我用来在 EC2 实例上设置我的 VPN 服务器的 turiotul
URL Click Here
工作环境:
本地:MAC OS X 10.9.1
EC2:
可用区: us-west-2a
AMI ID:带有 Chef 的 Ubuntu 12.04 LTS (ami-5f2abc6f)
EC2 实例上的日志文件:
$tail -f /var/log/auth.log /var/log/syslog
Dec 25 15:22:26 ip-172-31-46-255 pptpd[4197]: CTRL: Client 106.35.67.193 control connection started
Dec 25 15:22:27 ip-172-31-46-255 pptpd[4197]: CTRL: Starting call (launching pppd, opening GRE)
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683089] pptpctrl invoked oom-killer: gfp_mask=0x201da, order=0, oom_adj=0, oom_score_adj=0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683096] pptpctrl cpuset=/ mems_allowed=0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683101] Pid: 4197, comm: pptpctrl Not tainted 3.2.0-40-virtual #64-Ubuntu
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683104] Call Trace:
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683116] [] dump_header+0x91/0xe0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683120] [] oom_kill_process+0x85/0xb0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683124] [] out_of_memory+0xfa/0x220
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683129] [] __alloc_pages_nodemask+0x8c3/0x8e0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683137] [] ? noalloc_get_block_write+0x30/0x30
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683144] [] alloc_pages_current+0xb6/0x120
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683150] [] __page_cache_alloc+0xb7/0xd0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683154] [] filemap_fault+0x212/0x3c0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683160] [] __do_fault+0x72/0x550
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683164] [] handle_pte_fault+0xfa/0x200
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683170] [] ? xen_pmd_val+0xe/0x10
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683174] [] ? __raw_callee_save_xen_pmd_val+0x11/0x1e
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683178] [] handle_mm_fault+0x269/0x370
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683186] [] do_page_fault+0x14b/0x520
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683192] [] ? sys_newstat+0x2a/0x40
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683196] [] page_fault+0x25/0x30
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683199] Mem-Info:
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683201] Node 0 DMA per-cpu:
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683204] CPU 0: hi: 0, btch: 1 usd: 0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683206] Node 0 DMA32 per-cpu:
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683209] CPU 0: hi: 186, btch: 31 usd: 34
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683214] active_anon:138161 inactive_anon:69 isolated_anon:0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683216] active_file:14 inactive_file:80 isolated_file:0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683217] unevictable:0 dirty:0 writeback:0 unstable:0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683218] free:1379 slab_reclaimable:1744 slab_unreclaimable:2458
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683219] mapped:33 shmem:80 pagetables:3390 bounce:0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683221] Node 0 DMA free:2468kB min:72kB low:88kB high:108kB active_anon:11072kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:14524kB mlocked:0kB dirty:0kB writeback:0kB mapped:8kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:256kB kernel_stack:8kB pagetables:940kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:13 all_unreclaimable? yes
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683233] lowmem_reserve[]: 0 597 597 597
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683238] Node 0 DMA32 free:3048kB min:3088kB low:3860kB high:4632kB active_anon:541572kB inactive_anon:276kB active_file:56kB inactive_file:312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:611856kB mlocked:0kB dirty:0kB writeback:0kB mapped:124kB shmem:320kB slab_reclaimable:6976kB slab_unreclaimable:9576kB kernel_stack:880kB pagetables:12620kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:641 all_unreclaimable? yes
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683250] lowmem_reserve[]: 0 0 0 0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683254] Node 0 DMA: 7*4kB 3*8kB 3*16kB 0*32kB 1*64kB 0*128kB 1*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 2468kB
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683266] Node 0 DMA32: 248*4kB 1*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 3048kB
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683278] 178 total pagecache pages
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683280] 0 pages in swap cache
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683282] Swap cache stats: add 0, delete 0, find 0/0
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683284] Free swap = 0kB
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683285] Total swap = 0kB
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685100] 159472 pages RAM
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685102] 8384 pages reserved
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685104] 26966 pages shared
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685106] 147910 pages non-shared
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685108] [ pid ] uid tgid total_vm rss cpu oom_adj oom_score_adj name
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685114] [ 262] 0 262 4308 48 0 0 0 upstart-udev-br
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685119] [ 264] 0 264 5367 116 0 -17 -1000 udevd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685122] [ 309] 0 309 5366 102 0 -17 -1000 udevd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685126] [ 310] 0 310 5366 101 0 -17 -1000 udevd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685129] [ 383] 0 383 3797 49 0 0 0 upstart-socket-
