Linode 各机房速度测试
› http://www.linode.com/speedtest/
第一次在LINODE 上装PPTP VPN, 能登陆VPN,但上不了网,不知道什么情况,有懂的朋友帮忙看一下!
btwo · 2012-08-04 11:34:23 +08:00 · 6045 次点击这是一个创建于 4494 天前的主题,其中的信息可能已经有所发展或是发生改变。
PPP adapter VPN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.217.234
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.217.234
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
有点奇怪,默认的网关不应该是VPN的服务器IP吗?192.168.217.1?
iptables:
root@mail:/etc/init.d# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.9.0/24 anywhere
MASQUERADE all -- 192.168.217.0/24 anywhere
http://www.vpser.net/manage/linode-vps-pptp-vpn-howto.html 参考这篇文章做的!
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . . . . . : 00-53-45-00-00-00
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.217.234
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 192.168.217.234
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
有点奇怪,默认的网关不应该是VPN的服务器IP吗?192.168.217.1?
iptables:
root@mail:/etc/init.d# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 192.168.9.0/24 anywhere
MASQUERADE all -- 192.168.217.0/24 anywhere
http://www.vpser.net/manage/linode-vps-pptp-vpn-howto.html 参考这篇文章做的!
 |
1
ywencn 2012-08-04 12:03:18 +08:00  1
PPTP部分被墙,装个openVPN吧
|
 |
2
ratazzi 2012-08-04 12:09:56 +08:00 1
看下你本地路由器 MTU 是否太小,PPPoE 应该是 1492
|
 |
3
btwo OP HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip 下面有很多个MTU 都是1300 ,修改了十四号
@ratazzi |
 |
4
ivanlw 2012-08-04 12:21:03 +08:00 1
|
 |
5
eric_q 2012-08-04 12:23:03 +08:00 1
iptables 设置了 nat 了没
|
|
6
ratazzi 2012-08-04 12:36:06 +08:00 1
|
 |
7
terry0824 2012-08-04 12:39:53 +08:00 1
@ratazzi 但是能连上pptp但是上不去网的问题多半不是pptp被强吧?iptables设置不合适的可能性大一些。
|
|
8
ratazzi 2012-08-04 12:44:54 +08:00 1
|
|
9
terry0824 2012-08-04 14:34:55 +08:00 1
|
 |
10
jjgod 2012-08-04 16:41:15 +08:00 1
建议改用 L2TP over IPSec.
|
|
11
btwo OP 各位:有L2TP over IPSec 的安装教程吗?最好是已经验证过的,不是想吃现成的,实在是不想太折腾了!!谢谢各位了!
|
|
12
btwo OP PPTP的帐号 btwo/phoenix 主机是106.187.102.170
|
 |
13
donnior 2012-08-04 21:22:02 +08:00 1
@btwo 使用Linode上已有的stackscript,一键安装,这里有一个
http://www.linode.com/stackscripts/view/?StackScriptID=2660 |
|
14
donnior 2012-08-04 21:23:05 +08:00 2
还有,不要用8.8.8.8, 用8.8.4.4, 不然可能碰到能连上但是不能上网的诡异问题。
|
 |
15
lovejoy 2012-08-04 21:27:13 +08:00 1
我记得每次都要ssh运行下脚本
|
|
17
terry0824 2012-08-04 21:34:24 +08:00 2
刚用楼主提供的信息测试了一下,感觉pptp的问题也是楼主配置上可能有一些不正确的地方……具体不好说。至少我家的网络环境在使用其他地方的pptp服务时不会有问题,但用楼主的就确实是能连上但是不走数据
|
|
20
btwo OP @donnior
Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K3.4.2-linode44 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] ipsec_setup: Stopping Openswan IPsec... ipsec_setup: Starting Openswan IPsec U2.6.24/K3.4.2-linode44... Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K3.4.2-linode44 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] 自动脚本安装的结果, IPAD 连接不到服务器,晕了, 对了脚本中有几个包的地址失效了,需要网上找替换的地址! |
|
22
ratazzi 2012-08-04 22:51:24 +08:00
抓包发现,只有本地发往服务器的数据,服务器仅发送了 PPP LCP Echo Request
|
 |
23
lypdarling 2012-08-06 14:06:42 +08:00 1
POSTROUTING 链是否有问题?是否跟你的局域网是同一网段?
