1
ywencn 2012-08-04 12:03:18 +08:00 1
PPTP部分被墙,装个openVPN吧
|
2
ratazzi 2012-08-04 12:09:56 +08:00 1
看下你本地路由器 MTU 是否太小,PPPoE 应该是 1492
|
3
btwo OP HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services/Tcpip 下面有很多个MTU 都是1300 ,修改了十四号
@ratazzi |
4
ivanlw 2012-08-04 12:21:03 +08:00 1
|
5
eric_q 2012-08-04 12:23:03 +08:00 1
iptables 设置了 nat 了没
|
6
ratazzi 2012-08-04 12:36:06 +08:00 1
|
7
terry0824 2012-08-04 12:39:53 +08:00 1
@ratazzi 但是能连上pptp但是上不去网的问题多半不是pptp被强吧?iptables设置不合适的可能性大一些。
|
8
ratazzi 2012-08-04 12:44:54 +08:00 1
|
9
terry0824 2012-08-04 14:34:55 +08:00 1
|
10
jjgod 2012-08-04 16:41:15 +08:00 1
建议改用 L2TP over IPSec.
|
11
btwo OP 各位:有L2TP over IPSec 的安装教程吗?最好是已经验证过的,不是想吃现成的,实在是不想太折腾了!!谢谢各位了!
|
12
btwo OP PPTP的帐号 btwo/phoenix 主机是106.187.102.170
|
13
donnior 2012-08-04 21:22:02 +08:00 1
@btwo 使用Linode上已有的stackscript,一键安装,这里有一个
http://www.linode.com/stackscripts/view/?StackScriptID=2660 |
14
donnior 2012-08-04 21:23:05 +08:00 2
还有,不要用8.8.8.8, 用8.8.4.4, 不然可能碰到能连上但是不能上网的诡异问题。
|
15
lovejoy 2012-08-04 21:27:13 +08:00 1
我记得每次都要ssh运行下脚本
|
17
terry0824 2012-08-04 21:34:24 +08:00 2
刚用楼主提供的信息测试了一下,感觉pptp的问题也是楼主配置上可能有一些不正确的地方……具体不好说。至少我家的网络环境在使用其他地方的pptp服务时不会有问题,但用楼主的就确实是能连上但是不走数据
|
20
btwo OP @donnior
Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K3.4.2-linode44 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] ipsec_setup: Stopping Openswan IPsec... ipsec_setup: Starting Openswan IPsec U2.6.24/K3.4.2-linode44... Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.24/K3.4.2-linode44 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] 自动脚本安装的结果, IPAD 连接不到服务器,晕了, 对了脚本中有几个包的地址失效了,需要网上找替换的地址! |
22
ratazzi 2012-08-04 22:51:24 +08:00
抓包发现,只有本地发往服务器的数据,服务器仅发送了 PPP LCP Echo Request
|
23
lypdarling 2012-08-06 14:06:42 +08:00 1
POSTROUTING 链是否有问题?是否跟你的局域网是同一网段?
iptables -F iptables -t nat -F iptables -t mangle -F iptables -X iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j SNAT --to YOUR_SERVER_IP |
24
grindsgears 2012-08-06 21:41:25 +08:00 1
修改配置文件/etc/sysctl.conf中的相应内容如下:
net.ipv4.ip_forward = 1 ‘配置iptables,可以把这个命令写入/etc/rc.local iptables -t nat -A POSTROUTING -o eth0 -s 192.168.92.0/24 -j MASQUERADE iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356 |
25
btwo OP @grindsgears 谢谢,已经检查 net.ipv4.ip_forward = 1
root@mail:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:47 ACCEPT tcp -- anywhere anywhere tcp dpt:1723 Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356 Chain OUTPUT (policy ACCEPT) target prot opt source destination 配置iptables 也做了,还是收到不包,能发送出去! |
26
btwo OP @lypdarling
你说的规则加上去也不行 root@mail:~# iptables -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere multiport dports www,https,smtp,ssmtp,pop3,pop3s,imap2,imaps,submission,ssmtp,ssh ACCEPT all -- anywhere anywhere ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:47 ACCEPT tcp -- anywhere anywhere tcp dpt:1723 Chain FORWARD (policy DROP) target prot opt source destination TCPMSS tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN TCPMSS set 1356 Chain OUTPUT (policy ACCEPT) target prot opt source destination |
27
terry0824 2012-08-06 23:54:40 +08:00 1
楼主show一下/etc/pptpd.conf中没被注释掉的行吧,看看会不会有什么问题。另外需要注意一下就是在iptables中设置的子网也要与pptp中设置的子网保持一致,经常有教程中各种诡异,也有的时候是配置看一个教程,改iptables看一个教程,然后就配置的不对。
|
28
btwo OP ###############################################################################
# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $ # # Sample Poptop configuration file /etc/pptpd.conf # # Changes are effective when pptpd is restarted. ############################################################################### # TAG: ppp # Path to the pppd program, default '/usr/sbin/pppd' on Linux # #ppp /usr/sbin/pppd # TAG: option # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # option /etc/ppp/pptpd-options # TAG: debug # Turns on (more) debugging to syslog # debug # TAG: stimeout # Specifies timeout (in seconds) on starting ctrl connection # # stimeout 10 # TAG: noipparam # Suppress the passing of the client's IP address to PPP, which is # done by default otherwise. # #noipparam # TAG: logwtmp # Use wtmp(5) to record client connections and disconnections. # logwtmp # TAG: bcrelay <if> # Turns on broadcast relay to clients from interface <if> # #bcrelay eth1 # TAG: localip # TAG: remoteip # Specifies the local and remote IP address ranges. # # Any addresses work as long as the local machine takes care of the # routing. But if you want to use MS-Windows networking, you should # use IP addresses out of the LAN address space and use the proxyarp # option in the pppd options file, or run bcrelay. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # # (Recommended) localip 192.168.217.1 remoteip 192.168.217.234-238,192.168.217.245 # or #localip 192.168.0.234-238,192.168.0.245 #remoteip 192.168.1.234-238,192.168.1.245 |
30
ljbha007 2012-08-08 15:57:42 +08:00 1
客户端配置问题 我也遇到过
pptpd默认没开加密的 你在客户端连接的时候一定要把类似“未加密也允许连接”的选项打钩 连接方式也要手动设置为pptp 以上纯属个人经验 |
31
hyq 2012-08-08 16:00:58 +08:00 1
哥哥,你的子网掩码是4个255
|
33
hyq 2012-08-08 16:14:02 +08:00 2
iptables -P FORWARD ACCEPT
很有可能是FORWARD链的问题,我刚才在自己vps上验证过了 |
35
wuhx 2012-08-08 18:58:26 +08:00 1
根据我上次折腾的经验,mac os的mtu配置会和一些wifi路由器不兼容,最后去路由器改了一下配置搞定,不知道是不是楼主的情况
|
39
btwo OP 晕,每次都是点箭头,我以为是感谢, 原来要点边上的链接啊!
所有回复的我都感谢一些,谢谢大家! |
40
miao 2012-08-09 20:34:59 +08:00
搞这么复杂。。。 用ssh代理省事多了。
|
42
yuanalexwu 2012-09-02 21:25:03 +08:00
iptables -A FORWARD -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200
|
43
lisonic 2013-07-23 19:35:26 +08:00
我在win7上是正常的,而在 iPhone 上能连上不走数据是什么原因
|