| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
過程 43.12. pptpd 安裝步驟
install
Ubuntu
$ sudo apt-get install pptpd
CentOS
# yum install pptp pptp-setup
$ sudo vim /etc/pptpd.conf
localip 172.16.0.1 remoteip 172.16.0.50-100
$ sudo vim /etc/ppp/pptpd-options
ms-dns 208.67.222.222 ms-dns 208.67.220.220
$ sudo vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP # client server secret IP addresses neo pptpd chen *
restart
sudo /etc/init.d/pptpd restart Restarting PPTP: Stopping PPTP: pptpd. Starting PPTP Daemon: pptpd.
# ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.3.9 P-t-P:192.168.3.15 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1396 Metric:1
RX packets:1545 errors:0 dropped:0 overruns:0 frame:0
TX packets:1008 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:342505 (334.4 KiB) TX bytes:239324 (233.7 KiB)
$ sudo vim /etc/sysctl.conf
# Uncomment the next line to enable packet forwarding for IPv4 net.ipv4.ip_forward=1
refresh status
$ sudo sysctl -p net.ipv4.ip_forward = 1
NAT
$ sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE $ sudo iptables-save > /etc/iptables-rules
$ sudo vim /etc/network/interfaces
pre-up iptables-restore < /etc/iptables-rules
firewall
$ sudo ufw allow 1723 Rules updated
MTU
$ sudo iptables -A FORWARD -s 10.100.0.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200 還有一個最簡單的修改mtu的辦法: $ sudo vim /etc/ppp/ip-up.local !/bin/bash /sbin/ifconfig $1 mtu 1496
安裝pptp客戶端
yum install -y pptp pptp-setup
普通賬號
pptpsetup --create vpn --server vpn.netkiller.cn \ --username neo --password netkiller
加密賬號
pptpsetup --create vpn0 --server vpn.netkiller.cn \ --username neo --password netkiller --encrypt
查看vpn配置檔案
# cat /etc/ppp/peers/vpn # written by pptpsetup pty "pptp vpn.netkiller.cn --nolaunchpppd" lock noauth nobsdcomp nodeflate name neo remotename vpn ipparam vpn
for module in nf_nat_pptp nf_conntrack_pptp nf_conntrack_proto_gre
do
modprobe $module
done
連結vpn
pppd call vpn
查看日誌
# tail -f /var/log/messages | grep pppd Sep 9 19:09:19 iZ621r6pk9aZ pppd[21801]: pppd 2.4.5 started by root, uid 0 Sep 9 19:09:19 iZ621r6pk9aZ pppd[21801]: Using interface ppp0
創建檔案/etc/ppp/ip-up.local,寫入添加路由命令,然後賦予可執行權限。
[neo@netkiller ppp]# cat /etc/ppp/ip-up.local ip route add 192.168.0.0/24 dev ppp0 scope link [neo@netkiller ppp]# chmod +x /etc/ppp/ip-up.local
創建檔案 /etc/ppp/ip-down.local 寫入刪除路由命令,然後賦予可執行權限
# cat /etc/ppp/ip-down.local ip route del 192.168.0.0/24 dev ppp0 chmod +x /etc/ppp/ip-down.local
添加路由
ip route add 192.168.0.0/24 dev ppp0 scope link
查看路由表
[neo@netkiller ppp]# ip route default via 47.19.19.27 dev eth1 1.2.2.2 dev ppp0 proto kernel scope link src 2.0.1.8 10.0.0.0/8 via 10.47.47.247 dev eth0 10.47.40.0/21 dev eth0 proto kernel scope link src 10.47.40.190 47.89.36.0/22 dev eth1 proto kernel scope link src 47.89.36.254 100.64.0.0/10 via 10.47.47.247 dev eth0 118.142.17.226 via 47.89.39.247 dev eth1 src 47.89.36.254 169.254.0.0/16 dev eth0 scope link metric 1002 169.254.0.0/16 dev eth1 scope link metric 1003 172.16.0.0/12 via 10.47.47.247 dev eth0 192.168.0.0/24 dev ppp0 scope link
刪除路由
ip route del 192.168.0.0/24 dev ppp0
FreeBSD 等老系統
route add -net 192.168.0.0/24 dev ppp0
# pppd call vpn debug dump logfd 2 updetach pppd options in effect: debug # (from command line) updetach # (from command line) logfd 2 # (from command line) dump # (from command line) noauth # (from /etc/ppp/peers/vpn) name cf4 # (from /etc/ppp/peers/vpn) remotename vpn # (from /etc/ppp/peers/vpn) # (from /etc/ppp/peers/vpn) pty pptp vpn.netkiller.cn --nolaunchpppd # (from /etc/ppp/peers/vpn) ipparam vpn # (from /etc/ppp/peers/vpn) nobsdcomp # (from /etc/ppp/peers/vpn) nodeflate # (from /etc/ppp/peers/vpn) using channel 4 Using interface ppp0 Connect: ppp0 <--> /dev/pts/6 sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>] sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]