logo标签列表

无法连接基于AWS EC2实例的VPN服务器(PPTP)

amazon-web-servicesamazon-ec2vpnpptp
3

我使用的turiotul在EC2实例上设置VPN服务器 URL点击这里
工作环境:
本地:MAC OS X 10.9.1
EC2:
可用区:us-west-2a
AMI ID:Ubuntu 12.04 LTS with Chef (ami-5f2abc6f)

EC2实例上的日志文件:

    $tail -f /var/log/auth.log /var/log/syslog
    Dec 25 15:22:26 ip-172-31-46-255 pptpd[4197]: CTRL: Client 106.35.67.193 control connection started
    Dec 25 15:22:27 ip-172-31-46-255 pptpd[4197]: CTRL: Starting call (launching pppd, opening GRE)
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683089] pptpctrl invoked oom-killer: gfp_mask=0x201da, order=0, oom_adj=0, oom_score_adj=0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683096] pptpctrl cpuset=/ mems_allowed=0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683101] Pid: 4197, comm: pptpctrl Not tainted 3.2.0-40-virtual #64-Ubuntu
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683104] Call Trace:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683116]  [] dump_header+0x91/0xe0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683120]  [] oom_kill_process+0x85/0xb0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683124]  [] out_of_memory+0xfa/0x220
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683129]  [] __alloc_pages_nodemask+0x8c3/0x8e0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683137]  [] ? noalloc_get_block_write+0x30/0x30
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683144]  [] alloc_pages_current+0xb6/0x120
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683150]  [] __page_cache_alloc+0xb7/0xd0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683154]  [] filemap_fault+0x212/0x3c0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683160]  [] __do_fault+0x72/0x550
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683164]  [] handle_pte_fault+0xfa/0x200
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683170]  [] ? xen_pmd_val+0xe/0x10
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683174]  [] ? __raw_callee_save_xen_pmd_val+0x11/0x1e
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683178]  [] handle_mm_fault+0x269/0x370
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683186]  [] do_page_fault+0x14b/0x520
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683192]  [] ? sys_newstat+0x2a/0x40
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683196]  [] page_fault+0x25/0x30
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683199] Mem-Info:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683201] Node 0 DMA per-cpu:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683204] CPU    0: hi:    0, btch:   1 usd:   0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683206] Node 0 DMA32 per-cpu:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683209] CPU    0: hi:  186, btch:  31 usd:  34
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683214] active_anon:138161 inactive_anon:69 isolated_anon:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683216]  active_file:14 inactive_file:80 isolated_file:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683217]  unevictable:0 dirty:0 writeback:0 unstable:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683218]  free:1379 slab_reclaimable:1744 slab_unreclaimable:2458
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683219]  mapped:33 shmem:80 pagetables:3390 bounce:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683221] Node 0 DMA free:2468kB min:72kB low:88kB high:108kB active_anon:11072kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:14524kB mlocked:0kB dirty:0kB writeback:0kB mapped:8kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:256kB kernel_stack:8kB pagetables:940kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:13 all_unreclaimable? yes
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683233] lowmem_reserve[]: 0 597 597 597
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683238] Node 0 DMA32 free:3048kB min:3088kB low:3860kB high:4632kB active_anon:541572kB inactive_anon:276kB active_file:56kB inactive_file:312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:611856kB mlocked:0kB dirty:0kB writeback:0kB mapped:124kB shmem:320kB slab_reclaimable:6976kB slab_unreclaimable:9576kB kernel_stack:880kB pagetables:12620kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:641 all_unreclaimable? yes
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683250] lowmem_reserve[]: 0 0 0 0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683254] Node 0 DMA: 7*4kB 3*8kB 3*16kB 0*32kB 1*64kB 0*128kB 1*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 2468kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683266] Node 0 DMA32: 248*4kB 1*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 3048kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683278] 178 total pagecache pages
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683280] 0 pages in swap cache
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683282] Swap cache stats: add 0, delete 0, find 0/0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683284] Free swap  = 0kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683285] Total swap = 0kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685100] 159472 pages RAM
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685102] 8384 pages reserved
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685104] 26966 pages shared
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685106] 147910 pages non-shared
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685108] [ pid ]   uid  tgid total_vm      rss cpu oom_adj oom_score_adj name
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685114] [  262]     0   262     4308       48   0       0             0 upstart-udev-br
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685119] [  264]     0   264     5367      116   0     -17         -1000 udevd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685122] [  309]     0   309     5366      102   0     -17         -1000 udevd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685126] [  310]     0   310     5366      101   0     -17         -1000 udevd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685129] [  383]     0   383     3797       49   0       0             0 upstart-socket-
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685133] [  562]     0   562     1816      125   0       0             0 dhclient3
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685137] [  633]     0   633    12508      153   0     -17         -1000 sshd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685140] [  652]   101   652    63429      138   0       0             0 rsyslogd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685144] [  654]   102   654     5979       79   0       0             0 dbus-daemon
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685147] [  710]     0   710     3689       41   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685151] [  716]     0   716     3689       40   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685154] [  721]     0   721     3689       42   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685157] [  723]     0   723     3689       41   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685161] [  728]     0   728     3689       42   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685165] [  731]     0   731     1082       36   0       0             0 acpid
