Recently the United States office is ready to modify the VPN settings,
1, replace the current PPTP VPN with OpenVPN.
2, restrict VPN access to the Internet, in the future through the VPN can only access internal resources.
The effect on Me is:
1, cannot use the mobile phone to connect the VPN, the iphone does not support OpenVPN.
2, can not use the company VPN.
Do not think of their linode vps, usually only to do some testing and host some imified bot, the monthly 200G of traffic is mostly wasted, rather than simply build a VPN.
Because of pure use, do not need any complex configuration, very simple to take care of, the steps are as follows:
1, install PPTP service, because the system is Ubuntu, so simple apt-get can be.
sudo apt-get install pptpd-y
2, modify the/etc/pptpd.conf
This configuration file content is very simple, the main need to modify is the end of the file Localip and Remoteip
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
Remoteip refers to the ip,localip that will be assigned to the VPN client in the future is the remote address that the VPN client will see in the future. After the VPN client establishes the VPN connection:
On the VPN client ifconfig see:
Ppp0:flags=8051<up,pointopoint,running,multicast> MTU 1444
inet 192.168.0.234-192.168.0.1 netmask 0xffffff00
On the Linode ifconfig see:
Ppp0link Encap:point-to-point Protocol
inet addr:192.168.0.1 p-t-p:192.168.0.234 mask:255.255.255.255
Up Pointopoint RUNNING noarp multicast mtu:1496 metric:1
RX packets:385 errors:0 dropped:0 overruns:0 frame:0
TX packets:322 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 Txqueuelen:3
RX bytes:56584 (56.5 kb) TX bytes:91628 (91.6 KB)
3, modify the/etc/ppp/chap-secrets, this file name is saved in the user name password to access the VPN, the format is as follows:
Username pptpd Password *
Username and password are plaintext, PPTPD represents the service name, corresponds to the name in/etc/ppp/options.pptpd, usually the default is PPTPD, and the last item is the ip,* delegate assigned to the user is assigned randomly.
4, modify/ETC/PPP/OPTIONS.PPTPD, most of the configuration items do not need to modify, in addition to DNS settings:
#ms-dns x.x.x.x
#ms-dns x.x.x.x
Remove the previous # comment symbol and modify the address to a truly valid DNS server address. Once the VPN client has established a VPN connection, the DNS server specified here will be used to resolve the domain name. If not specified here, it needs to be specified on each VPN client.
If the system is Ubuntu, you also need to specify the location of the log file in this file, otherwise you will need to comment out logwtmp in/etc/pptpd.conf to completely close the log.
Logfile/var/log/pptpd.log
5. Restart PPTP
/ETC/INIT.D/PPTPD restart
Normally the VPN will work, and the client can already establish a VPN connection to the server and access the server's resources. However, because there is no VPN-to-Internet-based route, the client is unable to access the Internet via VPN and needs to be addressed by setting up routing rules.
6. Turn on IP forwarding
Modify/etc/sysctl.conf, open net.ipv4.ip_forward=1
Perform sysctl-p to make the configuration effective.
7, installation iptables, through the iptables set the forwarding rules simple,
Apt-get Intall iptables
8. Add a forwarding Rule
Iptables-a forward-s 192.168.0.0/24-j ACCEPT
Iptables-t nat-a postrouting-s 192.168.0.0/24-o eth0-j Masquerade
192.168.0.0/24 corresponding to REMOTEIP network segment
9. Save Iptables Forwarding Rules
Because iptables adds a forwarding rule that fails after a system or network device restarts, it is necessary to save the Iptables configuration and enable it to recover after a reboot.
Save forwarding rules to/etc/iptables-rules
Iptables-save >/etc/iptables-rules
Create a new file/etc/network/if-up.d/iptables
#!/bin/sh
Iptables-restore </etc/iptables-rules
chmod +x/etc/network/if-up.d/iptables
This will re-read the iptables forwarding rule from iptables-rules every time the NIC starts