Could not connect to VPN server ( PPTP ) build on a AWS EC2 instance

Question

The turiotul I used to setup my VPN server on a EC2 instace URL Click Here
Works environment:
local: MAC OS X 10.9.1
EC2:
Availability zone: us-west-2a
AMI ID: Ubuntu 12.04 LTS with Chef (ami-5f2abc6f)

The log file on EC2 instance:

    $tail -f /var/log/auth.log /var/log/syslog
    Dec 25 15:22:26 ip-172-31-46-255 pptpd[4197]: CTRL: Client 106.35.67.193 control connection started
    Dec 25 15:22:27 ip-172-31-46-255 pptpd[4197]: CTRL: Starting call (launching pppd, opening GRE)
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683089] pptpctrl invoked oom-killer: gfp_mask=0x201da, order=0, oom_adj=0, oom_score_adj=0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683096] pptpctrl cpuset=/ mems_allowed=0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683101] Pid: 4197, comm: pptpctrl Not tainted 3.2.0-40-virtual #64-Ubuntu
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683104] Call Trace:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683116]  [] dump_header+0x91/0xe0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683120]  [] oom_kill_process+0x85/0xb0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683124]  [] out_of_memory+0xfa/0x220
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683129]  [] __alloc_pages_nodemask+0x8c3/0x8e0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683137]  [] ? noalloc_get_block_write+0x30/0x30
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683144]  [] alloc_pages_current+0xb6/0x120
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683150]  [] __page_cache_alloc+0xb7/0xd0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683154]  [] filemap_fault+0x212/0x3c0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683160]  [] __do_fault+0x72/0x550
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683164]  [] handle_pte_fault+0xfa/0x200
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683170]  [] ? xen_pmd_val+0xe/0x10
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683174]  [] ? __raw_callee_save_xen_pmd_val+0x11/0x1e
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683178]  [] handle_mm_fault+0x269/0x370
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683186]  [] do_page_fault+0x14b/0x520
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683192]  [] ? sys_newstat+0x2a/0x40
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683196]  [] page_fault+0x25/0x30
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683199] Mem-Info:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683201] Node 0 DMA per-cpu:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683204] CPU    0: hi:    0, btch:   1 usd:   0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683206] Node 0 DMA32 per-cpu:
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683209] CPU    0: hi:  186, btch:  31 usd:  34
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683214] active_anon:138161 inactive_anon:69 isolated_anon:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683216]  active_file:14 inactive_file:80 isolated_file:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683217]  unevictable:0 dirty:0 writeback:0 unstable:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683218]  free:1379 slab_reclaimable:1744 slab_unreclaimable:2458
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683219]  mapped:33 shmem:80 pagetables:3390 bounce:0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683221] Node 0 DMA free:2468kB min:72kB low:88kB high:108kB active_anon:11072kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:14524kB mlocked:0kB dirty:0kB writeback:0kB mapped:8kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:256kB kernel_stack:8kB pagetables:940kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:13 all_unreclaimable? yes
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683233] lowmem_reserve[]: 0 597 597 597
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683238] Node 0 DMA32 free:3048kB min:3088kB low:3860kB high:4632kB active_anon:541572kB inactive_anon:276kB active_file:56kB inactive_file:312kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:611856kB mlocked:0kB dirty:0kB writeback:0kB mapped:124kB shmem:320kB slab_reclaimable:6976kB slab_unreclaimable:9576kB kernel_stack:880kB pagetables:12620kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:641 all_unreclaimable? yes
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683250] lowmem_reserve[]: 0 0 0 0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683254] Node 0 DMA: 7*4kB 3*8kB 3*16kB 0*32kB 1*64kB 0*128kB 1*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 2468kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683266] Node 0 DMA32: 248*4kB 1*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB 0*4096kB = 3048kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683278] 178 total pagecache pages
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683280] 0 pages in swap cache
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683282] Swap cache stats: add 0, delete 0, find 0/0
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683284] Free swap  = 0kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.683285] Total swap = 0kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685100] 159472 pages RAM
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685102] 8384 pages reserved
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685104] 26966 pages shared
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685106] 147910 pages non-shared
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685108] [ pid ]   uid  tgid total_vm      rss cpu oom_adj oom_score_adj name
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685114] [  262]     0   262     4308       48   0       0             0 upstart-udev-br
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685119] [  264]     0   264     5367      116   0     -17         -1000 udevd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685122] [  309]     0   309     5366      102   0     -17         -1000 udevd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685126] [  310]     0   310     5366      101   0     -17         -1000 udevd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685129] [  383]     0   383     3797       49   0       0             0 upstart-socket-
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685133] [  562]     0   562     1816      125   0       0             0 dhclient3
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685137] [  633]     0   633    12508      153   0     -17         -1000 sshd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685140] [  652]   101   652    63429      138   0       0             0 rsyslogd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685144] [  654]   102   654     5979       79   0       0             0 dbus-daemon
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685147] [  710]     0   710     3689       41   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685151] [  716]     0   716     3689       40   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685154] [  721]     0   721     3689       42   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685157] [  723]     0   723     3689       41   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685161] [  728]     0   728     3689       42   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685165] [  731]     0   731     1082       36   0       0             0 acpid
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685168] [  734]     0   734     4778       59   0       0             0 cron
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685172] [  736]     0   736     4227       40   0       0             0 atd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685175] [  762]   106   762   284071    22421   0       0             0 mysqld
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685179] [  818]   103   818    46918      305   0       0             0 whoopsie
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685182] [  909]     0   909     1100       28   0       0             0 _plutorun
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685186] [  910]     0   910     1076       26   0       0             0 logger
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685189] [  914]     0   914     1100       29   0       0             0 _plutorun
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685193] [  915]     0   915     1100       26   0       0             0 _plutoload
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685196] [  917]     0   917    23340      222   0       0             0 pluto
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685200] [ 1055]     0  1055     1581       22   0       0             0 _pluto_adns
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685204] [ 1089]     0  1089    75227     1401   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685207] [ 1119]     0  1119     3689       42   0       0             0 getty
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685211] [ 1151]    33  1151    82735     8990   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685214] [ 1155]    33  1155    79132     5224   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685217] [ 1157]    33  1157    82541     8793   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685221] [ 1160]    33  1160    82268     8439   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685224] [ 1164]    33  1164    75649     1816   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685228] [ 1167]    33  1167    75589     1811   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685231] [ 1172]    33  1172    75252     1439   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685235] [ 1173]    33  1173    79999     6277   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685238] [ 1176]    33  1176    75239     1405   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685242] [ 1179]    33  1179    80832     7085   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685245] [ 1180]    33  1180    80726     7003   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685249] [ 1181]    33  1181    83104     9320   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685252] [ 1182]    33  1182    75250     1438   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685255] [ 1183]    33  1183    83922    10127   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685259] [ 1184]    33  1184    81338     7441   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685262] [ 1185]    33  1185    84310    10296   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685266] [ 1606]    33  1606    81340     7518   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685269] [ 3901]     0  3901    18359      201   0       0             0 sshd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685273] [ 3990]  1000  3990    18359      202   0       0             0 sshd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685276] [ 3991]  1000  3991    11009     1205   0       0             0 zsh
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685280] [ 4172]     0  4172     2661       34   0       0             0 pptpd
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685283] [ 4184]    33  4184    75250     1428   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685287] [ 4185]    33  4185    82090     8292   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685290] [ 4186]    33  4186    81894     8089   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685293] [ 4187]    33  4187    75250     1414   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685297] [ 4188]    33  4188    80691     6850   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685300] [ 4189]    33  4189    80462     6677   0       0             0 apache2
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685303] [ 4196]  1000  4196     1542       24   0       0             0 tail
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685307] [ 4197]     0  4197     1605       29   0       0             0 pptpctrl
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685310] Out of memory: Kill process 762 (mysqld) score 149 or sacrifice child
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.685327] Killed process 762 (mysqld) total-vm:1136284kB, anon-rss:89684kB, file-rss:0kB
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.818939] init: mysql main process (762) killed by KILL signal
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605659.832618] init: mysql main process ended, respawning
    Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: pppd 2.4.5 started by root, uid 0
    Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: Using interface ppp0
    Dec 25 15:22:27 ip-172-31-46-255 pppd[4199]: Connect: ppp0  /dev/pts/1
    Dec 25 15:22:27 ip-172-31-46-255 kernel: [21605660.273398] type=1400 audit(1387952547.943:11): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=4204 comm="apparmor_parser"
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: peer from calling number 106.35.67.193 authorized
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: LCP terminated by peer (MPPE required but not available)
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: EOF or bad error reading ctrl packet length.
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: couldn't read packet header (exit)
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: CTRL read failed
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: Reaping child PPP[4199]
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Hangup (SIGHUP)
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Modem hangup
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Connection terminated.
    Dec 25 15:22:28 ip-172-31-46-255 pppd[4199]: Exit.
    Dec 25 15:22:28 ip-172-31-46-255 pptpd[4197]: CTRL: Client 106.35.67.193 control connection finished
    Dec 25 15:22:28 ip-172-31-46-255 kernel: [21605660.812847] init: mysql main process (4210) terminated with status 1
    Dec 25 15:22:28 ip-172-31-46-255 kernel: [21605660.812901] init: mysql main process ended, respawning
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.552743] init: mysql post-start process (4211) terminated with status 1
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.573224] type=1400 audit(1387952549.243:12): apparmor="STATUS" operation="profile_replace" name="/usr/sbin/mysqld" pid=4235 comm="apparmor_parser"
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.688664] init: mysql main process (4239) terminated with status 1
    Dec 25 15:22:29 ip-172-31-46-255 kernel: [21605661.688717] init: mysql respawning too fast, stopped

