我已经在AWS Ubuntu 14.04.1 LTS VPS上安装了一个VPN server 。 而且我在我的Win7 client PC的服务器上添加了NAT 。 连接到该VPN ,我无法访问任何网站。 但是我可以从我的Win7 client PC ping google.com 。 当我inputnslookup google.com时,nslookup运行良好。
我做了VPN and NAT setup的以下步骤:
安装必要的软件包
sudo aptitude install ppp pptpd iptables
在服务器上configuration了PPTP IP ranges
sudo vim /etc/pptpd.conf localip 192.168.100.1 remoteip 192.168.100.1-199
已configuration的DNS servers在客户端连接到此PPTP server
sudo vim /etc/ppp/pptpd-options ms-dns 8.8.8.8 ms-dns 8.8.4.4
添加了一个testing帐户
sudo vim /etc/ppp/chap-secrets # client server secret IP addresses test pptpd abcd1234 *
增加了iptables rule
sudo vim /etc/rc.local sudo iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j MASQUERADE
启用IPv4 forwading
sudo vim /etc/sysctl.conf net.ipv4.ip_forward=1
重新加载configuration
sudo sysctl -p
重新启动服务器
sudo reboot
以下是VPN连接build立时PPTPD和PPPD的日志:
Dec 26 02:20:45 ip-172-31-14-72 pptpd[1225]: CTRL: Client 183.62.136.251 control connection started Dec 26 02:20:45 ip-172-31-14-72 pptpd[1225]: CTRL: Starting call (launching pppd, opening GRE) Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded. Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: pptpd-logwtmp: $Version$ Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: pppd 2.4.5 started by root, uid 0 Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: using channel 1 Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: Using interface ppp0 Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: Connect: ppp0 <--> /dev/pts/1 Dec 26 02:20:45 ip-172-31-14-72 pppd[1226]: sent [LCP ConfReq id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x893bee97> <pcomp> <accomp>] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP ConfReq id=0x0 <mru 1400> <magic 0x79ad5454> <pcomp> <accomp> <callback CBCP>] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [LCP ConfRej id=0x0 <callback CBCP>] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <auth chap MS-v2> <magic 0x893bee97> <pcomp> <accomp>] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP ConfReq id=0x1 <mru 1400> <magic 0x79ad5454> <pcomp> <accomp>] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [LCP ConfAck id=0x1 <mru 1400> <magic 0x79ad5454> <pcomp> <accomp>] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [LCP EchoReq id=0x0 magic=0x893bee97] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [CHAP Challenge id=0x75 <a27aa8aa1ca5bb9e4f326ff8ea59b781>, name = "pptpd"] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP Ident id=0x2 magic=0x79ad5454 "MSRASV5.20"] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP Ident id=0x3 magic=0x79ad5454 "MSRAS-0-PC201404170414"] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP Ident id=0x4 magic=0x79ad5454 "\010w\377777777774\37777777607\37777777651\37777777676H\37777777667\37777777737\006\37777777665\017\37777777777\37777777652\37777777655"] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [LCP EchoRep id=0x0 magic=0x79ad5454] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: rcvd [CHAP Response id=0x75 <0a403b0e014f3edabcf7ae41b863f2ad0000000000000000cfe4bbbd236c21274289fc6a6db9383acad0868e955e08f900>, name = "mtc"] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [CHAP Success id=0x75 "S=B4CF7D2F19305CFC72BE10F163487851E9DE8F80 M=Access granted"] Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: peer from calling number 183.62.136.251 authorized Dec 26 02:20:46 ip-172-31-14-72 pppd[1226]: sent [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>] Dec 26 02:20:46 ip-172-31-14-72 kernel: [7682099.701630] PPP MPPE Compression module registered Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [IPV6CP ConfReq id=0x5 <addr fe80::50b0:7670:15ae:d6f4>] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: Unsupported protocol 'IPv6 Control Protocol' (0x8057) received Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [LCP ProtRej id=0x2 80 57 01 05 00 0e 01 0a 50 b0 76 70 15 ae d6 f4] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [CCP ConfReq id=0x6 <mppe +H -M +S -L -D -C>] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [CCP ConfAck id=0x6 <mppe +H -M +S -L -D -C>] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0x7 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [IPCP TermAck id=0x7] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [CCP ConfAck id=0x1 <mppe +H -M +S -L -D -C>] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: MPPE 128-bit stateless compression enabled Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfReq id=0x1 <addr 192.168.100.1>] Dec 26 02:20:47 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfAck id=0x1 <addr 192.168.100.1>] Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0x8 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-wins 0.0.0.0> <ms-dns2 0.0.0.0> <ms-wins 0.0.0.0>] Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfRej id=0x8 <ms-wins 0.0.0.0> <ms-wins 0.0.0.0>] Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0x9 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>] Dec 26 02:20:48 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfNak id=0x9 <addr 192.168.100.100> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>] Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: rcvd [IPCP ConfReq id=0xa <addr 192.168.100.100> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>] Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: sent [IPCP ConfAck id=0xa <addr 192.168.100.100> <ms-dns1 8.8.8.8> <ms-dns2 8.8.4.4>] Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: Cannot determine ethernet address for proxy ARP Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: local IP address 192.168.100.1 Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: remote IP address 192.168.100.100 Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: pptpd-logwtmp.so ip-up ppp0 mtc 183.62.136.251 Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: Script /etc/ppp/ip-up started (pid 1252) Dec 26 02:20:49 ip-172-31-14-72 pppd[1226]: Script /etc/ppp/ip-up finished (pid 1252), status = 0x0
从EC2pipe理控制台重新启动VPS后,VPS又得到了一个新的公共IP地址,这个问题就解决了。 这很奇怪。 我认为这涉及到AWS复杂的networking设置。