PPTP VPN 服务器

本文节选自《Netkiller Linux 手札》

作者:netkiller

地址:www.netkiller.cn/linux/

38.2. pptpd

38.2.1. Server 服务端

过程 38.11. pptpd 安装步骤

  1. install Ubuntu $ sudo apt-get install pptpd CentOS # yum install pptp pptp-setup
  2. $ sudo vim /etc/pptpd.conf localip 172.16.0.1 remoteip 172.16.0.50-100
  3. $ sudo vim /etc/ppp/pptpd-options ms-dns 208.67.222.222 ms-dns 208.67.220.220
  4. $ sudo vim /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses neo pptpd chen *
  5. restart sudo /etc/init.d/pptpd restart Restarting PPTP: Stopping PPTP: pptpd. Starting PPTP Daemon: pptpd.
  6. # ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.3.9 P-t-P:192.168.3.15 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1 RX packets:1545 errors:0 dropped:0 overruns:0 frame:0 TX packets:1008 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:342505 (334.4 KiB) TX bytes:239324 (233.7 KiB)
  7. $ sudo vim /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 refresh status $ sudo sysctl -p net.ipv4.ip_forward = 1
  8. NAT $ sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE $ sudo iptables-save > /etc/iptables-rules $ sudo vim /etc/network/interfaces pre-up iptables-restore < /etc/iptables-rules
  9. firewall $ sudo ufw allow 1723 Rules updated

MTU

$ sudo iptables -A FORWARD -s 10.100.0.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200

还有一个最简单的修改mtu的办法:
$ sudo vim /etc/ppp/ip-up.local

!/bin/bash

/sbin/ifconfig $1 mtu 1496		

38.2.2. Client 客户端

安装pptp客户端

yum install -y pptp pptp-setup		

38.2.2.1. 创建账号

普通账号

pptpsetup --create vpn --server vpn.netkiller.cn \
--username neo --password netkiller			

加密账号

pptpsetup --create vpn0 --server vpn.netkiller.cn \
--username neo --password netkiller --encrypt			

查看vpn配置文件

# cat /etc/ppp/peers/vpn 
# written by pptpsetup
pty "pptp vpn.netkiller.cn --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name neo
remotename vpn
ipparam vpn			

38.2.2.2. 内核模块安装

for module in nf_nat_pptp nf_conntrack_pptp nf_conntrack_proto_gre
do
    modprobe $module
done			

38.2.2.3. 拨入VPN

链接vpn

pppd call vpn			

查看日志

# tail -f /var/log/messages | grep pppd
Sep  9 19:09:19 iZ621r6pk9aZ pppd[21801]: pppd 2.4.5 started by root, uid 0
Sep  9 19:09:19 iZ621r6pk9aZ pppd[21801]: Using interface ppp0			

38.2.2.4. 路由配置

38.2.2.4.1. 自动配置路由

创建文件/etc/ppp/ip-up.local,写入添加路由命令,然后赋予可执行权限。

[neo@netkiller ppp]# cat /etc/ppp/ip-up.local 
ip route add 192.168.0.0/24 dev ppp0  scope link

[neo@netkiller ppp]# chmod +x /etc/ppp/ip-up.local 

创建文件 /etc/ppp/ip-down.local 写入删除路由命令,然后赋予可执行权限

# cat /etc/ppp/ip-down.local
ip route del 192.168.0.0/24 dev ppp0

chmod +x /etc/ppp/ip-down.local				
38.2.2.4.2. 手工配置路由

添加路由

ip route add 192.168.0.0/24 dev ppp0  scope link			

查看路由表

[neo@netkiller ppp]# ip route 
default via 47.19.19.27 dev eth1 
1.2.2.2 dev ppp0  proto kernel  scope link  src 2.0.1.8 
10.0.0.0/8 via 10.47.47.247 dev eth0 
10.47.40.0/21 dev eth0  proto kernel  scope link  src 10.47.40.190 
47.89.36.0/22 dev eth1  proto kernel  scope link  src 47.89.36.254 
100.64.0.0/10 via 10.47.47.247 dev eth0 
118.142.17.226 via 47.89.39.247 dev eth1  src 47.89.36.254 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
172.16.0.0/12 via 10.47.47.247 dev eth0  
192.168.0.0/24 dev ppp0  scope link			

删除路由

ip route del 192.168.0.0/24 dev ppp0				

FreeBSD 等老系统

route add -net 192.168.0.0/24 dev ppp0				

38.2.3. FAQ

38.2.3.1. 800 错误

错误:800

运行 ipconfig /flushdns 后,再试

38.2.3.2. 测试 PPTP 端口

telnet vpn.netkiller.cn 1723			

38.2.3.3. debug

			# pppd call vpn debug dump logfd 2 updetach
pppd options in effect:
debug		# (from command line)
updetach		# (from command line)
logfd 2		# (from command line)
dump		# (from command line)
noauth		# (from /etc/ppp/peers/vpn)
name cf4		# (from /etc/ppp/peers/vpn)
remotename vpn		# (from /etc/ppp/peers/vpn)
		# (from /etc/ppp/peers/vpn)
pty pptp vpn.netkiller.cn --nolaunchpppd		# (from /etc/ppp/peers/vpn)
ipparam vpn		# (from /etc/ppp/peers/vpn)
nobsdcomp		# (from /etc/ppp/peers/vpn)
nodeflate		# (from /etc/ppp/peers/vpn)
using channel 4
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]

原文发布于微信公众号 - Netkiller(netkiller-ebook)

原文发表时间:2016-09-13

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

扫码关注云+社区