PPTPD centos7 install problem fix

按照网上的教程，在一台centos７上安装完ＰＰＴＰ　ＶＰＮ服务器之后，ＩＯＳ一直报错，连不上，查看ＶＡＲ　ＬＯＧ　ＭＥＳＳＡＧＥＳ发现报如下错误：
Aug 4 16:05:04 oltsvr pptpd[15707]: CTRL: Client 112.17.247.42 control connection started
Aug 4 16:05:04 oltsvr pptpd[15707]: CTRL: Starting call (launching pppd, opening GRE)
Aug 4 16:05:05 oltsvr kernel: conntrack: generic helper won’t handle protocol 47. Please consider loading the specific helper module.
Aug 4 16:05:05 oltsvr pppd[15708]: /usr/lib/pptpd/pptpd-logwtmp.so: wrong ELF class: ELFCLASS32
Aug 4 16:05:05 oltsvr pppd[15708]: Couldn’t load plugin /usr/lib/pptpd/pptpd-logwtmp.so
Aug 4 16:05:05 oltsvr pptpd[15707]: GRE: read(fd=6,buffer=8059680,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug 4 16:05:05 oltsvr pptpd[15707]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug 4 16:05:05 oltsvr pptpd[15707]: CTRL: Client 112.17.247.42 control connection finished

后来，修改了/etc/pptpd.conf
将logwtmp这一行去掉就ＯＫ了。

成功的日志如下：

Aug 5 10:05:44 oltsvr pptpd[42095]: CTRL: Client 112.17.247.42 control connection started
Aug 5 10:05:44 oltsvr pptpd[42095]: CTRL: Starting call (launching pppd, opening GRE)
Aug 5 10:05:44 oltsvr kernel: PPP generic driver version 2.4.2
Aug 5 10:05:44 oltsvr pppd[42096]: pppd 2.4.5 started by root, uid 0
Aug 5 10:05:44 oltsvr pppd[42096]: Using interface ppp0
Aug 5 10:05:44 oltsvr pppd[42096]: Connect: ppp0 <–> /dev/pts/4
Aug 5 10:05:44 oltsvr NetworkManager[1274]: (ppp0): new Generic device (carrier: UNKNOWN, driver: ‘unknown’, ifindex: 8)

Aug 5 10:05:47 oltsvr kernel: PPP MPPE Compression module registered
Aug 5 10:05:47 oltsvr pppd[42096]: MPPE 128-bit stateless compression enabled
Aug 5 10:05:47 oltsvr pppd[42096]: Cannot determine ethernet address for proxy ARP
Aug 5 10:05:47 oltsvr pppd[42096]: local IP address 10.12.2.100
Aug 5 10:05:47 oltsvr pppd[42096]: remote IP address 10.12.2.101
Aug 5 10:05:47 oltsvr NetworkManager[1274]: keyfile: add connection in-memory (5fa4eb7b-1f2f-4ea4-9374-024a1561e71f,”ppp0”)
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: unmanaged -> unavailable (reason ‘connection-assumed’) [10 20 41]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: unavailable -> disconnected (reason ‘connection-assumed’) [20 30 41]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): Activation: starting connection ‘ppp0’ (5fa4eb7b-1f2f-4ea4-9374-024a1561e71f)
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: disconnected -> prepare (reason ‘none’) [30 40 0]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: prepare -> config (reason ‘none’) [40 50 0]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: config -> ip-config (reason ‘none’) [50 70 0]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: ip-config -> ip-check (reason ‘none’) [70 80 0]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: ip-check -> secondaries (reason ‘none’) [80 90 0]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): device state change: secondaries -> activated (reason ‘none’) [90 100 0]
Aug 5 10:05:47 oltsvr NetworkManager[1274]: (ppp0): Activation: successful, device activated.
Aug 5 10:05:47 oltsvr dbus-daemon: dbus[1199]: [system] Activating via systemd: service name=’org.freedesktop.nm_dispatcher’ unit=’dbus-org.freedesktop.nm-dispatcher.service’
Aug 5 10:05:47 oltsvr dbus[1199]: [system] Activating via systemd: service name=’org.freedesktop.nm_dispatcher’ unit=’dbus-org.freedesktop.nm-dispatcher.service’

