PPTP server configured according to wiki doesn't work after restart.

sunziping2016 · 2015-05-23 14:04:29

I've bought a VPS server from linode, and I use it to break through GFW(Great Fire Wall in China).

I set up the VPN server step by step according PPTP server on the official archlinux wiki.

Here is /etc/pptpd.conf. In fact, I just uncommented the "localip" and "remoteip" options at the bottom of this file.

###############################################################################
# $Id: pptpd.conf,v 1.10 2006/09/04 23:30:57 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################

# TAG: ppp
#	Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
#	Specifies the location of the PPP options file.
#	By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd

# TAG: debug
#	Turns on (more) debugging to syslog
#
#debug

# TAG: stimeout
#	Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
#       Suppress the passing of the client's IP address to PPP, which is
#       done by default otherwise.
#
#noipparam

# TAG: logwtmp
#	Use wtmp(5) to record client connections and disconnections.
#
logwtmp

# TAG: bcrelay <if>
#	Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1

# TAG: delegate
#	Delegates the allocation of client IP addresses to pppd.
#
#       Without this option, which is the default, pptpd manages the list of
#       IP addresses for clients and passes the next free address to pppd.
#       With this option, pptpd does not pass an address, and so pppd may use
#       radius or chap-secrets to allocate an address.
#
#delegate

# TAG: connections
#       Limits the number of client connections that may be accepted.
#
#       If pptpd is allocating IP addresses (e.g. delegate is not
#       used) then the number of connections is also limited by the
#       remoteip option.  The default is 100.
#connections 100

# TAG: localip
# TAG: remoteip
#	Specifies the local and remote IP address ranges.
#
#	These options are ignored if delegate option is set.
#
#       Any addresses work as long as the local machine takes care of the
#       routing.  But if you want to use MS-Windows networking, you should
#       use IP addresses out of the LAN address space and use the proxyarp
#       option in the pppd options file, or run bcrelay.
#
#	You can specify single IP addresses seperated by commas or you can
#	specify ranges, or both. For example:
#
#		192.168.0.234,192.168.0.245-249,192.168.0.254
#
#	IMPORTANT RESTRICTIONS:
#
#	1. No spaces are permitted between commas or within addresses.
#
#	2. If you give more IP addresses than the value of connections,
#	   it will start at the beginning of the list and go until it
#	   gets connections IPs.  Others will be ignored.
#
#	3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#	   you must type 234-238 if you mean this.
#
#	4. If you give a single localIP, that's ok - all local IPs will
#	   be set to the given one. You MUST still give at least one remote
#	   IP for each simultaneous client.
#
# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

And here is /etc/ppp/options.pptpd. I only added two lines with the option "ms-dns" in it. I used to use "8.8.8.8" and "8.8.4.4", but it just doesn't work as well, so I kept it the same as what is in /etc/resolv.conf.

###############################################################################
# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $
#
# Sample Poptop PPP options file /etc/ppp/options.pptpd
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection.  See "man pppd".
#
# You are expected to change this file to suit your system.  As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################


# Authentication

# Name of the local system for authentication purposes 
# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd

# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain


# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use.)


# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}


# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
# {{{
#-chap
#-chapms
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
# chapms-v2
# Require MPPE encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#mppe-40   # enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
# }}}


# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
ms-dns 74.207.241.5
ms-dns 74.207.242.5

# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients.  The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.  This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp

# Normally pptpd passes the IP address to pppd, but if pptpd has been
# given the delegate option in pptpd.conf or the --delegate command line
# option, then pppd will use chap-secrets or radius to allocate the
# client IP address.  The default local IP address used at the server
# end is often the same as the address of the server.  To override this,
# specify the local IP address here.
# (you must not use this unless you have used the delegate option)
#10.8.0.100


# Logging

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
#debug

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump


# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock

# Disable BSD-Compress compression
nobsdcomp 

# Disable Van Jacobson compression 
# (needed on some networks with Windows 9x/ME/XP clients, see posting to
# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
novj
novjccomp

# turn off logging to stderr, since this may be redirected to pptpd, 
# which may trigger a loopback
nologfd

# put plugins here 
# (putting them higher up may cause them to sent messages to the pty)

Then, I edited /etc/ppp/chap-secrets.

# Secrets for authentication using CHAP
# client   server   secret         IP addresses
myusername   pptpd   mypassword   *

And then, I created /etc/sysctl.d/30-ipforward.conf.

net.ipv4.ip_forward=1

I found an error when executed "sysctl --system" reporting missing "/etc/sysctl.conf", so I executed the following command.

touch /etc/sysctl.conf

Finally, I created a bash script, and run it. Here it is.

sysctl --system
# Accept all packets via ppp* interfaces (for example, ppp0)
iptables -A INPUT -i ppp  -j ACCEPT
iptables -A OUTPUT -o ppp  -j ACCEPT
# Accept incoming connections to port 1723 (PPTP)
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
# Accept GRE packets
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
# Enable IP forwarding
iptables -F FORWARD
iptables -A FORWARD -j ACCEPT
# Enable NAT for eth0  ppp* interfaces
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp  -j MASQUERADE
iptables-save > /etc/iptables/iptables.rules

And executed the following command to start pptpd.

systemctl start pptpd
systemctl enable pptpd

It worked well when I first tried it. I managed to use my ipod to get access to Google, which is blocked in China.
But then, I restarted the server. Then, I failed to connect to it.

Here is the log file generated with "journalctl -u pptpd -f | tee log"

-- Logs begin at Sat 2015-05-23 12:01:27 UTC. --
May 23 13:54:02 linode-szp pppd[2844]: Using interface ppp0
May 23 13:54:02 linode-szp pppd[2844]: Connect: ppp0 <--> /dev/pts/0
May 23 13:54:32 linode-szp pppd[2844]: LCP: timeout sending Config-Requests
May 23 13:54:32 linode-szp pppd[2844]: Connection terminated.
May 23 13:55:08 linode-szp systemd[1]: Stopping PPTP Server...
May 23 13:55:08 linode-szp systemd[1]: Started PPTP Server.
May 23 13:55:08 linode-szp systemd[1]: Starting PPTP Server...
May 23 13:55:08 linode-szp pptpd[2860]: MGR: Maximum of 100 connections reduced to 6, not enough IP addresses given
May 23 13:55:08 linode-szp pptpd[2860]: MGR: Manager process started
May 23 13:55:08 linode-szp pptpd[2860]: MGR: Maximum of 6 connections available
May 23 13:55:14 linode-szp pptpd[2864]: CTRL: Client 58.37.61.16 control connection started
May 23 13:55:14 linode-szp pptpd[2864]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:55:14 linode-szp pppd[2865]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:55:14 linode-szp pppd[2865]: pppd 2.4.7 started by root, uid 0
May 23 13:55:14 linode-szp pppd[2865]: Using interface ppp0
May 23 13:55:14 linode-szp pppd[2865]: Connect: ppp0 <--> /dev/pts/0
May 23 13:55:44 linode-szp pppd[2865]: LCP: timeout sending Config-Requests
May 23 13:55:44 linode-szp pppd[2865]: Connection terminated.
May 23 13:57:20 linode-szp pptpd[2881]: CTRL: Client 101.229.239.209 control connection started
May 23 13:57:20 linode-szp pptpd[2881]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:57:20 linode-szp pppd[2882]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:57:20 linode-szp pppd[2882]: pppd 2.4.7 started by root, uid 0
May 23 13:57:20 linode-szp pppd[2882]: Using interface ppp0
May 23 13:57:20 linode-szp pppd[2882]: Connect: ppp0 <--> /dev/pts/0
May 23 13:57:20 linode-szp pptpd[2881]: GRE: read(fd=7,buffer=609640,len=8260) from network failed: status = -1 error = Protocol not available
May 23 13:57:20 linode-szp pptpd[2881]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
May 23 13:57:20 linode-szp pptpd[2881]: CTRL: Reaping child PPP[2882]
May 23 13:57:20 linode-szp pppd[2882]: Modem hangup
May 23 13:57:20 linode-szp pppd[2882]: Connection terminated.
May 23 13:57:26 linode-szp pptpd[2894]: CTRL: Client 101.229.239.209 control connection started
May 23 13:57:27 linode-szp pptpd[2894]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:57:27 linode-szp pppd[2895]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:57:27 linode-szp pppd[2895]: pppd 2.4.7 started by root, uid 0
May 23 13:57:27 linode-szp pppd[2895]: Using interface ppp0
May 23 13:57:27 linode-szp pppd[2895]: Connect: ppp0 <--> /dev/pts/0
May 23 13:57:43 linode-szp pppd[2895]: MPPE 128-bit stateless compression enabled
May 23 13:57:46 linode-szp pppd[2895]: MPPE disabled