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to YOUR_SERVER_IP |
 |
24
grindsgears 2012-08-06 21:41:25 +08:00 1
修改配置文件/etc/sysctl.conf中的相应内容如下:
net.ipv4.ip_forward = 1 ‘配置iptables,可以把这个命令写入/etc/rc.local iptables -t nat -A POSTROUTING -o eth0 -s 192.168.92.0/24 -j MASQUERADE iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356 |
|
25
btwo OP @grindsgears 谢谢,已经检查 net.ipv4.ip_forward = 1
root@mail:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:47 ACCEPT tcp -- anywhere anywhere tcp dpt:1723 Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356 Chain OUTPUT (policy ACCEPT) target prot opt source destination 配置iptables 也做了,还是收到不包,能发送出去! |
|
26
btwo OP @lypdarling
你说的规则加上去也不行 root@mail:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:47 ACCEPT tcp -- anywhere anywhere tcp dpt:1723 Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356 Chain OUTPUT (policy ACCEPT) target prot opt source destination |
|
27
terry0824 2012-08-06 23:54:40 +08:00 1
楼主show一下/etc/pptpd.conf中没被注释掉的行吧,看看会不会有什么问题。另外需要注意一下就是在iptables中设置的子网也要与pptp中设置的子网保持一致,经常有教程中各种诡异,也有的时候是配置看一个教程,改iptables看一个教程,然后就配置的不对。
|
|
28
btwo OP ###############################################################################
# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $ # # Sample Poptop configuration file /etc/pptpd.conf # # Changes are effective when pptpd is restarted. ############################################################################### # TAG: ppp # Path to the pppd program, default '/usr/sbin/pppd' on Linux # #ppp /usr/sbin/pppd # TAG: option # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # option /etc/ppp/pptpd-options # TAG: debug # Turns on (more) debugging to syslog # debug # TAG: stimeout # Specifies timeout (in seconds) on starting ctrl connection # # stimeout 10 # TAG: noipparam # Suppress the passing of the client's IP address to PPP, which is # done by default otherwise. # #noipparam # TAG: logwtmp # Use wtmp(5) to record client connections and disconnections. # logwtmp # TAG: bcrelay <if> # Turns on broadcast relay to clients from interface <if> # #bcrelay eth1 # TAG: localip # TAG: remoteip # Specifies the local and remote IP address ranges. # # Any addresses work as long as the local machine takes care of the # routing. But if you want to use MS-Windows networking, you should # use IP addresses out of the LAN address space and use the proxyarp # option in the pppd options file, or run bcrelay. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # # (Recommended) localip 192.168.217.1 remoteip 192.168.217.234-238,192.168.217.245 # or #localip 192.168.0.234-238,192.168.0.245 #remoteip 192.168.1.234-238,192.168.1.245 |
 |
30
ljbha007 2012-08-08 15:57:42 +08:00 1
客户端配置问题 我也遇到过
pptpd默认没开加密的 你在客户端连接的时候一定要把类似“未加密也允许连接”的选项打钩 连接方式也要手动设置为pptp 以上纯属个人经验 |
 |
31
hyq 2012-08-08 16:00:58 +08:00 1
哥哥,你的子网掩码是4个255
|
|
33
hyq 2012-08-08 16:14:02 +08:00 2
iptables -P FORWARD ACCEPT
很有可能是FORWARD链的问题,我刚才在自己vps上验证过了 |
 |
35
wuhx 2012-08-08 18:58:26 +08:00 1
根据我上次折腾的经验,mac os的mtu配置会和一些wifi路由器不兼容,最后去路由器改了一下配置搞定,不知道是不是楼主的情况
|
|
39
btwo OP 晕,每次都是点箭头,我以为是感谢, 原来要点边上的链接啊!
所有回复的我都感谢一些,谢谢大家! |
 |
40
miao 2012-08-09 20:34:59 +08:00
搞这么复杂。。。 用ssh代理省事多了。
|
 |
42
yuanalexwu 2012-09-02 21:25:03 +08:00
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
|
 |
43
lisonic 2013-07-23 19:35:26 +08:00
我在win7上是正常的,而在 iPhone 上能连上不走数据是什么原因
|
Select Language