PPTP connection error: GRE: Bad checksum from pppd

2020-06-04 06:28发布

问题:

I have setup a PPTP server on my own server. I follow this tutorial https://www.digitalocean.com/community/articles/how-to-setup-your-own-vpn-with-pptp

But when I try to use my mobile phone or my PC to connect my PPTP server, it says PPTP server hang up,username or password is wrong. But I checked my username and password, they are ok. In my PPTP server log, something like this:

Dec 14 03:57:46 localhost pptpd[2071]: CTRL: Client 121.32.107.56 control connection started


Dec 14 03:57:46 localhost pptpd[2071]: CTRL: Starting call (launching pppd, opening GRE)
Dec 14 03:57:46 localhost pppd[2072]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 14 03:57:46 localhost pppd[2072]: pppd 2.4.5 started by root, uid 0
Dec 14 03:57:46 localhost pppd[2072]: Using interface ppp1
Dec 14 03:57:46 localhost pppd[2072]: Connect: ppp1 <--> /dev/pts/3
Dec 14 03:57:46 localhost pptpd[2071]: GRE: Bad checksum from pppd.
Dec 14 03:58:16 localhost pppd[2072]: LCP: timeout sending Config-Requests
Dec 14 03:58:16 localhost pppd[2072]: Connection terminated.
Dec 14 03:58:16 localhost pppd[2072]: Modem hangup
Dec 14 03:58:16 localhost pppd[2072]: Exit.
Dec 14 03:58:16 localhost pptpd[2071]: GRE: read(fd=6,buffer=804f620,len=8196) from PTY             failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Dec 14 03:58:16 localhost pptpd[2071]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Dec 14 03:58:16 localhost pptpd[2071]: CTRL: Reaping child PPP[2072]
Dec 14 03:58:16 localhost pptpd[2071]: CTRL: Client 121.32.107.56 control connection finished

回答1:

If you check the various forums and mailing lists you will find notes about the MPPE option (PPP Encryption,) and MS Chap v2. If you haven't already tried tinkering with those settings I suggest you google for information about them - they might help in your case.

They didn't help in my case.

It turns out that there are packets, called GRE packets, that might be blocked in your configuration. Most of the instructions that I found on the net don't mention this - but it's important.

Here's a page that does mention Protocol 47:

http://forums.whirlpool.net.au/archive/1957524

Bottom line: If there's something between, for example, your cable modem (ie: your public IP) and your VPN server: the problem may simply be that the GRE packets are not getting through. So,

  • If you are using one of the many router boxes that are commonly available: Browse to the admin pages for the box and check the advanced settings. You will want to find and enable a "PPTP passthrough" feature that knows how to handle the GRE packets. (Remember that many ISP's provide you with a cable modem that has a built-in router.)

  • If you are using Arno's IPTables Firewall: Enable the plugin for PPTP (it's in the plugins folder - follow the instructions.)

Unfortunately your configuration may require another solution - something to handle NAT'ing the GRE packets between your VPN server and your (cable modem / public IP.) I'm guessing that the routers will be the issue for many people so I hope this note helps in your case, too.



回答2:

You may need to do this:

net.netfilter.nf_conntrack_helper = 1

Then add

modprobe ip_nat_pptp

. In my case, it solved. I was using Ubuntu 18.04.2 LTS, kernel version 4.15.0-45-generic.



标签: vpn pptp