Nepieciešama palīdzība ar PPTP konfigurēšanu uz CentOS 5.9

Ir lejupielādēts un veiksmīgi uzinstalēts pptp serveris, pēc manām domām pareizi nokonfigurēti IPTables un pats PPTP, bet pieslēdzoties PPTP serverim rodas problēma - nav piekļuves internetam. Ir iespējams piekļūt serverim, izmantojot tā izmantoto PPTP interfeisa adresi (10.2.0.1).
PPTP log fails.


Feb 12 10:00:00 4044-3515-1728 pptpd[19605]: CTRL: Client 193.200.201.67 control connection started
Feb 12 10:00:00 4044-3515-1728 pptpd[19605]: CTRL: Starting call (launching pppd, opening GRE)
Feb 12 10:00:00 4044-3515-1728 pppd[19606]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Feb 12 10:00:00 4044-3515-1728 pppd[19606]: pppd 2.4.4 started by root, uid 0
Feb 12 10:00:00 4044-3515-1728 pppd[19606]: Using interface ppp0
Feb 12 10:00:00 4044-3515-1728 pppd[19606]: Connect: ppp0 <--> /dev/pts/0
Feb 12 10:00:03 4044-3515-1728 pptpd[19605]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Feb 12 10:00:03 4044-3515-1728 pppd[19606]: MPPE 128-bit stateless compression enabled
Feb 12 10:00:05 4044-3515-1728 pppd[19606]: Cannot determine ethernet address for proxy ARP
Feb 12 10:00:05 4044-3515-1728 pppd[19606]: local  IP address 10.2.0.1
Feb 12 10:00:05 4044-3515-1728 pppd[19606]: remote IP address 10.2.0.2
Feb 12 10:00:10 4044-3515-1728 syslogd 1.4.1: restart.
Feb 12 10:01:53 4044-3515-1728 pppd[19606]: LCP terminated by peer (YM-d^HM-)^@<M-Mt^@^@^@^@)
Feb 12 10:01:53 4044-3515-1728 pppd[19606]: Connect time 1.8 minutes.
Feb 12 10:01:53 4044-3515-1728 pppd[19606]: Sent 41746 bytes, received 41596 bytes.
Feb 12 10:01:53 4044-3515-1728 pppd[19606]: Modem hangup
Feb 12 10:01:53 4044-3515-1728 pppd[19606]: Connection terminated.
Feb 12 10:01:53 4044-3515-1728 pppd[19606]: Exit.


IP Tables konfigurācija


[root@4044-3515-1728 ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.3.5 on Tue Feb 12 10:12:51 2013
*mangle
:PREROUTING ACCEPT [5263524:1762000183]
:INPUT ACCEPT [1729000:356441957]
:FORWARD ACCEPT [3534019:1405531142]
:OUTPUT ACCEPT [1938595:1326854717]
:POSTROUTING ACCEPT [5470184:2732226619]
COMMIT
# Completed on Tue Feb 12 10:12:51 2013
# Generated by iptables-save v1.3.5 on Tue Feb 12 10:12:51 2013
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i venet0:0 -j LOG  --log-prefix "BANDWIDTH_IN:" --log-level 7
-A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A FORWARD -o venet0:0 -j LOG  --log-prefix "BANDWIDTH_OUT:" --log-level 7
-A FORWARD -i venet0:0 -j LOG  --log-prefix "BANDWIDTH_IN:" --log-level 7
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/255.255.255.0 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i venet0:0 -o ppp0 -j ACCEPT
-A FORWARD -i ppp0 -o venet0:0 -j ACCEPT
-A OUTPUT -o venet0:0 -j LOG  --log-prefix "BANDWIDTH_OUT:" --log-level 7
COMMIT
# Completed on Tue Feb 12 10:12:51 2013
# Generated by iptables-save v1.3.5 on Tue Feb 12 10:12:51 2013
*nat
:PREROUTING ACCEPT [124607:10053651]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [764:50214]
-A POSTROUTING -o venet0 -j SNAT --to-source 78.129.218.107
-A POSTROUTING -s 10.8.0.0/255.255.255.0 -j SNAT --to-source 78.129.218.107
-A POSTROUTING -j SNAT --to-source 78.129.218.107
COMMIT
# Completed on Tue Feb 12 10:12:51 2013


