无法确定代理 ARP (PPTP VPN) 的以太网地址

Cannot determine ethernet address for proxy ARP (PPTP VPN)

我已经在 ubuntu 18.04 上安装了 pptpd,我可以使用 android 和 windows 客户端连接到 vpn,但是当服务器具有完全的互联网访问权限时我无法访问互联网。在 pptpd 日志中,我注意到错误“无法确定代理 ARP 的以太网地址”。

我已经更改了 /etc/ppp/options.pptpd 中的 dns,如下所示:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

我还在 /etc/ppp/chap-secrets 中创建了用户,客户端可以毫无问题地连接(但无法访问互联网。)

我还在 /etc/sysctl.conf

中启用了 IP 转发
net.ipv4.ip_forward = 1

并执行这条命令:

sudo sysctl -p

我在 /etc/pptpd.conf 中更改了本地和远程 IP,如下所示:

localip 10.0.0.1
remoteip 10.0.0.100-200

我也试过:

localip 192.168.0.1
remoteip 192.168.0.100-200

我为 IP 伪装配置了防火墙:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

这是 ifconfig 结果:

photon@ubuntu1804:~$ ifconfig
ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
    inet 162.223.91.163  netmask 255.255.255.192  broadcast 162.223.91.191
    inet6 fe80::250:56ff:fe94:32d0  prefixlen 64  scopeid 0x20<link>
    ether 00:50:56:94:32:d0  txqueuelen 1000  (Ethernet)
    RX packets 543184  bytes 41817268 (41.8 MB)
    RX errors 0  dropped 566  overruns 0  frame 0
    TX packets 50407  bytes 6441592 (6.4 MB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Local Loopback)
    RX packets 122  bytes 10010 (10.0 KB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 122  bytes 10010 (10.0 KB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

这是 pptpd 状态:

photon@ubuntu1804:~$ sudo systemctl status pptpd
● pptpd.service - PoPToP Point to Point Tunneling Server
  Loaded: loaded (/lib/systemd/system/pptpd.service; enabled; vendor preset: enabled)
  Active: active (running) since Sun 2021-05-23 07:31:03 +0430; 20s ago
     Docs: man:pptpd(8)
           man:pptpctrl(8)
        man:pptpd.conf(5)
 Main PID: 6466 (pptpd)
    Tasks: 3 (limit: 1107)
   CGroup: /system.slice/pptpd.service
       ├─6466 /usr/sbin/pptpd --fg
       ├─6475 pptpd [5.119.181.36:478E - 0000]
       └─6479 /usr/sbin/pppd local file /etc/ppp/pptpd-options 115200 10.0.0.1:10.0.0.100 ipparam 5.119.181.36 plugin /usr/lib/pptpd/pptpd-logw

May 23 07:31:12 ubuntu1804 pptpd[6475]: CTRL: Starting call (launching pppd, opening GRE)
May 23 07:31:12 ubuntu1804 pppd[6479]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
May 23 07:31:12 ubuntu1804 pppd[6479]: pppd 2.4.7 started by root, uid 0
May 23 07:31:12 ubuntu1804 pppd[6479]: Using interface ppp0
May 23 07:31:12 ubuntu1804 pppd[6479]: Connect: ppp0 <--> /dev/pts/1
May 23 07:31:13 ubuntu1804 pppd[6479]: peer from calling number 5.119.181.36 authorized
May 23 07:31:13 ubuntu1804 pppd[6479]: MPPE 128-bit stateless compression enabled
May 23 07:31:14 ubuntu1804 pppd[6479]: Cannot determine ethernet address for proxy ARP
May 23 07:31:14 ubuntu1804 pppd[6479]: local  IP address 10.0.0.1
May 23 07:31:14 ubuntu1804 pppd[6479]: remote IP address 10.0.0.100

在尝试了很多解决方案后,我终于找到了答案。我的以太网接口称为 ens160,所以对于 IP 伪装我应该使用这个:

sudo iptables -t nat -A POSTROUTING -o ens160 -j MASQUERADE