以下是一次记录pptpd vpn无法连接后的心酸历程:

pptp client拨号发现一直无响应,查看日志

  因为pptpd服务端是一台高质量公网地址,所以平时拨入vpn连接都非常快,今天发起拨号请求后却迟迟无相应,所以迅速登录服务端进行排查,发现有以下大量日志:

Jun  5 21:29:38 Linux kernel: pptpctrl[25540]: segfault at 0 ip 00007fc8fd35cbdc sp 00007ffdae051df8 error 4 in libc-2.17.so[7fc8fd1fb000+1c2000]
Jun 5 21:29:39 Linux kernel: pptpctrl[25541]: segfault at 0 ip 00007f8f622b9bdc sp 00007ffc046fc1a8 error 4 in libc-2.17.so[7f8f62158000+1c2000]
Jun 5 21:29:40 Linux kernel: pptpctrl[25543]: segfault at 0 ip 00007fb1f8f6fbdc sp 00007fffdbb25888 error 4 in libc-2.17.so[7fb1f8e0e000+1c2000]
Jun 5 21:29:41 Linux kernel: pptpctrl[25545]: segfault at 0 ip 00007fbe200c6bdc sp 00007ffde8a4c418 error 4 in libc-2.17.so[7fbe1ff65000+1c2000]
Jun 5 21:29:42 Linux kernel: pptpctrl[25547]: segfault at 0 ip 00007fee8be1cbdc sp 00007fffb5f20be8 error 4 in libc-2.17.so[7fee8bcbb000+1c2000]
Jun 5 21:29:43 Linux kernel: pptpctrl[25549]: segfault at 0 ip 00007f691543ebdc sp 00007ffe86de6ef8 error 4 in libc-2.17.so[7f69152dd000+1c2000]
Jun 5 21:29:45 Linux kernel: pptpctrl[25551]: segfault at 0 ip 00007f9315618bdc sp 00007fff606f7ab8 error 4 in libc-2.17.so[7f93154b7000+1c2000]
Jun 5 21:29:46 Linux kernel: pptpctrl[25553]: segfault at 0 ip 00007fb6fe23ebdc sp 00007ffdef6334e8 error 4 in libc-2.17.so[7fb6fe0dd000+1c2000]
Jun 5 21:29:47 Linux kernel: pptpctrl[25555]: segfault at 0 ip 00007f036e287bdc sp 00007ffebb2d5d28 error 4 in libc-2.17.so[7f036e126000+1c2000]
Jun 5 21:29:48 Linux kernel: pptpctrl[25556]: segfault at 0 ip 00007fae58ad6bdc sp 00007ffe71a1eaa8 error 4 in libc-2.17.so[7fae58975000+1c2000]
Jun 5 21:29:49 Linux kernel: pptpctrl[25559]: segfault at 0 ip 00007f6b5cfe4bdc sp 00007ffe5827ce08 error 4 in libc-2.17.so[7f6b5ce83000+1c2000]

  此条日志在pptpd服务启动后就会频繁出现,于是开始查看pptpd进程状态是否正常。

查看服务运行状态

ps aux|grep pptpd

root      21285  0.0  0.0  10732   932 ?        Ss   20:09   0:00 /usr/sbin/pptpd -f
root 25267 0.0 0.0 6472 664 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25269 0.0 0.0 6472 664 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25271 0.0 0.0 6472 664 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25273 0.0 0.0 6472 660 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25275 0.0 0.0 6472 660 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25276 0.0 0.0 6472 660 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25278 0.0 0.0 6472 664 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25280 0.0 0.0 6472 660 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25282 0.0 0.0 6472 656 ? S 21:27 0:00 pptpd [192.168.1.1]
root 25284 0.0 0.0 6472 660 ? S 21:27 0:00 pptpd [192.168.1.1]
root 26608 0.0 0.0 112708 992 pts/1 S+ 21:41 0:00 grep --color=auto --exclude-dir=.bzr --exclude-dir=CVS --exclude-dir=.git --exclude-dir=.hg --exclude-dir=.svn pptpd

  此处由于涉及到公网IP地址信息,所以将公网IP换成了内网,根据当前的进程信息可以看出除了pptpd主进程之外,还有十个pptpd的进程,此时还不能定位这些进程的作用。

systemctl status pptpd

● pptpd.service - PoPToP Point to Point Tunneling Server
Loaded: loaded (/usr/lib/systemd/system/pptpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-06-05 20:09:24 CST; 1h 34min ago
Main PID: 21285 (pptpd)
CGroup: /system.slice/pptpd.service
├─21285 /usr/sbin/pptpd -f
├─25267 pptpd [192.168.1.1]
├─25269 pptpd [192.168.1.1]
├─25271 pptpd [192.168.1.1]
├─25273 pptpd [192.168.1.1]
├─25275 pptpd [192.168.1.1]
├─25276 pptpd [192.168.1.1]
├─25278 pptpd [192.168.1.1]
├─25280 pptpd [192.168.1.1]
├─25282 pptpd [192.168.1.1]
└─25284 pptpd [192.168.1.1] Jun 05 21:27:34 centos-bj pptpd[25267]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:35 centos-bj pptpd[25269]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:36 centos-bj pptpd[25271]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:37 centos-bj pptpd[25273]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:38 centos-bj pptpd[25275]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:39 centos-bj pptpd[25276]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:40 centos-bj pptpd[25278]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:42 centos-bj pptpd[25280]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:43 centos-bj pptpd[25282]: CTRL: Client 192.168.1.1 control connection started
Jun 05 21:27:44 centos-bj pptpd[25284]: CTRL: Client 192.168.1.1 control connection started

对当前状态进行判断

  此时我已经非常合理的对这是个进程,和这个IP产生了怀疑,并且这个问题无论是重启服务器或者pptpd服务都不能解决,为了尽快恢复,我拒绝了这个IP的所有访问。

firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='36.102.10.136' reject"

  拒绝了此IP的所有访问后,发现重启服务,没有此报错了。

● pptpd.service - PoPToP Point to Point Tunneling Server
Loaded: loaded (/usr/lib/systemd/system/pptpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2019-06-05 22:02:16 CST; 1s ago
Main PID: 28830 (pptpd)
CGroup: /system.slice/pptpd.service
└─28830 /usr/sbin/pptpd -f Jun 05 22:02:16 centos-bj systemd[1]: Started PoPToP Point to Point Tunneling Server.
Jun 05 22:02:16 centos-bj pptpd[28830]: MGR: Maximum of 100 connections reduced to 10, not enough IP addresses given
Jun 05 22:02:16 centos-bj pptpd[28830]: MGR: Manager process started
Jun 05 22:02:16 centos-bj pptpd[28830]: MGR: Maximum of 10 connections available

  此时查看VPN服务正常了,并且注意到了MGR: Maximum of 10 connections available也就是可用的最大连接数只有10个,我的进程都被占用了,所以连接失败了,调大IP池以及连接数,这个问题就解决了。

05-11 19:28