无法在内核3.18的Ubuntu 14.04上启用ufw的情况下连接到PPTP VPN

突然VPN断开连接，无法再在内核3.18.1上重新连接，因此我尝试安装内核3.18.2，但是我的问题仍然存在。但是我可以轻松地用3.14内核连接到VPN。

syslog的输出：

Jan 11 17:43:51 DEMON NetworkManager[7443]: <info> Starting VPN service 'pptp'...
Jan 11 17:43:51 DEMON NetworkManager[7443]: <info> VPN service 'pptp' started (org.freedesktop.NetworkManager.pptp), PID 8741
Jan 11 17:43:51 DEMON NetworkManager[7443]: <info> VPN service 'pptp' appeared; activating connections
Jan 11 17:43:51 DEMON NetworkManager[7443]: <info> VPN plugin state changed: starting (3)
Jan 11 17:43:51 DEMON NetworkManager[7443]: <info> VPN connection 'VPN connection 1' (Connect) reply received.
Jan 11 17:43:51 DEMON pppd[8742]: Plugin /usr/lib/pppd/2.4.5/nm-pptp-pppd-plugin.so loaded.
Jan 11 17:43:51 DEMON pppd[8742]: pppd 2.4.5 started by root, uid 0
Jan 11 17:43:51 DEMON pppd[8742]: Using interface ppp0
Jan 11 17:43:51 DEMON pppd[8742]: Connect: ppp0 <--> /dev/pts/25
Jan 11 17:43:51 DEMON pptp[8747]: nm-pptp-service-8741 log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jan 11 17:43:51 DEMON NetworkManager[7443]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jan 11 17:43:51 DEMON NetworkManager[7443]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Jan 11 17:43:51 DEMON NetworkManager[7443]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Jan 11 17:43:51 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jan 11 17:43:51 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jan 11 17:43:51 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jan 11 17:43:52 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jan 11 17:43:52 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jan 11 17:43:52 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 37038).
Jan 11 17:43:53 DEMON vnstatd[1509]: Interface "ppp0" enabled.
Jan 11 17:43:55 DEMON kernel: [  921.480993] [UFW BLOCK] IN=wlan0 OUT= MAC=74:de:2b:02:0b:da:50:1c:bf:61:6f:41:08:00 SRC=192.168.0.1 DST=192.168.74.15 LEN=55 TOS=0x00 PREC=0x00 TTL=63 ID=64925 PROTO=47 
Jan 11 17:43:55 DEMON kernel: [  922.096723] [UFW BLOCK] IN=wlan0 OUT= MAC=74:de:2b:02:0b:da:50:1c:bf:61:6f:41:08:00 SRC=192.168.0.1 DST=192.168.74.15 LEN=54 TOS=0x00 PREC=0x00 TTL=63 ID=64926 PROTO=47 
Jan 11 17:43:57 DEMON kernel: [  923.911774] [UFW BLOCK] IN=wlan0 OUT= MAC=74:de:2b:02:0b:da:50:1c:bf:61:6f:41:08:00 SRC=192.168.0.1 DST=192.168.74.15 LEN=55 TOS=0x00 PREC=0x00 TTL=63 ID=64927 PROTO=47 
Jan 11 17:44:16 DEMON kernel: [  943.116984] [UFW BLOCK] IN=wlan0 OUT= MAC=74:de:2b:02:0b:da:50:1c:bf:61:6f:41:08:00 SRC=192.168.0.1 DST=192.168.74.15 LEN=54 TOS=0x00 PREC=0x00 TTL=63 ID=64937 PROTO=47 
Jan 11 17:44:22 DEMON pppd[8742]: LCP: timeout sending Config-Requests
Jan 11 17:44:22 DEMON pppd[8742]: Connection terminated.
Jan 11 17:44:22 DEMON NetworkManager[7443]: <warn> VPN plugin failed: 1
Jan 11 17:44:22 DEMON NetworkManager[7443]:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jan 11 17:44:22 DEMON pppd[8742]: Modem hangup
Jan 11 17:44:22 DEMON pptp[8747]: nm-pptp-service-8741 warn[decaps_hdlc:pptp_gre.c:204]: short read (-1): Input/output error
Jan 11 17:44:22 DEMON pptp[8747]: nm-pptp-service-8741 warn[decaps_hdlc:pptp_gre.c:216]: pppd may have shutdown, see pppd log
Jan 11 17:44:22 DEMON pptp[8761]: nm-pptp-service-8741 log[callmgr_main:pptp_callmgr.c:234]: Closing connection (unhandled)
Jan 11 17:44:22 DEMON pptp[8761]: nm-pptp-service-8741 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Jan 11 17:44:22 DEMON pppd[8742]: Exit.
Jan 11 17:44:22 DEMON NetworkManager[7443]: <warn> VPN plugin failed: 1
Jan 11 17:44:22 DEMON pptp[8761]: nm-pptp-service-8741 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Jan 11 17:44:22 DEMON NetworkManager[7443]: <warn> VPN plugin failed: 1
Jan 11 17:44:22 DEMON NetworkManager[7443]: <info> VPN plugin state changed: stopped (6)
Jan 11 17:44:22 DEMON NetworkManager[7443]: <info> VPN plugin state change reason: 0
Jan 11 17:44:22 DEMON NetworkManager[7443]: <info> Policy set '4r@z31' (wlan0) as default for IPv4 routing and DNS.
Jan 11 17:44:22 DEMON NetworkManager[7443]: <warn> error disconnecting VPN: Could not process the request because no VPN connection was active.
Jan 11 17:44:23 DEMON vnstatd[1509]: Interface "ppp0" disabled.
Jan 11 17:44:28 DEMON NetworkManager[7443]: <info> VPN service 'pptp' disappeared

