HTTP应用程序通过PPTP连接挂起
地图看起来像:HTTP应用程序通过PPTP连接挂起,http,networking,tcp,debian,vpn,Http,Networking,Tcp,Debian,Vpn,地图看起来像: [debian server with pptpd (192.168.3.59)] ↕ [router forwarding 1723 port] ↕ [internet] ↕ [home router] ↕ [ubuntu networkmanager pptp client] 奇怪的是,不管服务器是apache2还是nginx,只有http连接。Nginx通常返回非200响应(如301、404和500)。但当文件存在时,连接就会挂起(chrome firef
[debian server with pptpd (192.168.3.59)]
↕
[router forwarding 1723 port]
↕
[internet]
↕
[home router]
↕
[ubuntu networkmanager pptp client]
奇怪的是,不管服务器是apache2还是nginx,只有http连接。Nginx通常返回非200响应(如301、404和500)。但当文件存在时,连接就会挂起(chrome firefox curl telnet)。重置连接后,nginx将200 OK写入访问日志。
其他服务,如ssh、mysql,工作正常
某些配置:
pptpd.conf
localip 192.168.3.230-234
remoteip 192.168.3.235-240
pptpd选项
require-mschap-v2
require-mppe-128
ms-dns 192.168.3.59
proxyarp
nodefaultroute
lock
nobsdcomp
noipx
mtu 1490
mru 1490
服务器上的iptables:
modprobe ip_tables
modprobe ip_nat_ftp
modprobe iptable_filter
modprobe iptable_nat
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
...
$IPT -A FORWARD -i ppp+ -o eth0 -j ACCEPT
$IPT -A FORWARD -i eth0 -o ppp+ -j ACCEPT
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
(vpnserver) 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
(vpnserver) 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 ppp0
192.168.3.230 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
sysctl
net.ipv4.ip_forward=1
apache
Listen 0.0.0.0:80
# 192.168.3.59
nginx
listen 8080
# 192.168.3.59
路由-n
在客户端:
modprobe ip_tables
modprobe ip_nat_ftp
modprobe iptable_filter
modprobe iptable_nat
$IPT -P INPUT ACCEPT
$IPT -P FORWARD ACCEPT
$IPT -P OUTPUT ACCEPT
...
$IPT -A FORWARD -i ppp+ -o eth0 -j ACCEPT
$IPT -A FORWARD -i eth0 -o ppp+ -j ACCEPT
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
(vpnserver) 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
(vpnserver) 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 1 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 ppp0
192.168.3.230 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
基于这些症状,听起来大数据包被链路丢弃了。将您的
pptpd选项MTU和MRU降低到1392