在Windows上一切都是那麼簡單的VPN設定,在Ubuntu9.04上花了我兩小時。
(公司是開windows 2003的vpn主機)
安裝PPTP過程拎背就不爽跟你們說了。呃,不過要注意一下自家router/switch的設定,拎背的就有要不要讓vpn通過的選項。
如果你的VPN連結後 daemon.log 出現類似下面的東西:
Dec 19 13:26:01 x200-ubuntu NetworkManager:
Dec 19 13:26:01 x200-ubuntu NetworkManager:
Dec 19 13:26:01 x200-ubuntu NetworkManager:
Dec 19 13:26:01 x200-ubuntu NetworkManager:
Dec 19 13:26:01 x200-ubuntu NetworkManager:
Dec 19 13:26:01 x200-ubuntu pptp[11392]: nm-pptp-service-11387 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Dec 19 13:26:01 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Dec 19 13:26:01 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Dec 19 13:26:01 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Dec 19 13:26:02 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Dec 19 13:26:02 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Dec 19 13:26:02 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 33806).
Dec 19 13:26:02 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:950]: PPTP_SET_LINK_INFO received from peer_callid 8
Dec 19 13:26:02 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:953]: send_accm is 00000000, recv_accm is FFFFFFFF
Dec 19 13:26:02 x200-ubuntu pptp[11402]: nm-pptp-service-11387 warn[ctrlp_disp:pptp_ctrl.c:956]: Non-zero Async Control Character Maps are not supported!
Dec 19 13:26:03 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:950]: PPTP_SET_LINK_INFO received from peer_callid 8
Dec 19 13:26:03 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:953]: send_accm is FFFFFFFF, recv_accm is FFFFFFFF
Dec 19 13:26:03 x200-ubuntu pptp[11402]: nm-pptp-service-11387 warn[ctrlp_disp:pptp_ctrl.c:956]: Non-zero Async Control Character Maps are not supported!
Dec 19 13:26:03 x200-ubuntu pptp[11402]: nm-pptp-service-11387 log[ctrlp_disp:pptp_ctrl.c:912]: Received Call Clear Request.
Dec 19 13:26:06 x200-ubuntu NetworkManager:
Dec 19 13:26:06 x200-ubuntu pptp[11392]: nm-pptp-service-11387 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
那你就出運了,記得去還願。
請參考 Question #48681 ,或是你他媽的是個懶鬼。
- 打開你的terminal $> gconf-editor
- 找到 system/networking/connections,connections下面一個個找,找到有vpn的。
- 加上一個字串,名稱「refuse-eap」,內容「yes」。(其實這動作跟下一個動作關掉EAP一樣吧?!)
- 回到network-manager你vpn的設定,把PAP、CHAP關掉,MSCHAP、MSCHAPv2開著,這時候EAP就已經是沒勾了。
- 使用點對點加密[MPPE]打勾,安全性128位元。「允可設定狀態加密」勾。
- NT Domain留白。
如果你有用firestarter,請打開/etc/firestarter/user-pre檔案,然後加入
# Forward PPTP VPN client traffic
$IPT -A FORWARD -i $IF -o $INIF -p tcp --dport 1723 -m state --state NEW,ESTABLI
SHED,RELATED -j ACCEPT
$IPT -A FORWARD -i $IF -o $INIF -p 47 -m state --state NEW,ESTABLISHED,RELATED -
j ACCEPT
$IPT -A FORWARD -i $INIF -o $IF -p 47 -m state --state NEW,ESTABLISHED,RELATED -
j ACCEPT
之後 /etc/init.d/firestarter restart
以上是google 「vpn firestarter」的結果。And this
不過我試的結果,就算連上vpn了還是上不了網路。
只有停掉或換掉firestarter。