我正在尝试在运行 Ubuntu 18 的 EC2 实例上运行第三方 VPN(Hotspot Shield)。
当我运行 connect 命令时,Hotspot Shield 客户端出现错误。我已附上相应的系统日志。
我尝试使用另外两个 VPN(NordVPN 和 Wireguard),它们都导致我的 ubuntu 盒子在尝试创建连接时崩溃。
问题似乎出在我的 EC2 实例上,而不是客户端上。该实例当前允许所有入站和出站流量。
如能提供任何见解我们将不胜感激!
ubuntu@ip-172-31-38-208:~$ hotspotshield connect
can't establish VPN connection. Please check your system journals
ubuntu@ip-172-31-38-208:~$ sudo tail -f /var/log/syslog
May 29 01:48:34 ip-172-31-38-208 NetworkManager[864]: <info> [1590716914.5407] audit: op="device-managed" arg="managed:1" pid=3170 uid=1000 result="success"
May 29 01:48:34 ip-172-31-38-208 systemd-timesyncd[604]: Network configuration changed, trying to establish connection.
May 29 01:48:34 ip-172-31-38-208 networkd-dispatcher[854]: WARNING:Unknown index 3 seen, reloading interface list
May 29 01:48:34 ip-172-31-38-208 systemd-timesyncd[604]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
May 29 01:48:38 ip-172-31-38-208 hotspotshield[3170]: nm_wait_for_device: it was not possible to activate hss0 device. Please make sure NetworkManager is running and it's the current system network renderer
May 29 01:48:38 ip-172-31-38-208 systemd-timesyncd[604]: Network configuration changed, trying to establish connection.
May 29 01:48:38 ip-172-31-38-208 hotspotshield[3170]: linux_cm_new: linux_tun_new
May 29 01:48:38 ip-172-31-38-208 hotspotshield[3170]: CM: failed to start connectivity module
May 29 01:48:38 ip-172-31-38-208 NetworkManager[864]: <info> [1590716918.1779] devices removed (path: /sys/devices/virtual/net/hss0, iface: hss0)
May 29 01:48:38 ip-172-31-38-208 systemd-timesyncd[604]: Synchronized to time server 91.189.91.157:123 (ntp.ubuntu.com).
输出cat /etc/network/interfaces:
# ifupdown has been replaced by netplan(5) on this system. See
# /etc/netplan for current configuration.
# To re-enable ifupdown on this system, you can run:
# sudo apt install ifupdown
当我使用 apt 安装时,ifupdown 显示为当前版本
输出cat /etc/netplan/*.yaml.:
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
ethernets:
eth0:
dhcp4: true
match:
macaddress: 06:bf:0c:4a:a5:d6
set-name: eth0
我实施了@hyennama 建议的更改,但不幸的是,它没有起到作用。实施后,尝试连接时,系统日志显示:
ubuntu@ip-172-31-21-28:~$ hotspotshield connect
can't establish VPN connection. Please check your system journals
ubuntu@ip-172-31-21-28:~$ sudo tail -f /var/log/syslog
May 31 23:12:00 ip-172-31-21-28 systemd-timesyncd[579]: Network configuration changed, trying to establish connection.
May 31 23:12:00 ip-172-31-21-28 networkd-dispatcher[841]: WARNING:Unknown index 6 seen, reloading interface list
May 31 23:12:00 ip-172-31-21-28 NetworkManager[877]: <info> [1590966720.2418] audit: op="device-managed" arg="managed:1" pid=1576 uid=1000 result="success"
May 31 23:12:00 ip-172-31-21-28 systemd-timesyncd[579]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
May 31 23:12:04 ip-172-31-21-28 hotspotshield[1576]: nm_wait_for_device: it was not possible to activate hss0 device. Please make sure NetworkManager is running and it's the current system network renderer
May 31 23:12:04 ip-172-31-21-28 systemd-timesyncd[579]: Network configuration changed, trying to establish connection.
May 31 23:12:04 ip-172-31-21-28 NetworkManager[877]: <info> [1590966724.0845] devices removed (path: /sys/devices/virtual/net/hss0, iface: hss0)
May 31 23:12:04 ip-172-31-21-28 hotspotshield[1576]: linux_cm_new: linux_tun_new
May 31 23:12:04 ip-172-31-21-28 hotspotshield[1576]: CM: failed to start connectivity module
May 31 23:12:04 ip-172-31-21-28 systemd-timesyncd[579]: Synchronized to time server 91.189.94.4:123 (ntp.ubuntu.com).
调试日志显示:
ubuntu@ip-172-31-21-28:/etc/netplan$ sudo netplan --debug generate
DEBUG:command generate: running ['/lib/netplan/generate']
** (generate:1617): DEBUG: 23:13:19.545: Processing input file /etc/netplan/50-cloud-init.yaml..
** (generate:1617): DEBUG: 23:13:19.545: starting new processing pass
** (generate:1617): DEBUG: 23:13:19.545: We have some netdefs, pass them through a final round of validation
** (generate:1617): DEBUG: 23:13:19.545: br0: setting default backend to 1
** (generate:1617): DEBUG: 23:13:19.545: Configuration is valid
** (generate:1617): DEBUG: 23:13:19.546: eth0: setting default backend to 1
** (generate:1617): DEBUG: 23:13:19.546: Configuration is valid
** (generate:1617): DEBUG: 23:13:19.546: Generating output files..
** (generate:1617): DEBUG: 23:13:19.546: NetworkManager: definition eth0 is not for us (backend 1)
** (generate:1617): DEBUG: 23:13:19.546: NetworkManager: definition br0 is not for us (backend 1)
输出ifconfig:
ubuntu@ip-172-31-21-28:~$ ifconfig
as0t0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.27.224.1 netmask 255.255.248.0 destination 172.27.224.1
inet6 fe80::d062:c8f4:acd2:4007 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 200 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
as0t1: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 172.27.232.1 netmask 255.255.248.0 destination 172.27.232.1
inet6 fe80::6444:cb31:f77d:a263 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 200 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 432 (432.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9001
inet 172.31.21.28 netmask 255.255.240.0 broadcast 172.31.31.255
inet6 fe80::4bf:cff:fe4a:a5d6 prefixlen 64 scopeid 0x20<link>
ether 06:bf:0c:4a:a5:d6 txqueuelen 1000 (Ethernet)
RX packets 829 bytes 110235 (110.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 752 bytes 122774 (122.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 06:bf:0c:4a:a5:d6 txqueuelen 1000 (Ethernet)
RX packets 1115 bytes 161707 (161.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1145 bytes 168052 (168.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 164 bytes 15789 (15.7 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 164 bytes 15789 (15.7 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
输出ip a:
ubuntu@ip-172-31-21-28:~$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 06:bf:0c:4a:a5:d6 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc noqueue state UP group default qlen 1000
link/ether 06:bf:0c:4a:a5:d6 brd ff:ff:ff:ff:ff:ff
inet 172.31.21.28/20 brd 172.31.31.255 scope global dynamic br0
valid_lft 2171sec preferred_lft 2171sec
inet6 fe80::4bf:cff:fe4a:a5d6/64 scope link
valid_lft forever preferred_lft forever
5: as0t0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 200
link/none
inet 172.27.224.1/21 brd 172.27.231.255 scope global as0t0
valid_lft forever preferred_lft forever
inet6 fe80::d062:c8f4:acd2:4007/64 scope link stable-privacy
valid_lft forever preferred_lft forever
6: as0t1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 200
link/none
inet 172.27.232.1/21 brd 172.27.239.255 scope global as0t1
valid_lft forever preferred_lft forever
inet6 fe80::6444:cb31:f77d:a263/64 scope link stable-privacy
valid_lft forever preferred_lft forever
答案1
Amazon AWS EC2 需要桥接输入。您的 /etc/netplan/*.yaml 中未显示此信息。
这是一个新的 .yaml,可能可以替代你的...
笔记:保存当前 .yaml 的副本,以防我们需要返回。
# This file is generated from information provided by the datasource. Changes
# to it will not persist across an instance reboot. To disable cloud-init's
# network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
version: 2
renderer: networkd
ethernets:
eth0:
match:
macaddress: 06:bf:0c:4a:a5:d6
set-name: eth0
bridges:
br0:
dhcp4: true
macaddress: 06:bf:0c:4a:a5:d6
interfaces:
- eth0
sudo netplan --debug generate
sudo netplan apply
reboot# 强制的
现在尝试让您的 VPN 正常工作。