У меня на Virtual Box установлено 2 64-битных виртуальных машины Ubuntu. Их имя и IP-адреса указаны ниже. Я пытаюсь установить PPPoE-соединение между двумя машинами.
nas 192.168.129.130 (This machine runs the PPPoE server)
home 192.168.129.37 (This machine runs the PPPoE client)
Соответствующие файлы конфигурации на nas (сервере доступа к сети) показаны ниже.
/ etc / ppp / pppoe-server-параметры
require-chap
login
lcp-echo-interval 10
lcp-echo-failure 2
defaultroute
noipdefault
/ и т.д. / PPP / главы-секреты
#client server secret IP addresses
home * "godfather" *
nas * "godfather" *
/ и т.д. / ppp / ipaddress_pool
192.168.129.20-40
/ и т.д. / ppp / pppoe_start
PPPOE_IFACE="eth0"
PPPOE_IFACE_ADDR="192.168.129.31"
#Start PPPoE Server
sleep 5
pppoe-server -C isp -L $PPPOE_IFACE_ADDR -p /etc/ppp/ipaddress_pool -I $PPPOE_IFACE -m 1412
/ и т.д. / ppp / pppoe_stop
killall pppoe-server
Соответствующие файлы конфигурации дома (на клиенте) показаны ниже.
/ etc / ppp / chap_secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
nas * "godfather" *
home * "godfather" *
/ и т. д. / ppp / peers / myisp
plugin rp-pppoe.so
eth0
user root
Я запускаю сервер PPPoE, используя следующую команду.
sudo /etc/ppp/pppoe_start
Я запускаю клиента, используя следующую команду
sudo pppd call myisp
Я запускаю tcpdump на eth0, чтобы посмотреть на PADI, PADO, PADR, PADS и PADT. Результат выполнения tcpdump на сервере nas показан ниже.
sudo tcpdump -i eth0 -n ether proto 0x8863 '||' эфир прото 0x8864 [sudo] пароль для karthik:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
12:47:25.173507 PPPoE PADI [Service-Name] [Host-Uniq 0xCF0A0000]
12:47:25.173609 PPPoE PADO [AC-Name "nzhmlbld06l"] [Service-Name] [AC-Cookie 0x18F0FDB21859639108D61444C8A611F4D2080000] [Host-Uniq 0xCF0A0000]
12:47:25.173661 PPPoE PADO [AC-Name "isp"] [Service-Name] [AC-Cookie 0xF07AE7E13B3BDFACCCE03C14A0A60C7D49090000] [Host-Uniq 0xCF0A0000]
12:47:25.173777 PPPoE PADR [Service-Name] [Host-Uniq 0xCF0A0000] [AC-Cookie 0x18F0FDB21859639108D61444C8A611F4D2080000]
12:47:25.174239 PPPoE PADS [ses 0xa] [Service-Name] [Host-Uniq 0xCF0A0000]
12:47:25.174929 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 21
12:47:26.180431 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 16
12:47:26.180676 PPPoE [ses 0xa] LCP, Conf-Ack (0x02), id 1, length 16
12:47:28.177393 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 1, length 21
12:47:28.179020 PPPoE [ses 0xa] LCP, Conf-Reject (0x04), id 1, length 11
12:47:28.179295 PPPoE [ses 0xa] LCP, Conf-Request (0x01), id 2, length 16
12:47:28.181036 PPPoE [ses 0xa] LCP, Conf-Ack (0x02), id 2, length 16
12:47:28.181045 PPPoE [ses 0xa] LCP, Echo-Request (0x09), id 0, length 10
12:47:28.181464 PPPoE [ses 0xa] LCP, Echo-Request (0x09), id 0, length 10
12:47:28.181638 PPPoE [ses 0xa] LCP, Term-Request (0x05), id 3, length 34
12:47:28.182984 PPPoE [ses 0xa] LCP, Echo-Reply (0x0a), id 0, length 10
12:47:28.182992 PPPoE [ses 0xa] LCP, Term-Ack (0x06), id 3, length 6
12:47:31.217784 PPPoE PADT [ses 0xa] [Generic-Error "RP-PPPoE: Child pppd process terminated"]
Я не могу понять, почему печатается сообщение об ошибке «Generic-Error» RP-PPPoE: Child pppd process terminated. Я делаю что-то не так с конфигурацией? Любые предложения или указатели будут очень признательны.
Я добавил дамп отладки для клиента и сервера, и это / var / log / syslog, который я получил на клиенте.
Aug 19 08:42:22 home pppd[2183]: Plugin rp-pppoe.so loaded.
