标签归档:VPN

CentOS 7配置pptpd

安装所需要的服务组件

yum install -y ppp pptpd 
yum install -y iptables iptables-services

首先配置/etc/ppp/options.pptpd文件,找到网络和路由设置,我们设置ms-dns为8.8.8.8和8.8.4.4

# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
ms-dns 8.8.8.8
ms-dns 8.8.4.4

接下来,创建PPTP的用户,编辑/etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
your_username * your_password *

接下来修改/etc/pptpd.conf,去除localip和remoteip

# (Recommended)
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

接下来,编辑/etc/sysctl.conf文件,允许IP forwarding,添加net.ipv4.ip_forward=1到文件结尾

# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1

使配置生效

sysctl -p
systemctl restart pptpd.service
systemctl enable pptpd.service

至此,pptpd的配置就完成了,接下来使用iptables配置转发规则。首先关闭firewalld

systemctl stop firewalld
systemctl mask firewalld

添加iptables规则

iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

保存规则

service iptables save
service iptables start

Ubuntu16.04配置pptp

首先安装pptpd服务

apt install update
apt install pptpd

编辑以下配置文件,确保其中的各配置项如下配置

  • /etc/pptpd.conf
option /etc/ppp/pptpd-option                    #指定PPP选项文件的位置
debug                                           #启用调试模式
localip 192.168.0.1                             #VPN服务器的虚拟ip
remoteip 192.168.0.200-238,192.168.0.245        #分配给VPN客户端的虚拟ip
  • /etc/ppp/pptpd-options
name pptpd                      #pptpd服务的名称
refuse-pap                      #拒绝pap身份认证模式
refuse-chap                     #拒绝chap身份认证模式
refuse-mschap                   #拒绝mschap身份认证模式
require-mschap-v2               #允许mschap-v2身份认证模式
require-mppe-128                #允许mppe 128位加密身份认证模式
ms-dns 8.8.8.8                  #使用Google DNS
ms-dns 8.8.4.4                  #使用Google DNS
proxyarp                        #arp代理
debug                           #调试模式
dump                            #服务启动时打印出所有配置信息
lock                            #锁定TTY设备
nobsdcomp                       #禁用BSD压缩模式
logfile /var/log/pptpd.log      #输出日志文件位置
  • /etc/ppp/chap-secrets
#格式:用户名   服务类型   密码   分配的ip地址
test    *    12345678    *
#第一个*代表服务可以是PPTPD也可以是L2TPD,第二个*代表随机分配ip

完成以上后,pptpd的配置就完成了,重启生效

service pptpd restart

接下来设置路由规则,首先修改/etc/sysctl.conf,取消下面一行的注释:

net.ipv4.ip_forward=1

使配置生效

sysctl -p

使用iptables创建NAT转发规则

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

使用iptables-persistent持久化规则的方法见此文章:使用iptables-persistent持久化iptables规则

至此,pptp配置完成

在Ubuntu上配置PPTP VPN服务器

With a PPTP server, you can setup a VPN server easily. Having a virtual private network is beneficial to both individual users and businesses alike.

This tutorial explains how you can install a PPTP server on Ubuntu. The steps are generic, they should apply to almost all versions of Ubuntu.

Step 1: Installing pptpd

The first thing that we need to do is, naturally, install pptpd.

apt-get install pptpd

Installing PPTPD is that easy! Now we need to actually setup the PPTP server.

Step 2: Adding users

We don’t want everyone to be able to access our VPN of course; because of this, you can create users so that only the users with the correct password will be able to access your VPN. To add users, edit the file:

/etc/ppp/chap-secrets

The format is:

[username] [service] [password] [ip]

Username and password are pretty straightforward, service and IP are not though. Service is usually pptpd. If you just want to setup a VPN, use pptpd for the service – it will work. If you want to restrict the IP that a user can login from, you can use his/her IP. If you want connections from that account to be made from all IPs, you can use *.

Sample:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user001 * password001 *
user002 pptp password002 *
user003 * password001 123.123.123.123
# The first * means you can use both pptpd and l2tpd

Step 3: Edit the pptpd settings

There are a few things that we need to edit. Start by editing the following file:

/etc/pptpd/pptpd.conf

Look for the localip and remoteip settings. Remove the # (comment character) for both so that these settings will actually be recognized. Change localip to your server IP. If you don’t know your server IP, use ifconfig command

ifconfig

The remoteip is basically the IP range that clients (computers that are connected to your VPN) will be assigned. For example, if you want the following IP range: 192.168.120.231-235, your VPN server will be able to assign 192.168.120.232, 192.168.120.233, 192.168.120.234, and 192.168.120.235 to clients. It’s up to you what you want to use for this field.

Step 4: Update sysctl.conf

Find the line net.ipv4.ip_forward in the sysctl.conf file. We need to uncomment this line, so open the following file:

/etc/sysctl.conf

Make sure that it says net.ipv4.ip_forward=1, and not net.ipv4.ip_forward=0.

Then make changes active:

sysctl -p

Step 5: Restarting pptpd

At this point, everything will work. Restart pptpd.

service pptpd restart

Congratulations, you now have a PPTP server!

Ref: