PPTP VPN 服务器

本文节选自《Netkiller Linux 手札》

作者:netkiller

地址:www.netkiller.cn/linux/

38.2. pptpd

38.2.1. Server 服务端

过程 38.11. pptpd 安装步骤

  1. install Ubuntu $ sudo apt-get install pptpd CentOS # yum install pptp pptp-setup
  2. $ sudo vim /etc/pptpd.conf localip 172.16.0.1 remoteip 172.16.0.50-100
  3. $ sudo vim /etc/ppp/pptpd-options ms-dns 208.67.222.222 ms-dns 208.67.220.220
  4. $ sudo vim /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses neo pptpd chen *
  5. restart sudo /etc/init.d/pptpd restart Restarting PPTP: Stopping PPTP: pptpd. Starting PPTP Daemon: pptpd.
  6. # ifconfig ppp0 ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.3.9 P-t-P:192.168.3.15 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1 RX packets:1545 errors:0 dropped:0 overruns:0 frame:0 TX packets:1008 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:342505 (334.4 KiB) TX bytes:239324 (233.7 KiB)
  7. $ sudo vim /etc/sysctl.conf # Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1 refresh status $ sudo sysctl -p net.ipv4.ip_forward = 1
  8. NAT $ sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE $ sudo iptables-save > /etc/iptables-rules $ sudo vim /etc/network/interfaces pre-up iptables-restore < /etc/iptables-rules
  9. firewall $ sudo ufw allow 1723 Rules updated

MTU

$ sudo iptables -A FORWARD -s 10.100.0.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200

还有一个最简单的修改mtu的办法:
$ sudo vim /etc/ppp/ip-up.local

!/bin/bash

/sbin/ifconfig $1 mtu 1496		

38.2.2. Client 客户端

安装pptp客户端

yum install -y pptp pptp-setup		

38.2.2.1. 创建账号

普通账号

pptpsetup --create vpn --server vpn.netkiller.cn \
--username neo --password netkiller			

加密账号

pptpsetup --create vpn0 --server vpn.netkiller.cn \
--username neo --password netkiller --encrypt			

查看vpn配置文件

# cat /etc/ppp/peers/vpn 
# written by pptpsetup
pty "pptp vpn.netkiller.cn --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name neo
remotename vpn
ipparam vpn			

38.2.2.2. 内核模块安装

for module in nf_nat_pptp nf_conntrack_pptp nf_conntrack_proto_gre
do
    modprobe $module
done			

38.2.2.3. 拨入VPN

链接vpn

pppd call vpn			

查看日志

# tail -f /var/log/messages | grep pppd
Sep  9 19:09:19 iZ621r6pk9aZ pppd[21801]: pppd 2.4.5 started by root, uid 0
Sep  9 19:09:19 iZ621r6pk9aZ pppd[21801]: Using interface ppp0			

38.2.2.4. 路由配置

38.2.2.4.1. 自动配置路由

创建文件/etc/ppp/ip-up.local,写入添加路由命令,然后赋予可执行权限。

[neo@netkiller ppp]# cat /etc/ppp/ip-up.local 
ip route add 192.168.0.0/24 dev ppp0  scope link

[neo@netkiller ppp]# chmod +x /etc/ppp/ip-up.local 

创建文件 /etc/ppp/ip-down.local 写入删除路由命令,然后赋予可执行权限

# cat /etc/ppp/ip-down.local
ip route del 192.168.0.0/24 dev ppp0

chmod +x /etc/ppp/ip-down.local				
38.2.2.4.2. 手工配置路由

添加路由

ip route add 192.168.0.0/24 dev ppp0  scope link			

查看路由表

[neo@netkiller ppp]# ip route 
default via 47.19.19.27 dev eth1 
1.2.2.2 dev ppp0  proto kernel  scope link  src 2.0.1.8 
10.0.0.0/8 via 10.47.47.247 dev eth0 
10.47.40.0/21 dev eth0  proto kernel  scope link  src 10.47.40.190 
47.89.36.0/22 dev eth1  proto kernel  scope link  src 47.89.36.254 
100.64.0.0/10 via 10.47.47.247 dev eth0 
118.142.17.226 via 47.89.39.247 dev eth1  src 47.89.36.254 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
172.16.0.0/12 via 10.47.47.247 dev eth0  
192.168.0.0/24 dev ppp0  scope link			

删除路由

ip route del 192.168.0.0/24 dev ppp0				

FreeBSD 等老系统

route add -net 192.168.0.0/24 dev ppp0				

38.2.3. FAQ

38.2.3.1. 800 错误

错误:800

运行 ipconfig /flushdns 后,再试

38.2.3.2. 测试 PPTP 端口

telnet vpn.netkiller.cn 1723			

38.2.3.3. debug

			# pppd call vpn debug dump logfd 2 updetach
pppd options in effect:
debug		# (from command line)
updetach		# (from command line)
logfd 2		# (from command line)
dump		# (from command line)
noauth		# (from /etc/ppp/peers/vpn)
name cf4		# (from /etc/ppp/peers/vpn)
remotename vpn		# (from /etc/ppp/peers/vpn)
		# (from /etc/ppp/peers/vpn)
pty pptp vpn.netkiller.cn --nolaunchpppd		# (from /etc/ppp/peers/vpn)
ipparam vpn		# (from /etc/ppp/peers/vpn)
nobsdcomp		# (from /etc/ppp/peers/vpn)
nodeflate		# (from /etc/ppp/peers/vpn)
using channel 4
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]

原文发布于微信公众号 - Netkiller(netkiller-ebook)

原文发表时间:2016-09-13

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

发表于

我来说两句

0 条评论
登录 后参与评论

相关文章

来自专栏pangguoming

Centos 安装 neo4j

This is experimental and not considered safe for production. You have been warne...

3768
来自专栏乐沙弥的世界

Oracle RAC环境下如何更新patch(Rolling Patch)

    Oracle RAC数据库环境与单实例数据库环境有很多共性,也有很多异性。对于数据库补丁的更新同样如此,都可以通过opatch来完成。但RAC环境的补...

611
来自专栏SAP最佳业务实践

SAP最佳业务实践:SD–带变式价格的销售报价(663)-2创建报价单

一、VA21Creating Quotation Header The customer inquires about a configurable mater...

3814
来自专栏计算机视觉战队

技术 | 用二进制算法加速神经网络

The original article is published on Nervana site: Accelerating Neural Networks ...

2847
来自专栏CreateAMind

A3C run torcs

check: https://github.com/bn2302/rl_torcs/issues

823
来自专栏生信技能树

基因名变化太快,比如PAM50

当然准备把这些基因跟ensembl数据库的ID对应的时候我发现少了3个,然后我搜索发现它们的symbol其实被修改了,可以说变化比较快啦,才几年时间,3 of ...

952
来自专栏xingoo, 一个梦想做发明家的程序员

HDOJ 1014

Uniform Generator Time Limit: 2000/1000 MS (Java/Others) Memory Limit: 65536...

17010
来自专栏CreateAMind

autoware 代码阅读 sensor

ROS driver to parse NMEA strings and publish standard ROS NavSat message types. ...

1392
来自专栏小樱的经验随笔

HDU 1014 Uniform Generator【GCD,水】

Uniform Generator Time Limit: 2000/1000 MS (Java/Others)    Memory Limit: 65536/...

2464
来自专栏ml

hdu-----(1507)Uncle Tom's Inherited Land*(二分匹配)

Uncle Tom's Inherited Land* Time Limit: 2000/1000 MS (Java/Others)    Memory Lim...

2284

扫码关注云+社区