Aug 19 08:42:22 home pppd[2183]: pppd options in effect:
Aug 19 08:42:22 home pppd[2183]: debug#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: dump#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: plugin rp-pppoe.so#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: +chap#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: user root#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 08:42:22 home pppd[2183]: asyncmap 0#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: lcp-echo-failure 4#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: lcp-echo-interval 30#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: hide-password#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2183]: noipx#011#011# (from /etc/ppp/options)
Aug 19 08:42:22 home pppd[2184]: pppd 2.4.5 started by root, uid 0
Aug 19 08:42:22 home pppd[2184]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Aug 19 08:42:22 home pppd[2184]: dst ff:ff:ff:ff:ff:ff src 8:0:27:21:a9:d
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 51
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 08:42:22 home pppd[2184]: [AC-name nzhmlbld06l] [service-name] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Send PPPOE Discovery V1T1 PADR session 0x0 length 36
Aug 19 08:42:22 home pppd[2184]: dst c8:60:0:ca:eb:83 src 8:0:27:21:a9:d
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 43
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src 8:0:27:50:1d:d3
Aug 19 08:42:22 home pppd[2184]: [AC-name isp] [service-name] [AC-cookie ff 29 7b e4 ad 78 bd 39 db 78 61 ff f7 92 ff 0c f2 0a 00 00] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: Recv PPPOE Discovery V1T1 PADS session 0x15 length 12
Aug 19 08:42:22 home pppd[2184]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 08:42:22 home pppd[2184]: [service-name] [host-uniq 88 08 00 00]
Aug 19 08:42:22 home pppd[2184]: PADS: Service-Name: ''
Aug 19 08:42:22 home pppd[2184]: PPP session is 21
Aug 19 08:42:22 home pppd[2184]: Connected to c8:60:00:ca:eb:83 via interface eth0
Aug 19 08:42:22 home pppd[2184]: using channel 4
Aug 19 08:42:22 home pppd[2184]: Using interface ppp0
Aug 19 08:42:22 home pppd[2184]: Connect: ppp0 <--> eth0
Aug 19 08:42:22 home pppd[2184]: sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0x936c3d3f>]
Aug 19 08:42:22 home NetworkManager[521]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 08:42:22 home NetworkManager[521]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 19 08:42:23 home pppd[2184]: rcvd [LCP ConfReq id=0x1 <auth pap> <magic 0x4c48e2bb>]
Aug 19 08:42:23 home pppd[2184]: sent [LCP ConfAck id=0x1 <auth pap> <magic 0x4c48e2bb>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP ConfReq id=0x1 <mru 1492> <auth chap MD5> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP ConfRej id=0x1 <auth chap MD5>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP ConfReq id=0x2 <mru 1492> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP ConfAck id=0x2 <mru 1492> <magic 0x936c3d3f>]
Aug 19 08:42:25 home pppd[2184]: sent [LCP EchoReq id=0x0 magic=0x936c3d3f]
Aug 19 08:42:25 home pppd[2184]: peer refused to authenticate: terminating link
Aug 19 08:42:25 home pppd[2184]: sent [LCP TermReq id=0x3 "peer refused to authenticate"]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP EchoReq id=0x0 magic=0x4c48e2bb]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP EchoRep id=0x0 magic=0x4c48e2bb]
Aug 19 08:42:25 home pppd[2184]: rcvd [LCP TermAck id=0x3]
Aug 19 08:42:25 home pppd[2184]: Connection terminated.
Aug 19 08:42:25 home avahi-daemon[523]: Withdrawing workstation service for ppp0.
Aug 19 08:42:25 home NetworkManager[521]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 08:42:25 home pppd[2184]: Exit.
Я изменил свой файл / etc / ppp / pap-secrets, чтобы он выглядел, как показано ниже.
# INBOUND connections
# Every regular user can use PPP and has to use passwords from /etc/passwd
karthik * "godfather" *
#karthik * "godfather" *
#home * "godfather" *
# UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
# other accounts that should not be able to use pppd!
guest hostname "*" -
master hostname "*" -
#root hostname "*" -
support hostname "*" -
stats hostname "*" -
файл / etc / ppp / pap-secrets на сервере выглядит следующим образом.
# OUTBOUND connections
# Here you should add your userid password to connect to your providers via
# PAP. The * means that the password is to be used for ANY host you connect
# to. Thus you do not have to worry about the foreign machine name. Just
# replace password with your password.
# If you have different providers with different passwords then you better
# remove the following
* "godfather"
Я также изменил пользователя в моем / etc / ppp / peers / myisp с root на karthik. Из сообщений отладки (/ var / log / syslog) я получаю следующее на клиенте.
Aug 19 11:24:55 home pppd[2920]: Plugin rp-pppoe.so loaded.
Aug 19 11:24:55 home pppd[2920]: pppd options in effect:
Aug 19 11:24:55 home pppd[2920]: debug#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: dump#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: plugin rp-pppoe.so#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: noauth#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: user karthik#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: eth0#011#011# (from /etc/ppp/peers/myisp)
Aug 19 11:24:55 home pppd[2920]: asyncmap 0#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: lcp-echo-failure 4#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: lcp-echo-interval 30#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: show-password#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2920]: noipx#011#011# (from /etc/ppp/options)
Aug 19 11:24:55 home pppd[2921]: pppd 2.4.5 started by root, uid 0
Aug 19 11:24:55 home pppd[2921]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Aug 19 11:24:55 home pppd[2921]: dst ff:ff:ff:ff:ff:ff src 8:0:27:21:a9:d
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 51
Aug 19 11:24:55 home pppd[2921]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 11:24:55 home pppd[2921]: [AC-name nzhmlbld06l] [service-name] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: Send PPPOE Discovery V1T1 PADR session 0x0 length 36
Aug 19 11:24:55 home pppd[2921]: dst c8:60:0:ca:eb:83 src 8:0:27:21:a9:d
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00] [AC-cookie 18 f0 fd b2 18 59 63 91 08 d6 14 44 c8 a6 11 f4 d2 08 00 00]
Aug 19 11:24:55 home pppd[2921]: Recv PPPOE Discovery V1T1 PADS session 0x12 length 12
Aug 19 11:24:55 home pppd[2921]: dst 8:0:27:21:a9:d src c8:60:0:ca:eb:83
Aug 19 11:24:55 home pppd[2921]: [service-name] [host-uniq 69 0b 00 00]
Aug 19 11:24:55 home pppd[2921]: PADS: Service-Name: ''
Aug 19 11:24:55 home pppd[2921]: PPP session is 18
Aug 19 11:24:55 home pppd[2921]: Connected to c8:60:00:ca:eb:83 via interface eth0
Aug 19 11:24:55 home pppd[2921]: using channel 61
Aug 19 11:24:55 home NetworkManager[626]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 11:24:55 home NetworkManager[626]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Aug 19 11:24:55 home pppd[2921]: Using interface ppp0
Aug 19 11:24:55 home pppd[2921]: Connect: ppp0 <--> eth0
Aug 19 11:24:55 home pppd[2921]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:56 home pppd[2921]: rcvd [LCP ConfReq id=0x1 <auth pap> <magic 0x7d403be7>]
Aug 19 11:24:56 home pppd[2921]: sent [LCP ConfAck id=0x1 <auth pap> <magic 0x7d403be7>]
Aug 19 11:24:58 home pppd[2921]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0xd1bab5a5>]
Aug 19 11:24:58 home pppd[2921]: sent [LCP EchoReq id=0x0 magic=0xd1bab5a5]
Aug 19 11:24:58 home pppd[2921]: sent [PAP AuthReq id=0x1 user="karthik" password="godfather"]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP EchoReq id=0x0 magic=0x7d403be7]
Aug 19 11:24:58 home pppd[2921]: sent [LCP EchoRep id=0x0 magic=0xd1bab5a5]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP EchoRep id=0x0 magic=0x7d403be7]
Aug 19 11:24:58 home pppd[2921]: rcvd [PAP AuthNak id=0x1 "Login incorrect"]
Aug 19 11:24:58 home pppd[2921]: Remote message: Login incorrect
Aug 19 11:24:58 home pppd[2921]: PAP authentication failed
Aug 19 11:24:58 home pppd[2921]: sent [LCP TermReq id=0x2 "Failed to authenticate ourselves to peer"]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP TermReq id=0x2 "Authentication failed"]
Aug 19 11:24:58 home pppd[2921]: sent [LCP TermAck id=0x2]
Aug 19 11:24:58 home pppd[2921]: rcvd [LCP TermAck id=0x2]
Aug 19 11:24:58 home pppd[2921]: Connection terminated.
Aug 19 11:24:58 home avahi-daemon[628]: Withdrawing workstation service for ppp0.
Aug 19 11:24:58 home NetworkManager[626]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Aug 19 11:24:58 home pppd[2921]: Exit.
Из журнала похоже, что клиент отправляет правильное имя пользователя и пароль на сервер. Но сервер по какой-то причине не может аутентифицировать пользователя karthik с секретным "крестным отцом". Я подозреваю, что есть некоторая ошибка в конфигурации pap-secrets на сервере. Но не могу понять в чем. Может ли кто-нибудь указать мне правильное направление?
"партнер отказался аутентифицироваться" - вот объяснение. Он регистрируется pppd вашего клиента, поэтому сервер является одноранговым узлом, на который он ссылается.
PPP по своей сути не является протоколом клиент-сервер. Это симметрично. Это означает, что каждый конец соединения может потребовать от другого конца аутентификации. В конфигурациях, подобных ISP, аутентификация проходит только в одном направлении. Клиент подтверждает свою идентичность серверу, но сервер не подтверждает свою идентичность клиенту.
Если вы хотите использовать этот тип настройки, вы должны дать клиентскому pppd noauth
опция, которая говорит ему не требовать аутентификации от сервера. Добавление его в /etc/ppp/peers/myisp
должен это сделать.
Если вы хотите пройти аутентификацию в обоих направлениях, это тоже можно сделать.
Поскольку вы разместили последние журналы, новой проблемой является login
вариант. login
означает, что пароль PAP клиента должен совпадать с паролем пользователя в базе данных пользователей системы (т.е. /etc/passwd
и друзья). Если вы пытаетесь определить пароль исключительно через pap-secrets
, удалить login
вариант.