Steps for configuring VPN pptpd in ubuntu 12.04

The required software package for building pptp server in Ubuntu is pptpd, which can be installed with apt-get:

Sudo apt-get <abbr title = "Thanks zz! "> Installabbr> pptpd

The system automatically resolves the dependency. After the dependency is installed, you need to set the dependency. First edit/etc/pptpd. conf

Sudo nano/etc/pptpd. conf

Remove the comments of the localip and remoteip parameters at the end of the file and modify them accordingly. Here, localip is the ip address of the server after VPN connection, while remoteip is the client's allocable ip address. The following is my configuration:

Localip 10.100.0.1
Remoteip 10.100.0.2-10

After editing this file, we need to edit the/etc/ppp/pptpd-options file, or use nano to edit the file. The command will not be written here. