我正在尝试使用 pptpd 设置 VPN 服务器,但无法确定应该将哪个范围的 IP 地址传递给它的远程IP配置选项。我可以顺利连接到 VPN,但当我尝试使用该连接发出请求时,它无法解析。
这是我的pptpd.conf文件:
###############################################################################
# $Id$
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################
# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options
# TAG: debug
# Turns on (more) debugging to syslog
#
debug
# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam
# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.170-180,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
# Use Google's DNS
ms-dns 8.8.8.8
ms-dns 8.8.4.4
我尝试跟随本教程。
当我连接到 VPN,然后尝试时ping,我收到以下信息:
$ ping google.com
ping: cannot resolve google.com: Unknown host
答案1
首先,我建议你放弃 PPTP可证明地不安全,不应依赖它来保护隐私,根据客户端系统的网络环境/限制将其替换为 OpenVPN 或 IPsec。
了解了这一点,如果您希望继续使用 PPTP:
尝试 ping 8.8.8.8 以排除 DNS 问题。
如果这不起作用(并且如果你通过 VPN 转发所有流量,这是一个客户选项),您可能没有在 pptp 服务器的 linux(我在这里假设)内核中启用 IPv4 转发。
立即执行:
# sysctl -w net.ipv4.ip_forward=1
然后,为了使该配置永久生效,编辑 /etc/sysctl.conf 并找到引用 net.ipv4.ip_forward 的部分并取消注释(删除行首的 #)。
如果您有任何防火墙规则,请检查它们是否允许伪装/NAT 流量。
答案2
Ubuntu 的软件包pptpd仅支持 i386 架构 – 我使用的是 x86 版本的 Ubuntu。