更新

通过禁用ufw解决了我的问题，请您帮我解决防火墙和VPN的这种冲突？

更新2

所以我尝试添加

-A ufw-before-input -p 47 -j ACCEPT
-A ufw-before-output -p 47 -j ACCEPT

成/etc/ufw/before.rules，但我的问题仍然存在。

这是由于内核3.18 [1]中出于安全原因的更改而引起的。有两种方法可以解决此问题。

第一种方法是将此规则添加到/etc/ufw/before.rules该行之前的文件中# drop INVALID packets ...

-A ufw-before-input -p 47 -j ACCEPT

第二种方法是手动加载nf_conntrack_pptp模块。您可以通过运行

sudo modprobe nf_conntrack_pptp

要在Ubuntu的每次启动时加载此模块，请将其添加到文件中/etc/modules。

对于较新版本的ufw，可以使用以下解决方案：

sudo ufw allow proto gre from [PPTP gateway IP address]
sudo systemctl restart ufw

添加nf_conntrack_pptp到/etc/modules-load.d/pptp.conf

一支班轮

echo nf_conntrack_pptp | sudo tee /etc/modules-load.d/pptp.conf

说明

接受的答案对我有用，尤其是第二个建议-加载nf_conntrack_pptp内核模块-而不是修改我的iptables防火墙。我的笔记本电脑防火墙未经修改。sudo ufw enable无一例外是干净的。但是我不喜欢/etc/modules手工编辑 ...将来的程序包升级可能会有冲突。/etc/modules-load.d/提供了一种升级友好且更易于自动化的方式来加载模块。

也可以看看

与/ etc / modules相对，在引导时是否存在用于加载模块的“ .d”目录？

离别镜头：请勿使用PPTP！

• https://www.schneier.com/cryptography/pptp/faq.html
• https://zh.wikipedia.org/wiki/点对点隧道协议
• http://www.howtogeek.com/211329/which-is-the-best-vpn-protocol-pptp-vs.-openvpn-vs.-l2tpipsec-vs.-sstp/

请尝试使用openvpn。