May 23 13:57:47 linode-szp pppd[2895]: Connection terminated.
May 23 13:57:47 linode-szp pppd[2895]: Connect time 0.4 minutes.
May 23 13:57:47 linode-szp pppd[2895]: Sent 70 bytes, received 44 bytes.
May 23 13:57:47 linode-szp pppd[2895]: Exit.
May 23 13:57:47 linode-szp pptpd[2894]: GRE: read(fd=6,buffer=611740,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
May 23 13:57:50 linode-szp pptpd[2913]: CTRL: Client 101.229.239.209 control connection started
May 23 13:57:50 linode-szp pptpd[2913]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:57:50 linode-szp pppd[2916]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:57:50 linode-szp pppd[2916]: pppd 2.4.7 started by root, uid 0
May 23 13:57:50 linode-szp pppd[2916]: Using interface ppp0
May 23 13:57:50 linode-szp pppd[2916]: Connect: ppp0 <--> /dev/pts/0
May 23 13:58:00 linode-szp pppd[2916]: MPPE 128-bit stateless compression enabled
May 23 13:58:03 linode-szp pppd[2916]: MPPE disabled
May 23 13:58:09 linode-szp pppd[2916]: Connection terminated.
May 23 13:58:09 linode-szp pppd[2916]: Connect time 0.3 minutes.
May 23 13:58:09 linode-szp pppd[2916]: Sent 40 bytes, received 44 bytes.
May 23 13:58:14 linode-szp pptpd[2932]: CTRL: Client 101.229.239.209 control connection started
May 23 13:58:14 linode-szp pptpd[2932]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:58:14 linode-szp pppd[2933]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:58:14 linode-szp pppd[2933]: pppd 2.4.7 started by root, uid 0
May 23 13:58:14 linode-szp pppd[2933]: Using interface ppp0
May 23 13:58:14 linode-szp pppd[2933]: Connect: ppp0 <--> /dev/pts/0
May 23 13:58:32 linode-szp pppd[2933]: MPPE 128-bit stateless compression enabled
May 23 13:58:33 linode-szp pppd[2933]: MPPE disabled
May 23 13:58:33 linode-szp pppd[2933]: Connection terminated.
May 23 13:58:33 linode-szp pppd[2933]: Connect time 0.4 minutes.
May 23 13:58:33 linode-szp pppd[2933]: Sent 80 bytes, received 64 bytes.
May 23 13:58:39 linode-szp pptpd[2953]: CTRL: Client 101.229.239.209 control connection started
May 23 13:58:40 linode-szp pptpd[2953]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:58:40 linode-szp pppd[2954]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:58:40 linode-szp pppd[2954]: pppd 2.4.7 started by root, uid 0
May 23 13:58:40 linode-szp pppd[2954]: Using interface ppp0
May 23 13:58:40 linode-szp pppd[2954]: Connect: ppp0 <--> /dev/pts/0
May 23 13:58:43 linode-szp pptpd[2963]: CTRL: Client 101.229.239.209 control connection started
May 23 13:58:43 linode-szp pptpd[2963]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:58:43 linode-szp pppd[2964]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:58:43 linode-szp pppd[2964]: pppd 2.4.7 started by root, uid 0
May 23 13:58:43 linode-szp pppd[2964]: Using interface ppp1
May 23 13:58:43 linode-szp pppd[2964]: Connect: ppp1 <--> /dev/pts/2
May 23 13:58:43 linode-szp pptpd[2963]: GRE: read(fd=7,buffer=609640,len=8260) from network failed: status = -1 error = Protocol not available
May 23 13:58:43 linode-szp pptpd[2963]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
May 23 13:58:43 linode-szp pptpd[2963]: CTRL: Reaping child PPP[2964]
May 23 13:58:43 linode-szp pptpd[2953]: GRE: read(fd=7,buffer=609640,len=8260) from network failed: status = -1 error = Protocol not available
May 23 13:58:43 linode-szp pptpd[2953]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
May 23 13:58:43 linode-szp pptpd[2953]: CTRL: Reaping child PPP[2954]
May 23 13:58:43 linode-szp pppd[2964]: Modem hangup
May 23 13:58:43 linode-szp pppd[2964]: Connection terminated.
May 23 13:58:43 linode-szp pppd[2954]: Modem hangup
May 23 13:58:43 linode-szp pppd[2954]: Connection terminated.
May 23 13:59:00 linode-szp pptpd[2981]: CTRL: Client 101.229.239.209 control connection started
May 23 13:59:01 linode-szp pptpd[2981]: CTRL: Starting call (launching pppd, opening GRE)
May 23 13:59:01 linode-szp pppd[2982]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 13:59:01 linode-szp pppd[2982]: pppd 2.4.7 started by root, uid 0
May 23 13:59:01 linode-szp pppd[2982]: Using interface ppp0
May 23 13:59:01 linode-szp pppd[2982]: Connect: ppp0 <--> /dev/pts/0

