无法通过 PPTP VPN 访问网站

tag-icon tag-icon ubuntu vpn
无法通过 PPTP VPN 访问网站

VPN server我已经在 上设置了AWS Ubuntu 14.04.1 LTS VPS。并且我NAT在 服务器上添加了我的Win7 client PC。连接到该服务器后VPN,我无法访问任何网站。但我可以google.com从我的ping Win7 client PC。当我输入 时,nslookup 运行良好nslookup google.com

我执行了以下步骤VPN and NAT setup

安装必要的软件包

sudo aptitude install ppp pptpd iptables

PPTP IP ranges在服务器上配置

sudo vim /etc/pptpd.conf

localip 192.168.100.1
remoteip 192.168.100.1-199

配置DNS servers为在客户端连接到此PPTP server

sudo vim /etc/ppp/pptpd-options

ms-dns 8.8.8.8
ms-dns 8.8.4.4

添加测试账户

sudo vim /etc/ppp/chap-secrets

# client    server  secret          IP addresses
test    pptpd   abcd1234    *

添加iptables rule

sudo vim /etc/rc.local
sudo iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE

已启用IPv4 forwading

sudo vim /etc/sysctl.conf

net.ipv4.ip_forward=1

重新加载配置

sudo sysctl -p

重启服务器

sudo reboot

以下是 VPN 连接建立时 PPTPD 和 PPPD 的日志:

Dec 26 02:20:45 ip-172-31-14-72 pptpd[1225]: CTRL: Client 183.62.136.251 control connection started
Dec 26 02:20:45 ip-172-31-14-72 pptpd[1225]: CTRL: Starting call (launching pppd, opening GRE)
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: pptpd-logwtmp: $Version$
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: pppd 2.4.5 started by root, uid 0
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: using channel 1
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: Using interface ppp0
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: Connect: ppp0 <--> /dev/pts/1
Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x893bee97> <pcomp> <accomp>]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x79ad5454> <pcomp> <accomp> <callback CBCP>]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [LCP ConfRej id=0x0 <callback CBCP>]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x893bee97> <pcomp> <accomp>]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x79ad5454> <pcomp> <accomp>]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x79ad5454> <pcomp> <accomp>]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [LCP EchoReq id=0x0 magic=0x893bee97]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [CHAP Challenge id=0x75 <a27aa8aa1ca5bb9e4f326ff8ea59b781>, name = "pptpd"]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP Ident id=0x2 magic=0x79ad5454 "MSRASV5.20"]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP Ident id=0x3 magic=0x79ad5454 "MSRAS-0-PC201404170414"]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP Ident id=0x4 magic=0x79ad5454 "\010w\377777777774\37777777607\37777777651\37777777676H\37777777667\37777777737\006\37777777665\017\37777777777\37777777652\37777777655"]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP EchoRep id=0x0 magic=0x79ad5454]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [CHAP Response id=0x75 <0a403b0e014f3edabcf7ae41b863f2ad0000000000000000cfe4bbbd236c21274289fc6a6db9383acad0868e955e08f900>, name = "mtc"]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [CHAP Success id=0x75 "S=B4CF7D2F19305CFC72BE10F163487851E9DE8F80 M=Access granted"]
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: peer from calling number 183.62.136.251 authorized
Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]
Dec 26 02:20:46 ip-172-31-14-72 kernel: [7682099.701630] PPP MPPE Compression module registered
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [IPV6CP ConfReq id=0x5 <addr fe80::50b0:7670:15ae:d6f4>]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [LCP ProtRej id=0x2 80 57 01 05 00 0e 01 0a 50 b0 76 70 15 ae d6 f4]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [IPCP TermAck id=0x7]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: MPPE 128-bit stateless compression enabled
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfReq id=0x1 <addr 192.168.100.1>]
Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.100.1>]
Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfRej id=0x8 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>]
Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0x9 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfNak id=0x9 <addr 192.168.100.100> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>]
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0xa <addr 192.168.100.100> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>]
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfAck id=0xa <addr 192.168.100.100> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>]
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: Cannot determine ethernet address for proxy ARP
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: local  IP address 192.168.100.1
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: remote IP address 192.168.100.100
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: pptpd-logwtmp.so ip-up ppp0 mtc 183.62.136.251
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: Script /etc/ppp/ip-up started (pid 1252)
Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: Script /etc/ppp/ip-up finished (pid 1252), status = 0x0

答案1

我从 EC2 管理控制台重新启动 VPS 后,VPS 获得了另一个新的公共 IP,然后问题就解决了。这很奇怪。我认为这与 AWS 复杂的网络设置有关。

相关内容