1.1 服务器软件安装
安裝PPTP Server 所需的软件:
- 安装PPTP:
sudo apt-get install pptpd
PPTP Server的软件安装很简单,只需要安装pptpd就可以了。
1.2 配置
- 执行命令vi /etc/pptpd.conf配置pptpd.conf文件,增加修改如下:
------------------/etc/pptpd.conf-----------------------------
……#省略部分打印
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
localip 66.66.66.1 #server端地址
remoteip 66.66.66.2-100 #client端可分配地址段
-------------------------------------------------------------------
- 执行命令vi /etc/ppp/pptpd-options配置pptpd-option文件,编辑修改如下:
------------------/etc/ppp/pptpd-options-----------------------------
……#省略部分打印
# (must match the second field in /etc/ppp/chap-secrets entries)
name 192.168.10.99 #修改用于认证的本机名,可直接使用IP地址
# Optional: domain name to use for authentication
# domain mydomain.net
# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain
# Encryption
# Debian: on systems with a kernel built with the package
# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
# {{{
#refuse-pap
#refuse-chap
#refuse-mschap #注释掉默认拒绝的方式
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#require-mschap-v2 #注释掉默认允许的方式
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
require-chap #添加允许的方式
# }}}
# Network and Routing
# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by a Windows
# client. See KB311218 in Microsoft's knowledge base for more information.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
ms-dns 202.106.0.20
ms-dns 6.6.6.6 #添加server端为client分配的dns
……#省略部分打印
-------------------------------------------------------------------
- 添加用户,编辑chap-secrets文件增加用户名密码:
---------------/etc/ppp/chap-secrets------------------
# Secrets for authentication using CHAP
# client server secret IP addresses
test-pptp * 123456 *
-----------------------------------------------------------
//*表示不指定服务器和IP地址
1.3 启动和关闭服务器
执行如下命令可以启动、停止或重启pptp server:
# /etc/init.d/pptpd start
# /etc/init.d/pptpd stop
# /etc/init.d/pptpd restart
可以查看进程检查服务器是否已启动:
1.4 启用服务器数据转发
通过前面的配置,pptp客户端应该已经可以正常拨号并获取地址,但是如果不启用服务器的数据转发,client即使拿到IP地址,流量也只能到达server而无法转发出去,可通过以下步骤启用服务器的数据转发。
- 修改sysctl.conf文件启用forward:
# vi /etc/sysctl.conf
执行命令sysctl –p让修改生效:
- 使用iptables规则
iptables -A INPUT -i eth0 -s 66.66.66.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 66.66.66.0/24 -j SNAT --to-source 192.168.10.99 //192.168.10.99为服务器上实际网络出口的地址
1.5 测试
本处使用win7系统进行测试:
创建新的网络连接
创建完成后,修改VPN类型为PPTP:
拨号连接则可以正常从服务器上获取地址并连接网络:
查看获取到的地址和DNS:
路由跟踪可以看到所有访问外部网络的数据均经过pptp server进行转发:
电脑上抓包可以看到数据包已进行ppp和gre封装:
Server端:
