Cannot determine ethernet address for proxy ARP (Cent OS PPTP VPN)

Question

I've installed pptpd on CentOS 7 with AWS EC2 and I can connect to vpn with windows client but I have no internet access while the server has full internet access. In pptpd log I noticed the error "Cannot determine ethernet address for proxy ARP".

I've changed the dns in /etc/ppp/options.pptpd as below:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

I've also created users in /etc/ppp/chap-secrets and clients can connect without problem (but with no internet access.)

I've also enabled IP forwarding in /etc/sysctl.conf

net.ipv4.ip_forward = 1

and execute this command:

sudo sysctl -p

I changed local and remote IPs in /etc/pptpd.conf as below:

localip 192.168.10.1
remoteip 192.168.20.10-100

I configured firewall for IP masquerading:

sudo iptables -t nat -A POSTROUTING -o ens5 -j MASQUERADE

This is the ifconfig result:

ens5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 9001
    inet 172.31.28.246  netmask 255.255.240.0  broadcast 172.31.31.255
    inet6 fe80::4e6:11ff:fed8:bb4a  prefixlen 64  scopeid 0x20<link>
    ether 06:e6:11:d8:bb:4a  txqueuelen 1000  (Ethernet)
    RX packets 3668  bytes 347939 (339.7 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 3111  bytes 385009 (375.9 KiB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Local Loopback)
    RX packets 6  bytes 416 (416.0 B)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 6  bytes 416 (416.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ppp0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1396
    inet 192.168.10.1  netmask 255.255.255.255  destination 192.168.20.10
    ppp  txqueuelen 3  (Point-to-Point Protocol)
    RX packets 40  bytes 3158 (3.0 KiB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 8  bytes 104 (104.0 B)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

And this is the pptpd status (I could connect to the VPN successful but could not access the internet):

[root@ip-172-31-28-246 ~]# systemctl status pptpd
● pptpd.service - PoPToP Point to Point Tunneling Server
   Loaded: loaded (/usr/lib/systemd/system/pptpd.service; enabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-08-22 09:24:41 UTC; 2min 9s ago
 Main PID: 1476 (pptpd)
   CGroup: /system.slice/pptpd.service
       ├─1476 /usr/sbin/pptpd -f
       ├─1505 pptpd [171.213.14.133:ED5A - 0000]
       └─1506 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 192.168.10.1:192.168.20.10 ipparam 171.213.14.133 plugin /usr/lib64/pptpd/pptpd-logwtmp.so pptpd-original-ip 171.213.14.133 remote...

Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pptpd[1505]: CTRL: Starting call (launching pppd, opening GRE)
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: pppd 2.4.5 started by root, uid 0
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Using interface ppp0
Aug 22 09:25:28 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Connect: ppp0 <--> /dev/pts/1
Aug 22 09:25:32 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: peer from calling number 171.213.14.133 authorized
Aug 22 09:25:32 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: MPPE 128-bit stateless compression enabled
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: Cannot determine ethernet address for proxy ARP
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: local  IP address 192.168.10.1
Aug 22 09:25:34 ip-172-31-28-246.ap-east-1.compute.internal pppd[1506]: remote IP address 192.168.20.10