Tīkla interfeisi

[root@4044-3515-1728 ~]# ifconfig
lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:2174 errors:0 dropped:0 overruns:0 frame:0
         TX packets:2174 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:324273 (316.6 KiB)  TX bytes:324273 (316.6 KiB)

ppp0      Link encap:Point-to-Point Protocol
         inet addr:10.2.0.1  P-t-P:10.2.0.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
         RX packets:269 errors:0 dropped:0 overruns:0 frame:0
         TX packets:167 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:3
         RX bytes:35778 (34.9 KiB)  TX bytes:18075 (17.6 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
         inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:34057334 errors:0 dropped:0 overruns:0 frame:0
         TX packets:50140084 errors:0 dropped:34 overruns:0 carrier:0
         collisions:0 txqueuelen:100
         RX bytes:3055305772 (2.8 GiB)  TX bytes:52816866833 (49.1 GiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1  P-t-P:127.0.0.1  Bcast:0.0.0.0  Mask:255.255.255.255
         UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
         RX packets:85560901 errors:0 dropped:0 overruns:0 frame:0
         TX packets:84891808 errors:0 dropped:3948 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:58570211414 (54.5 GiB)  TX bytes:59107615390 (55.0 GiB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:78.129.218.107  P-t-P:78.129.218.107  Bcast:78.129.218.107  Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

PPTP konfigurācijas fails

###############################################################################
# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $
#
# Sample Poptop PPP options file /etc/ppp/options.pptpd
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection.  See "man pppd".
#
# You are expected to change this file to suit your system.  As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################


# Authentication

# Name of the local system for authentication purposes
# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd

# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain


# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use.)


# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}


# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o
# {{{
#-chap
#-chapms
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#+chapms-v2
# Require MPPE encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#mppe-40    # enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
# }}}


# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2

# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients.  The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.  This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp

# Normally pptpd passes the IP address to pppd, but if pptpd has been
# given the delegate option in pptpd.conf or the --delegate command line
# option, then pppd will use chap-secrets or radius to allocate the
# client IP address.  The default local IP address used at the server
# end is often the same as the address of the server.  To override this,
# specify the local IP address here.
# (you must not use this unless you have used the delegate option)
#10.8.0.100


# Logging

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
#debug

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump


# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock

# Disable BSD-Compress compression
nobsdcomp

# Disable Van Jacobson compression
# (needed on some networks with Windows 9x/ME/XP clients, see posting to
# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
novj
novjccomp

# turn off logging to stderr, since this may be redirected to pptpd,
# which may trigger a loopback
nologfd

# put plugins here
# (putting them higher up may cause them to sent messages to the pty)

ms-dns 87.117.198.200
ms-dns 8.8.8.8


Rutes uz klienta datora

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
         0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.108   4235
         0.0.0.0          0.0.0.0         On-link          10.2.0.2     11
        10.2.0.2  255.255.255.255         On-link          10.2.0.2    266
  78.129.218.107  255.255.255.255      192.168.1.1    192.168.1.108   4236
       127.0.0.0        255.0.0.0         On-link         127.0.0.1   4531
       127.0.0.1  255.255.255.255         On-link         127.0.0.1   4531
 127.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
     192.168.0.0      255.255.0.0      192.168.1.1    192.168.1.108   4236
     192.168.1.0    255.255.255.0         On-link     192.168.1.108   4491
   192.168.1.108  255.255.255.255         On-link     192.168.1.108   4491
   192.168.1.255  255.255.255.255         On-link     192.168.1.108   4491
       224.0.0.0        240.0.0.0         On-link         127.0.0.1   4531
       224.0.0.0        240.0.0.0         On-link     192.168.1.108   4492
       224.0.0.0        240.0.0.0         On-link          10.2.0.2     11
 255.255.255.255  255.255.255.255         On-link         127.0.0.1   4531
 255.255.255.255  255.255.255.255         On-link     192.168.1.108   4491
 255.255.255.255  255.255.255.255         On-link          10.2.0.2    266
===========================================================================
Persistent Routes:
 Network Address          Netmask  Gateway Address  Metric
     192.168.0.0      255.255.0.0      192.168.1.1       1
===========================================================================


Traceroute, kamēr ir piesledzies PPTP serverim.


Tracing route to exs.lv [85.31.102.92]
over a maximum of 30 hops:

 1    68 ms    68 ms    68 ms  10.2.0.1
 2  10.2.0.1  reports: Destination protocol unreachable.

Trace complete.

Laboja alberts00, labots 1x