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685133] [ 562] 0 562 1816 125 0 0 0 dhclient3
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685137] [ 633] 0 633 12508 153 0 -17 -1000 sshd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685140] [ 652] 101 652 63429 138 0 0 0 rsyslogd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685144] [ 654] 102 654 5979 79 0 0 0 dbus-daemon
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685147] [ 710] 0 710 3689 41 0 0 0 getty
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685151] [ 716] 0 716 3689 40 0 0 0 getty
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685154] [ 721] 0 721 3689 42 0 0 0 getty
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685157] [ 723] 0 723 3689 41 0 0 0 getty
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685161] [ 728] 0 728 3689 42 0 0 0 getty
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685165] [ 731] 0 731 1082 36 0 0 0 acpid
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685168] [ 734] 0 734 4778 59 0 0 0 cron
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685172] [ 736] 0 736 4227 40 0 0 0 atd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685175] [ 762] 106 762 284071 22421 0 0 0 mysqld
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685179] [ 818] 103 818 46918 305 0 0 0 whoopsie
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685182] [ 909] 0 909 1100 28 0 0 0 _plutorun
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685186] [ 910] 0 910 1076 26 0 0 0 logger
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685189] [ 914] 0 914 1100 29 0 0 0 _plutorun
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685193] [ 915] 0 915 1100 26 0 0 0 _plutoload
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685196] [ 917] 0 917 23340 222 0 0 0 pluto
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685200] [ 1055] 0 1055 1581 22 0 0 0 _pluto_adns
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685204] [ 1089] 0 1089 75227 1401 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685207] [ 1119] 0 1119 3689 42 0 0 0 getty
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685211] [ 1151] 33 1151 82735 8990 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685214] [ 1155] 33 1155 79132 5224 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685217] [ 1157] 33 1157 82541 8793 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685221] [ 1160] 33 1160 82268 8439 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685224] [ 1164] 33 1164 75649 1816 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685228] [ 1167] 33 1167 75589 1811 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685231] [ 1172] 33 1172 75252 1439 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685235] [ 1173] 33 1173 79999 6277 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685238] [ 1176] 33 1176 75239 1405 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685242] [ 1179] 33 1179 80832 7085 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685245] [ 1180] 33 1180 80726 7003 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685249] [ 1181] 33 1181 83104 9320 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685252] [ 1182] 33 1182 75250 1438 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685255] [ 1183] 33 1183 83922 10127 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685259] [ 1184] 33 1184 81338 7441 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685262] [ 1185] 33 1185 84310 10296 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685266] [ 1606] 33 1606 81340 7518 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685269] [ 3901] 0 3901 18359 201 0 0 0 sshd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685273] [ 3990] 1000 3990 18359 202 0 0 0 sshd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685276] [ 3991] 1000 3991 11009 1205 0 0 0 zsh
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685280] [ 4172] 0 4172 2661 34 0 0 0 pptpd
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685283] [ 4184] 33 4184 75250 1428 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685287] [ 4185] 33 4185 82090 8292 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685290] [ 4186] 33 4186 81894 8089 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685293] [ 4187] 33 4187 75250 1414 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685297] [ 4188] 33 4188 80691 6850 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685300] [ 4189] 33 4189 80462 6677 0 0 0 apache2
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685303] [ 4196] 1000 4196 1542 24 0 0 0 tail
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685307] [ 4197] 0 4197 1605 29 0 0 0 pptpctrl
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685310] Out of memory: Kill process 762 (mysqld) score 149 or sacrifice child
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685327] Killed process 762 (mysqld) total-vm:1136284kB, anon-rss:89684kB, file-rss:0kB
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.818939] init: mysql main process (762) killed by KILL signal
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.832618] init: mysql main process ended, respawning
Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: pppd 2.4.5 started by root, uid 0
Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: Using interface ppp0
Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: Connect: ppp0 /dev/pts/1
Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605660.273398] type=1400 audit(1387952547.943:11): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=4204 comm="apparmor_parser"
Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: peer from calling number 106.35.67.193 authorized
Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: LCP terminated by peer (MPPE required but not available)
Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: EOF or bad error reading ctrl packet length.
Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: couldn't read packet header (exit)
Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: CTRL read failed
Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: Reaping child PPP[4199]
Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Hangup (SIGHUP)
Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Modem hangup
Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Connection terminated.
Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Exit.
Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: Client 106.35.67.193 control connection finished
Dec 25 15:22:28 ip-172-31-46-255 kernel: [21605660.812847] init: mysql main process (4210) terminated with status 1
Dec 25 15:22:28 ip-172-31-46-255 kernel: [21605660.812901] init: mysql main process ended, respawning
Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.552743] init: mysql post-start process (4211) terminated with status 1
Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.573224] type=1400 audit(1387952549.243:12): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=4235 comm="apparmor_parser"
Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.688664] init: mysql main process (4239) terminated with status 1
Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.688717] init: mysql respawning too fast, stopped
与我的 EC2 实例关联的安全组:
Ports Protocol Source group-name
-1 icmp 0.0.0.0/0 ✔
0-65535 tcp 0.0.0.0/0 ✔
22 tcp 0.0.0.0/0 ✔
67 tcp 0.0.0.0/0 ✔
80 tcp 0.0.0.0/0 ✔
443 tcp 0.0.0.0/0 ✔
500 tcp 0.0.0.0/0 ✔
512 tcp 0.0.0.0/0 ✔
1723 tcp 0.0.0.0/0 ✔
3306 tcp 0.0.0.0/0 ✔
8080 tcp 0.0.0.0/0 ✔
32783 tcp 0.0.0.0/0 ✔
0-65535 udp 0.0.0.0/0 ✔
500 udp 0.0.0.0/0 ✔
4500 udp 0.0.0.0/0 ✔
All 47 0.0.0.0/0 ✔
All 67 0.0.0.0/0 ✔
在 EC2 上运行“tcpdump -i any proto GRE”时的结果。
$sudo tcpdump -i any proto GRE
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
14:17:13.948740 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193: GREv1, call 32807, seq 0, length 36: LCP, Conf-Request (0x01), id 1, length 22
14:17:14.211469 IP 106.35.67.193 > ip-172-31-46-255.us-west-2.compute.internal: GREv1, call 1024, seq 1, ack 0, length 40: LCP, Conf-Request (0x01), id 1, length 22
14:17:14.212003 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193: GREv1, call 32807, seq 1, ack 1, length 40: LCP, Conf-Ack (0x02), id 1, length 22
14:17:16.943179 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193: GREv1, call 32807, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22
14:17:17.213805 IP 106.35.67.193 > ip-172-31-46-255.us-west-2.compute.internal: GREv1, call 1024, seq 2, ack 0, length 40: LCP, Conf-Request (0x01), id 1, length 22
...
...
...
有人可以帮助我吗?
最佳答案
我遇到了同样的问题。 在 Amazon EC2 上设置 VPN,从 0.0.0.0/0 添加 1723 TCP 和 47 协议(protocol)允许,但 VPN 仍然无法在我的 Mac 上运行。日志显示 GRE 协议(protocol)在服务器端不可用。
最后发现是ISP的问题!!!! 我怎么找到的?我只是在我的 iPhone 上设置了 VPN 并使用 3G 连接,它就可以工作了!
因此请注意您的 ISP 设置,至少要通过 3G 或其他互联网连接测试 VPN 服务器。
祝你好运!
顺便说一句,我按照下面的帖子在我的亚马逊实例上设置 PPTP VPN。 http://www.yzhang.net/blog/2013-03-07-pptp-vpn-ec2.html
关于amazon-web-services - 无法连接到 AWS EC2 实例上构建的 VPN 服务器 (PPTP),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20769312/