转载：https://ask.fedoraproject.org/en/question/62909/cant-connect-to-vpn-on-fedora-21/

PPTP方式是不安全的，如果必须PPTP方式建立VPN，更改防火墙设置：

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPTfirewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPTfirewall-cmd --reload

Can't connect to VPN on Fedora 21

• vpn
• pptp
• timeout

asked Jan 31 '15

SamSimon
41 ●1 ●2 ●5

updatedJan 31 '15

Hello everyone. When I am trying to connect to VPN by the Network Manager an error message appears. The same thing when using pptp console client. On Windows 7 with the same setting all works fine. Thanks in advance

ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500        inet 176.194.119.204  netmask 255.255.240.0  broadcast 176.194.127.255        inet6 fe80::221:85ff:fe5f:1d5e  prefixlen 64  scopeid 0x20<link>        ether 00:21:85:5f:1d:5e  txqueuelen 1000  (Ethernet)        RX packets 8448  bytes 6274415 (5.9 MiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 8441  bytes 1196608 (1.1 MiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536        inet 127.0.0.1  netmask 255.0.0.0        inet6 ::1  prefixlen 128  scopeid 0x10<host>        loop  txqueuelen 0  (Local Loopback)        RX packets 24  bytes 2208 (2.1 KiB)        RX errors 0  dropped 0  overruns 0  frame 0        TX packets 24  bytes 2208 (2.1 KiB)        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

route -n

Kernel IP routing tableDestination     Gateway         Genmask         Flags Metric Ref    Use Iface0.0.0.0         176.194.112.1   0.0.0.0         UG    1024   0        0 eth0176.194.112.0   0.0.0.0         255.255.240.0   U     0      0        0 eth0176.194.128.1   176.194.112.1   255.255.255.255 UGH   1      0        0 eth0195.137.187.129 176.194.112.1   255.255.255.255 UGH   0      0        0 eth0195.137.187.198 176.194.112.1   255.255.255.255 UGH   0      0        0 eth0

cat /etc/ppp/options.pptp

locknoauthrefuse-paprefuse-eaprefuse-chap#refuse-mschapnobsdcompnodeflate

cat /etc/ppp/peers/vpn

pty "pptp 195.137.187.198 --nolaunchpppd --nobuffer" remotename vpndebugdefaultroutenoipdefaultnoauthasyncmap 0crtsctslockhide-passwordlocalnoproxyarplcp-echo-interval 30lcp-echo-failure 4noipxrefuse-eaprefuse-chaprefuse-pap

cat /var/log/ppp/vpnlog

pppd options in effect:debug debug     # (from command line)nodetach        # (from command line)logfile /var/log/ppp/vpnlog     # (from /etc/ppp/peers/vpn)dump        # (from command line)noauth      # (from /etc/ppp/peers/vpn)refuse-pap      # (from /etc/ppp/peers/vpn)refuse-chap     # (from /etc/ppp/peers/vpn)refuse-eap      # (from /etc/ppp/peers/vpn)remotename vpn      # (from /etc/ppp/peers/vpn)        # (from /etc/ppp/peers/vpn)pty pptp 195.137.187.198 --nolaunchpppd --nobuffer      # (from /etc/ppp/peers/vpn)crtscts     # (from /etc/ppp/peers/vpn)local       # (from /etc/ppp/peers/vpn)asyncmap 0      # (from /etc/ppp/peers/vpn)lcp-echo-failure 4      # (from /etc/ppp/peers/vpn)lcp-echo-interval 30        # (from /etc/ppp/peers/vpn)hide-password       # (from /etc/ppp/peers/vpn)noipdefault     # (from /etc/ppp/peers/vpn)defaultroute        # (from /etc/ppp/peers/vpn)noproxyarp      # (from /etc/ppp/peers/vpn)noipx       # (from /etc/ppp/peers/vpn)using channel 3Using interface ppp0Connect: ppp0 <--> /dev/pts/2sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0x6946ed9> <pcomp> <accomp>]LCP: timeout sending Config-RequestsConnection terminated.Modem hangupWaiting for 1 child processes...  script pptp 195.137.187.198 --nolaunchpppd --nobuffer, pid 3091Script pptp 195.137.187.198 --nolaunchpppd --nobuffer finished (pid 3091), status = 0x0

Comments

Same problem here too.

pvanthony (Feb 2 '15)

If you stop firewalld (sudo systemctl stop firewalld.service) do you find that it works?

dkscully (Feb 6 '15)

still doesn't work: "LCP: timeout sending Config-Requests"

SamSimon (Feb 8 '15)

2

Also seeing "LCP: timeout sending Config-Requests" reported in journalctl. I seems that the firewall is blocking GRE, I added rules to accept GRE via the commandline and now I'm able to setup my VPN:

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPTfirewall-cmd --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPTfirewall-cmd --reload

Hidde Boonstra (Feb 10 '15)

The above firewall rules solved the problem for me. I am happy. Thank you, Hidde Boonstra, for sharing the solution. :-)

pvanthony (Feb 14 '15)

see more comments