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685168] [  734]     0   734     4778       59   0       0             0 cron
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685172] [  736]     0   736     4227       40   0       0             0 atd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685175] [  762]   106   762   284071    22421   0       0             0 mysqld
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685179] [  818]   103   818    46918      305   0       0             0 whoopsie
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685182] [  909]     0   909     1100       28   0       0             0 _plutorun
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685186] [  910]     0   910     1076       26   0       0             0 logger
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685189] [  914]     0   914     1100       29   0       0             0 _plutorun
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685193] [  915]     0   915     1100       26   0       0             0 _plutoload
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685196] [  917]     0   917    23340      222   0       0             0 pluto
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685200] [ 1055]     0  1055     1581       22   0       0             0 _pluto_adns
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685204] [ 1089]     0  1089    75227     1401   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685207] [ 1119]     0  1119     3689       42   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685211] [ 1151]    33  1151    82735     8990   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685214] [ 1155]    33  1155    79132     5224   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685217] [ 1157]    33  1157    82541     8793   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685221] [ 1160]    33  1160    82268     8439   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685224] [ 1164]    33  1164    75649     1816   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685228] [ 1167]    33  1167    75589     1811   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685231] [ 1172]    33  1172    75252     1439   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685235] [ 1173]    33  1173    79999     6277   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685238] [ 1176]    33  1176    75239     1405   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685242] [ 1179]    33  1179    80832     7085   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685245] [ 1180]    33  1180    80726     7003   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685249] [ 1181]    33  1181    83104     9320   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685252] [ 1182]    33  1182    75250     1438   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685255] [ 1183]    33  1183    83922    10127   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685259] [ 1184]    33  1184    81338     7441   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685262] [ 1185]    33  1185    84310    10296   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685266] [ 1606]    33  1606    81340     7518   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685269] [ 3901]     0  3901    18359      201   0       0             0 sshd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685273] [ 3990]  1000  3990    18359      202   0       0             0 sshd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685276] [ 3991]  1000  3991    11009     1205   0       0             0 zsh
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685280] [ 4172]     0  4172     2661       34   0       0             0 pptpd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685283] [ 4184]    33  4184    75250     1428   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685287] [ 4185]    33  4185    82090     8292   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685290] [ 4186]    33  4186    81894     8089   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685293] [ 4187]    33  4187    75250     1414   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685297] [ 4188]    33  4188    80691     6850   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685300] [ 4189]    33  4189    80462     6677   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685303] [ 4196]  1000  4196     1542       24   0       0             0 tail
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685307] [ 4197]     0  4197     1605       29   0       0             0 pptpctrl
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685310] Out of memory: Kill process 762 (mysqld) score 149 or sacrifice child
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685327] Killed process 762 (mysqld) total-vm:1136284kB, anon-rss:89684kB, file-rss:0kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.818939] init: mysql main process (762) killed by KILL signal
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.832618] init: mysql main process ended, respawning
    Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: pppd 2.4.5 started by root, uid 0
    Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: Using interface ppp0
    Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: Connect: ppp0  /dev/pts/1
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605660.273398] type=1400 audit(1387952547.943:11): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=4204 comm="apparmor_parser"
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: peer from calling number 106.35.67.193 authorized
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: LCP terminated by peer (MPPE required but not available)
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: EOF or bad error reading ctrl packet length.
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: couldn't read packet header (exit)
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: CTRL read failed
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: Reaping child PPP[4199]
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Hangup (SIGHUP)
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Modem hangup
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Connection terminated.
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Exit.
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: Client 106.35.67.193 control connection finished
    Dec 25 15:22:28 ip-172-31-46-255 kernel: [21605660.812847] init: mysql main process (4210) terminated with status 1
    Dec 25 15:22:28 ip-172-31-46-255 kernel: [21605660.812901] init: mysql main process ended, respawning
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.552743] init: mysql post-start process (4211) terminated with status 1
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.573224] type=1400 audit(1387952549.243:12): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=4235 comm="apparmor_parser"
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.688664] init: mysql main process (4239) terminated with status 1
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.688717] init: mysql respawning too fast, stopped