Security Groups associated with my EC2 instance:

    Ports Protocol  Source  group-name
    -1  icmp  0.0.0.0/0 ✔
    0-65535 tcp 0.0.0.0/0 ✔
    22  tcp 0.0.0.0/0 ✔
    67  tcp 0.0.0.0/0 ✔
    80  tcp 0.0.0.0/0 ✔
    443 tcp 0.0.0.0/0 ✔
    500 tcp 0.0.0.0/0 ✔
    512 tcp 0.0.0.0/0 ✔
    1723  tcp 0.0.0.0/0 ✔
    3306  tcp 0.0.0.0/0 ✔
    8080  tcp 0.0.0.0/0 ✔
    32783 tcp 0.0.0.0/0 ✔
    0-65535 udp 0.0.0.0/0 ✔
    500 udp 0.0.0.0/0 ✔
    4500  udp 0.0.0.0/0 ✔
    All 47  0.0.0.0/0 ✔
    All 67  0.0.0.0/0 ✔

The result when run "tcpdump -i any proto GRE" on the EC2.

    $sudo tcpdump -i any proto GRE            
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
    14:17:13.948740 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193: GREv1, call 32807, seq 0, length 36: LCP, Conf-Request (0x01), id 1, length 22
    14:17:14.211469 IP 106.35.67.193 > ip-172-31-46-255.us-west-2.compute.internal: GREv1, call 1024, seq 1, ack 0, length 40: LCP, Conf-Request (0x01), id 1, length 22
    14:17:14.212003 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193: GREv1, call 32807, seq 1, ack 1, length 40: LCP, Conf-Ack (0x02), id 1, length 22
    14:17:16.943179 IP ip-172-31-46-255.us-west-2.compute.internal > 106.35.67.193: GREv1, call 32807, seq 2, length 36: LCP, Conf-Request (0x01), id 1, length 22
    14:17:17.213805 IP 106.35.67.193 > ip-172-31-46-255.us-west-2.compute.internal: GREv1, call 1024, seq 2, ack 0, length 40: LCP, Conf-Request (0x01), id 1, length 22
...
...
...

Is the anyone can help me?

Answer 1

I met the same problem. Setting up VPN on Amazon EC2, add 1723 TCP and 47 protocol allow from 0.0.0.0/0 but VPN still didn't work on my Mac. Log says GRE protocol not available on server side.

Finally I found it was an ISP problem !!!! How I found that? I just set VPN on my iPhone and connect using 3G, and it works!

So please take care your ISP settings, at least to test VPN server through 3G or other Internet connections.

Good luck!

BTW, I follow below post to setup PPTP VPN on my Amazon instance. http://www.yzhang.net/blog/2013-03-07-pptp-vpn-ec2.html

Answer 2

I know this is mentioned in the comment above by Tong, but it is critically important to recognize the distinction of adding GRE to the VPC Security Group as a GRE protocol rule rather than a TCP protocol rule.

Failure to do so will still show traffic in the server tcpdump, but the ppp0 interface will never properly initialize.