0

我已经使用 AWS EC2 在 CentOS 7 上安装了 pptpd,我可以使用 windows 客户端连接到 vpn,但是我无法访问互联网,而服务器可以完全访问互联网。在 pptpd 日志中,我注意到错误“无法确定代理 ARP 的以太网地址”。

我已将 /etc/ppp/options.pptpd 中的 dns 更改如下:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

我还在 /etc/ppp/chap-secrets 中创建了用户,客户端可以毫无问题地连接(但无法访问互联网。)

我还在 /etc/sysctl.conf 中启用了 IP 转发

net.ipv4.ip_forward = 1

并执行此命令:

sudo sysctl -p

我在 /etc/pptpd.conf 中更改了本地和远程 IP,如下所示:

localip 192.168.10.1
remoteip 192.168.20.10-100

我为 IP 伪装配置了防火墙:

sudo iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE

这是 ifconfig 结果:

ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
    inet 172.31.28.246  netmask 255.255.240.0  broadcast 172.31.31.255
    inet6 fe80::4e6:11ff:fed8:bb4a  prefixlen 64  scopeid 0x20<link>
    ether 06:e6:11:d8:bb:4a  txqueuelen 1000  (Ethernet)
    RX packets 3668  bytes 347939 (339.7 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 3111  bytes 385009 (375.9 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Local Loopback)
    RX packets 6  bytes 416 (416.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 6  bytes 416 (416.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1396
    inet 192.168.10.1  netmask 255.255.255.255  destination 192.168.20.10
    ppp  txqueuelen 3  (Point-to-Point Protocol)
    RX packets 40  bytes 3158 (3.0 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 8  bytes 104 (104.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

这是 pptpd 状态(我可以成功连接到 VPN,但无法访问互联网):

[root@ip-172-31-28-246 ~]# systemctl status pptpd
● pptpd.service - PoPToP Point to Point Tunneling Server
   Loaded: loaded (/usr/lib/systemd/system/pptpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-08-22 09:24:41 UTC; 2min 9s ago
 Main PID: 1476 (pptpd)
   CGroup: /system.slice/pptpd.service
       ├─1476 /usr/sbin/pptpd -f
       ├─1505 pptpd [171.213.14.133:ED5A - 0000]
       └─1506 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 192.168.10.1:192.168.20.10 ipparam 171.213.14.133 plugin /usr/lib64/pptpd/pptpd-logwtmp.so pptpd-original-ip 171.213.14.133 remote...

Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pptpd[1505]: CTRL: Starting call (launching pppd, opening GRE)
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: pppd 2.4.5 started by root, uid 0
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Using interface ppp0
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Connect: ppp0 <--> /dev/pts/1
Aug 22 09:25:32 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: peer from calling number 171.213.14.133 authorized
Aug 22 09:25:32 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: MPPE 128-bit stateless compression enabled
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Cannot determine ethernet address for proxy ARP
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: local  IP address 192.168.10.1
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: remote IP address 192.168.20.10
4

0 回答 0