我的EC2实例关联的安全组:

    端口  协议  来源    组名
    -1   icmp  0.0.0.0/0 ✔
    0-65535 tcp  0.0.0.0/0 ✔
    22   tcp   0.0.0.0/0 ✔
    67   tcp   0.0.0.0/0 ✔
    80   tcp   0.0.0.0/0 ✔
    443  tcp   0.0.0.0/0 ✔
    500  tcp   0.0.0.0/0 ✔
    512  tcp   0.0.0.0/0 ✔
    1723 tcp   0.0.0.0/0 ✔
    3306 tcp   0.0.0.0/0 ✔
    8080 tcp   0.0.0.0/0 ✔
    32783 tcp  0.0.0.0/0 ✔
    0-65535 udp 0.0.0.0/0 ✔
    500  udp   0.0.0.0/0 ✔
    4500 udp   0.0.0.0/0 ✔
    所有47  0.0.0.0/0 ✔
    所有67  0.0.0.0/0 ✔

运行“tcpdump -i any proto GRE”命令在EC2上的结果。

$sudo tcpdump -i any proto GRE            
tcpdump:输出被压制,使用-v或-vv以进行完整的协议解码
在任何位置监听,链接类型为LINUX_SLL(Linux cooked),捕获大小为65535字节
14:17:13.948740 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193:GREv1,呼叫32807,seq 0,length 36:LCP,Conf-Request(0x01),id 1,length 22
14:17:14.211469 IP 106.35.67.193 > ip-172-31-46-255.us-west-2.compute.internal:GREv1,呼叫1024,seq 1,ack 0,length 40:LCP,Conf-Request(0x01),id 1,length 22
14:17:14.212003 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193:GREv1,呼叫32807,seq 1,ack 1,length 40:LCP,Conf-Ack(0x02),id 1,length 22
14:17:16.943179 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193:GREv1,呼叫32807,seq 2,length 36:LCP,Conf-Request(0x01),id 1,length 22
14:17:17.213805 IP 106.35.67.193 > ip-172-31-46-255.us-west-2.compute.internal:GREv1,呼叫1024,seq 2,ack 0,length 40:LCP,Conf-Request(0x01),id 1,length 22
...
...
...

有人能帮我吗?

EC2实例是部署为EC2-Classic还是VPC? - Michael - sqlbot
不,我真的不太明白那个,这是非常必要的吗? - kkt
我在实例中找到了“VPC ID vpc-44f36a2c”,这是一个VPC吗? - kkt
它需要是VPC,因为只有VPC安全组才能支持PPTP。在安全组中,您需要打开“协议47”或“所有协议”,而不仅仅是TCP / UDP / ICMP,以使PPTP正常工作。您在问题中没有展示您已经这样做了。(EC2-Classic安全组不允许此选项)。 - Michael - sqlbot
我在安全组中设置了"All 47 0.0.0.0/0 ✔"GRE(很抱歉,我无法上传图片),您可以在我的问题中找到它。是否需要设置"All Protocols"? - kkt
我尝试设置“所有协议”,但仍然显示另一个错误,我已在问题中更新了它。 - kkt
2个回答
4
我遇到了同样的问题。在Amazon EC2上设置VPN,添加1723 TCP和47协议允许0.0.0.0/0,但是在我的Mac上VPN仍然无法工作。日志显示服务器端没有GRE协议。
最后我发现这是一个ISP问题!!!! 我如何发现的? 我只是在我的iPhone上设置VPN并使用3G连接,它就起作用了!
因此,请注意您的ISP设置,至少通过3G或其他互联网连接测试VPN服务器。
祝你好运!
顺便说一句,我按照以下文章设置了PPTP VPN在我的Amazon实例上。 http://www.yzhang.net/blog/2013-03-07-pptp-vpn-ec2.html
2

我知道Tong在上面的评论中提到了这一点,但是非常重要的是要认识到将GRE添加到VPC安全组作为GRE协议规则而不是TCP协议规则的区别。

如果不这样做,服务器tcpdump仍将显示流量,但ppp0接口将永远无法正确初始化。

1
此外,当我尝试这样做时,我在列表中找不到GRE。我选择了“自定义协议”并输入了GRE。端口显示为“全部”。当我保存更改时,它以GRE(47)的形式出现在列表中(尽管我没有输入47),因此我认为这是正确的方法。 - Thomas Harris
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接