Aug 5 10:05:47 oltsvr systemd: Starting Network Manager Script Dispatcher Service…
Aug 5 10:05:47 oltsvr dbus[1199]: [system] Successfully activated service ‘org.freedesktop.nm_dispatcher’
Aug 5 10:05:47 oltsvr systemd: Started Network Manager Script Dispatcher Service.
Aug 5 10:05:47 oltsvr dbus-daemon: dbus[1199]: [system] Successfully activated service ‘org.freedesktop.nm_dispatcher’
Aug 5 10:05:47 oltsvr nm-dispatcher: Dispatching action ‘up’ for ppp0
Aug 5 10:05:47 oltsvr systemd: Unit iscsi.service cannot be reloaded because it is inactive.
Aug 5 10:05:47 oltsvr systemd: Stopping Sendmail Mail Transport Client…
Aug 5 10:05:47 oltsvr systemd: Stopping Sendmail Mail Transport Agent…
Aug 5 10:05:47 oltsvr systemd: Starting Sendmail Mail Transport Agent…

这里总结一下几点：
１、内核不需要重新编译，日志中报告的连接跟踪　ＧＲＥ问题可以忽略，只有做ＰＰＴＰＤ　ＡＬＧ时才需要重编译内核。
２、ＰＰＴＰＤ的启动通过ＳＹＳＴＥＭＣＴＬ　ＲＥＳＴＡＲＴ　ＰＰＴＰＤ.ＳＥＲＶＩＣＥ重启或停止。
3、通过ＦＩＲＥＷＡＬＬ－ＣＭＤ来设置防火墙，注意ＲＥＬＯＡＤ。

firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -i eth0 -p tcp --dport 1723 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter POSTROUTING 0 -t nat -o enp7s0f2 -j MASQUERADE  
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i ppp+ -o eth0 -j ACCEPT  
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i enp7s0f2 -o ppp+ -j ACCEPT

FAQ:
１、IOS拔号时提示通信中断
因为logwtmp与ＰＰＰ冲突，去掉

２、能拔号成功，但路由不通，只能到达ＰＰＴＰＤ这台ＣＥＮＴＯＳ服务器，其他地方都到达不了
ＴＣＰＤＵＭＰ　－Ｉ　ＰＰＰ０捕包看，第一个ＳＹＮ连接就被回复ＩＣＭＰ不可达。
原因是防火墙拦住了，-o eth0配错，应该是我的enp7s0f1接口名：
firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -i ppp+ -o enp7s0f1 -j ACCEPT

3、能到达内网，但ＩＮＴＥＲＮＥＴ网又不通。
还是防火墙拦了，再加一个出接口许可规则。只要从外网接口ＥＮＰ７Ｓ０Ｆ２出去的就允许。
firewall-cmd –permanent –direct –add-rule ipv4 filter FORWARD 0 -i ppp+ -o enp7s0f2 -j ACCEPT

备注：
我的路由表：

[root@oltsvr ~]#  ip r
default via 218.75.33.25 dev enp7s0f2 
10.7.0.0/16 via 10.7.100.1 dev enp7s0f1 
10.7.100.0/24 dev enp7s0f1  proto kernel  scope link  src 10.7.100.234  metric 100 
10.11.0.0/16 via 10.7.100.1 dev enp7s0f1 
10.12.0.0/16 via 10.7.100.1 dev enp7s0f1 
10.13.0.0/16 via 10.7.100.1 dev enp7s0f1 
10.14.0.0/16 via 10.7.100.1 dev enp7s0f1 
192.168.100.1 dev ppp0  proto kernel  scope link  src 192.168.10.1 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1 
218.75.33.24/29 dev enp7s0f2  proto kernel  scope link  src 218.75.33.29