229]: Using interface ppp2 Nov 29 10:49:37 SRV-VPN pppd[4229]: Connect: ppp2 <--> /dev/pts/3 Nov 29 10:49:37 SRV-VPN pppd[4229]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:37 SRV-VPN pptpd[4228]: GRE: Bad checksum from pppd. Nov 29 10:49:37 SRV-VPN pppd[4229]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x7fbb77d4> <pcomp> <accomp> <callback CBCP>] Nov 29 10:49:37 SRV-VPN pppd[4229]: sent [LCP ConfRej id=0x0 <callback CBCP>] Nov 29 10:49:37 SRV-VPN pppd[4229]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:39 SRV-VPN pppd[4229]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x7fbb77d4> <pcomp> <accomp> <callback CBCP>] Nov 29 10:49:39 SRV-VPN pppd[4229]: sent [LCP ConfRej id=0x1 <callback CBCP>] Nov 29 10:49:40 SRV-VPN pppd[4229]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:40 SRV-VPN pppd[4229]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:42 SRV-VPN pppd[4229]: rcvd [LCP ConfReq id=0x2 <mru 1400> <magic 0x7fbb77d4> <pcomp> <accomp> <callback CBCP>] Nov 29 10:49:42 SRV-VPN pppd[4229]: sent [LCP ConfRej id=0x2 <callback CBCP>] Nov 29 10:49:43 SRV-VPN pppd[4229]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:43 SRV-VPN pppd[4229]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:46 SRV-VPN pppd[4229]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:46 SRV-VPN pppd[4229]: rcvd [LCP ConfReq id=0x3 <mru 1400> <magic 0x7fbb77d4> <pcomp> <accomp> <callback CBCP>] Nov 29 10:49:46 SRV-VPN pppd[4229]: sent [LCP ConfRej id=0x3 <callback CBCP>] Nov 29 10:49:46 SRV-VPN pppd[4229]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:49 SRV-VPN pppd[4229]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:49 SRV-VPN pppd[4229]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x42ab9b14> <pcomp> <accomp>] Nov 29 10:49:50 SRV-VPN pppd[4229]: rcvd [LCP ConfReq id=0x4 <mru 1400> <magic 0x7fbb77d4> <pcomp> <accomp> <callback CBCP>] Nov 29 10:49:50 SRV-VPN pppd[4229]: sent [LCP ConfRej id=0x4 <callback CBCP>] Nov 29 10:49:59 SRV-VPN pptpd[4228]: CTRL: Reaping child PPP[4229] Nov 29 10:49:59 SRV-VPN pppd[4229]: Hangup (SIGHUP) Nov 29 10:49:59 SRV-VPN pppd[4229]: Modem hangup Nov 29 10:49:59 SRV-VPN pppd[4229]: Connection terminated. Nov 29 10:49:59 SRV-VPN pppd[4229]: Exit.

Et quand la connexion fonctionne sur mes deux premier serveur j’obtiens cela:

Nov 29 10:59:05 SRV-VPN pptpd[2831]: CTRL: Client xxx.xxx.xxx.xxx control connection finished Nov 29 10:59:47 SRV-VPN pptpd[2865]: CTRL: Client xxx.xxx.xxx.xxx control connection started Nov 29 10:59:47 SRV-VPN pptpd[2865]: CTRL: Starting call (launching pppd, opening GRE) Nov 29 10:59:47 SRV-VPN pppd[2866]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Nov 29 10:59:47 SRV-VPN pppd[2866]: pptpd-logwtmp: $Version$ Nov 29 10:59:47 SRV-VPN pppd[2866]: pppd 2.4.5 started by root, uid 0 Nov 29 10:59:47 SRV-VPN pppd[2866]: using channel 4 Nov 29 10:59:47 SRV-VPN pppd[2866]: Using interface ppp1 Nov 29 10:59:47 SRV-VPN pppd[2866]: Connect: ppp1 <--> /dev/pts/2 Nov 29 10:59:47 SRV-VPN pppd[2866]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2c76873f> <pcomp> <accomp>] Nov 29 10:59:47 SRV-VPN pptpd[2865]: GRE: Bad checksum from pppd. Nov 29 10:59:49 SRV-VPN pppd[2866]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x3bf26871> <pcomp> <accomp>] Nov 29 10:59:49 SRV-VPN pppd[2866]: sent [LCP ConfAck id=0x0 <mru 1400> <magic 0x3bf26871> <pcomp> <accomp>] Nov 29 10:59:50 SRV-VPN pppd[2866]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2c76873f> <pcomp> <accomp>] Nov 29 10:59:50 SRV-VPN pppd[2866]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x2c76873f> <pcomp> <accomp>] Nov 29 10:59:50 SRV-VPN pppd[2866]: sent [LCP EchoReq id=0x0 magic=0x2c76873f] Nov 29 10:59:50 SRV-VPN pppd[2866]: sent [CHAP Challenge id=0x5 <3ebe925dba40927f7d086ebfad26cb8d>, name = "pptpd"] Nov 29 10:59:50 SRV-VPN pptpd[2865]: CTRL: Ignored a SET LINK INFO packet with real ACCMs! Nov 29 10:59:52 SRV-VPN pppd[2866]: rcvd [LCP EchoRep id=0x0 magic=0x3bf26871] Nov 29 10:59:52 SRV-VPN pppd[2866]: rcvd [CHAP Response id=0x5 <fa0c193ffb5c5e92af018303da84b36d0000000000000000d0342b03ded271de97ac6efd6ba0a20ff6d802be09fdd37600>, name = "vpn_mag_angers"] Nov 29 10:59:52 SRV-VPN pppd[2866]: sent [CHAP Success id=0x5 "S=D8C8CA6A3CD7BC3D747574BABD8F3BF5945B59D8 M=Access granted"] Nov 29 10:59:52 SRV-VPN pppd[2866]: peer from calling number xxx.xxx.xxx.xxx authorized Nov 29 10:59:52 SRV-VPN pppd[2866]: sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] Nov 29 10:59:53 SRV-VPN pppd[2866]: rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D +C>] Nov 29 10:59:53 SRV-VPN pppd[2866]: sent [CCP ConfNak id=0x1 <mppe +H -M +S -L -D -C>] Nov 29 10:59:53 SRV-VPN pppd[2866]: rcvd [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>] Nov 29 10:59:53 SRV-VPN pppd[2866]: sent [IPCP TermAck id=0x2] Nov 29 10:59:53 SRV-VPN pppd[2866]: rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>] Nov 29 10:59:53 SRV-VPN pppd[2866]: rcvd [CCP ConfReq id=0x3 <mppe +H -M +S -L -D -C>] Nov 29 10:59:53 SRV-VPN pppd[2866]: sent [CCP ConfAck id=0x3 <mppe +H -M +S -L -D -C>] Nov 29 10:59:53 SRV-VPN pppd[2866]: MPPE 128-bit stateless compression enabled Nov 29 10:59:53 SRV-VPN pppd[2866]: sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 192.168.251.0>] Nov 29 10:59:53 SRV-VPN pppd[2866]: rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>] Nov 29 10:59:53 SRV-VPN pppd[2866]: sent [IPCP ConfReq id=0x2 <addr 192.168.251.0>] Nov 29 10:59:53 SRV-VPN pppd[2866]: rcvd [IPCP ConfAck id=0x2 <addr 192.168.251.0>] Nov 29 10:59:54 SRV-VPN pppd[2866]: rcvd [IPCP ConfReq id=0x4 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>] Nov 29 10:59:54 SRV-VPN pppd[2866]: sent [IPCP ConfRej id=0x4 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>] Nov 29 10:59:54 SRV-VPN pppd[2866]: rcvd [IPCP ConfReq id=0x5 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>] Nov 29 10:59:54 SRV-VPN pppd[2866]: sent [IPCP ConfNak id=0x5 <addr 192.168.251.101> <ms-dns1 192.168.1.1> <ms-dns2 192.168.1.1>] Nov 29 10:59:55 SRV-VPN pppd[2866]: rcvd [IPCP ConfReq id=0x6 <addr 192.168.251.101> <ms-dns1 192.168.1.1> <ms-dns2 192.168.1.1>] Nov 29 10:59:55 SRV-VPN pppd[2866]: sent [IPCP ConfAck id=0x6 <addr 192.168.251.101> <ms-dns1 192.168.1.1> <ms-dns2 192.168.1.1>] Nov 29 10:59:55 SRV-VPN pppd[2866]: found interface eth0 for proxy arp Nov 29 10:59:55 SRV-VPN pppd[2866]: local IP address 192.168.251.0 Nov 29 10:59:55 SRV-VPN pppd[2866]: remote IP address 192.168.251.101 Nov 29 10:59:55 SRV-VPN pppd[2866]: pptpd-logwtmp.so ip-up ppp1 vpn_mag_angers xxx.xxx.xxx.xxx Nov 29 10:59:55 SRV-VPN pppd[2866]: Script /etc/ppp/ip-up started (pid 2869) Nov 29 10:59:55 SRV-VPN pppd[2866]: Script /etc/ppp/ip-up finished (pid 2869), status = 0x0

Donc je ne comprend pas. j’ai passé des heures sur Google et sans réponse.

Avez-vous des idées ? Ou bien même un solution

Bonne journée.

Valentin G

PascalHambourg · Février 21, 2016, 7:19pm

D’après les logs de pppd, La différence est que le client distant demande la négociation de l’option qui est rejetée par pppd. Il n’y aurait pas une option de callback à désactiver dans le paramétrage de PPTP des clients Windows ?