Thank you if someone can help me.

ewaller · 2015-05-23 17:03:23

I am somewhat surprised that you choose to discuss this topic on what is a very public forum.
I am uneasy about this. I also think it runs afoul of the laws of China. Am I wrong?

sunziping2016 · 2015-05-23 18:12:22

Thank you for your reminding me of this. I'am newly here, and I am really sorry that I've made you uneasy. But firstly, I doesn't think GFW is something officially documented in China's legislation. In fact, it is something the government tried to conceal but already known to all. So breaking through it is not illegal.
And what I want is just to get access to gmail, wikipedia, twitter, facebook, instagram and so on. And what's more, GFW has once blocked github and now, it blocks google entirely. I am a technical ecstasy not a politician. I just want to learn more freely.

Thank you all the way. And I feel fairly good with such a warm-hearted community. The arch wiki has really teached me a lot. Thank you.

ewaller · 2015-05-23 18:17:41

Very well. I'll leave the thread open. Unfortunately, I have no ideas on this topic.
Welcome to Arch Linux.

sunziping2016 · 2015-05-24 01:43:52

Thank you all the way. The problem only exists after rebooting the server, so I've made my decision that I will never reboot it. It is not a good idea in the long run, but at least it solves the problem temporarily. I hope I can finish my study in China before GFW is able to block all VPN traffic.

Arch Linux

#1 2015-05-23 14:04:29

PPTP server configured according to wiki doesn't work after restart.

#2 2015-05-23 17:03:23

Re: PPTP server configured according to wiki doesn't work after restart.

#3 2015-05-23 18:12:22

Re: PPTP server configured according to wiki doesn't work after restart.

#4 2015-05-23 18:17:41

Re: PPTP server configured according to wiki doesn't work after restart.

#5 2015-05-24 01:43:52

Re: PPTP server configured according to wiki doesn't work after restart.

Board footer