第一次在LINODE 上装PPTP VPN，能登陆VPN，但上不了网，不知道什么情况，有懂的朋友帮忙看一下！

ratazzi

2012-08-04 22:26:29 +08:00

@btwo 确实是服务器的配置问题，可以连接，但是上网都是超时

ratazzi

2012-08-04 22:51:24 +08:00

抓包发现，只有本地发往服务器的数据，服务器仅发送了 PPP LCP Echo Request

lypdarling

2012-08-06 14:06:42 +08:00

POSTROUTING 链是否有问题？是否跟你的局域网是同一网段？
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to YOUR_SERVER_IP

grindsgears

2012-08-06 21:41:25 +08:00

修改配置文件/etc/sysctl.conf中的相应内容如下：

net.ipv4.ip_forward = 1
‘配置iptables，可以把这个命令写入/etc/rc.local

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.92.0/24 -j MASQUERADE
iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356

btwo

2012-08-06 22:30:44 +08:00

@grindsgears 谢谢，已经检查 net.ipv4.ip_forward = 1

root@mail:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:47
ACCEPT tcp -- anywhere anywhere tcp dpt:1723

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

配置iptables 也做了，还是收到不包，能发送出去！

btwo

2012-08-06 22:33:38 +08:00

@lypdarling

你说的规则加上去也不行

root@mail:~# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:47
ACCEPT tcp -- anywhere anywhere tcp dpt:1723

Chain FORWARD (policy DROP)
target prot opt source destination
TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

terry0824

2012-08-06 23:54:40 +08:00

楼主show一下/etc/pptpd.conf中没被注释掉的行吧，看看会不会有什么问题。另外需要注意一下就是在iptables中设置的子网也要与pptp中设置的子网保持一致，经常有教程中各种诡异，也有的时候是配置看一个教程，改iptables看一个教程，然后就配置的不对。

btwo

2012-08-08 15:18:57 +08:00

###############################################################################
# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################

# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options

# TAG: debug
# Turns on (more) debugging to syslog
#
debug

# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam

# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp

# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1

# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
localip 192.168.217.1
remoteip 192.168.217.234-238,192.168.217.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

btwo

2012-08-08 15:20:42 +08:00

@terry0824 又检查了一次

ljbha007

2012-08-08 15:57:42 +08:00

客户端配置问题我也遇到过
pptpd默认没开加密的你在客户端连接的时候一定要把类似“未加密也允许连接”的选项打钩连接方式也要手动设置为pptp

以上纯属个人经验

hyq

2012-08-08 16:00:58 +08:00

哥哥，你的子网掩码是4个255

hyq

2012-08-08 16:05:05 +08:00

@hyq 自己掌嘴，我自己的也是4个255，能上……

hyq

2012-08-08 16:14:02 +08:00

iptables -P FORWARD ACCEPT
很有可能是FORWARD链的问题，我刚才在自己vps上验证过了

btwo

2012-08-08 18:04:44 +08:00

@hyq FORWARD链要改成什么呢？其实我一直纠结出了这样的问题该怎么找问题，确定问题！

再次感谢所有回复的朋友！

wuhx

2012-08-08 18:58:26 +08:00

根据我上次折腾的经验,mac os的mtu配置会和一些wifi路由器不兼容,最后去路由器改了一下配置搞定,不知道是不是楼主的情况

hyq

2012-08-08 20:34:33 +08:00

@btwo 就运行一下
iptables -P FORWARD ACCEPT

btwo

2012-08-09 17:39:26 +08:00

@hyq 确实是这个问题，搞定了，谢谢！！！！！！！！！再次感谢！！！！！

hyq

2012-08-09 17:53:07 +08:00

@btwo 咋不感谢我呢，我都用了那么多铜币了

btwo

2012-08-09 17:55:04 +08:00

晕，每次都是点箭头，我以为是感谢，原来要点边上的链接啊！

所有回复的我都感谢一些，谢谢大家！

miao

2012-08-09 20:34:59 +08:00

搞这么复杂。。。用ssh代理省事多了。

第一次在LINODE 上装PPTP VPN， 能登陆VPN，但上不了网，不知道什么情况，有懂的朋友帮忙看一下！

第一次在LINODE 上装PPTP VPN，能登陆VPN，但上不了网，不知道什么情况，有懂的朋友帮忙看一下！