1.1 服務器軟件安裝
安裝PPTP Server 所需的軟件:
- 安裝PPTP:
sudo apt-get install pptpd
PPTP Server的軟件安裝很簡單,只需要安裝pptpd就可以了。
1.2 配置
- 執行命令vi /etc/pptpd.conf配置pptpd.conf文件,增加修改如下:
------------------/etc/pptpd.conf-----------------------------
……#省略部分打印
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
localip 66.66.66.1 #server端地址
remoteip 66.66.66.2-100 #client端可分配地址段
-------------------------------------------------------------------
- 執行命令vi /etc/ppp/pptpd-options配置pptpd-option文件,編輯修改如下:
------------------/etc/ppp/pptpd-options-----------------------------
……#省略部分打印
# (must match the second field in /etc/ppp/chap-secrets entries)
name 192.168.10.99 #修改用於認證的本機名,可直接使用IP地址
# Optional: domain name to use for authentication
# domain mydomain.net
# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain
# Encryption
# Debian: on systems with a kernel built with the package
# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
# {{{
#refuse-pap
#refuse-chap
#refuse-mschap #注釋掉默認拒絕的方式
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
#require-mschap-v2 #注釋掉默認允許的方式
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
#require-mppe-128
require-chap #添加允許的方式
# }}}
# Network and Routing
# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by a Windows
# client. See KB311218 in Microsoft's knowledge base for more information.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
ms-dns 202.106.0.20
ms-dns 6.6.6.6 #添加server端為client分配的dns
……#省略部分打印
-------------------------------------------------------------------
- 添加用戶,編輯chap-secrets文件增加用戶名密碼:
---------------/etc/ppp/chap-secrets------------------
# Secrets for authentication using CHAP
# client server secret IP addresses
test-pptp * 123456 *
-----------------------------------------------------------
//*表示不指定服務器和IP地址
1.3 啟動和關閉服務器
執行如下命令可以啟動、停止或重啟pptp server:
# /etc/init.d/pptpd start
# /etc/init.d/pptpd stop
# /etc/init.d/pptpd restart
可以查看進程檢查服務器是否已啟動:
1.4 啟用服務器數據轉發
通過前面的配置,pptp客戶端應該已經可以正常撥號並獲取地址,但是如果不啟用服務器的數據轉發,client即使拿到IP地址,流量也只能到達server而無法轉發出去,可通過以下步驟啟用服務器的數據轉發。
- 修改sysctl.conf文件啟用forward:
# vi /etc/sysctl.conf
執行命令sysctl –p讓修改生效:
- 使用iptables規則
iptables -A INPUT -i eth0 -s 66.66.66.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 66.66.66.0/24 -j SNAT --to-source 192.168.10.99 //192.168.10.99為服務器上實際網絡出口的地址
1.5 測試
本處使用win7系統進行測試:
創建新的網絡連接
創建完成后,修改VPN類型為PPTP:
撥號連接則可以正常從服務器上獲取地址並連接網絡:
查看獲取到的地址和DNS:
路由跟蹤可以看到所有訪問外部網絡的數據均經過pptp server進行轉發:
電腦上抓包可以看到數據包已進行ppp和gre封裝:
Server端:
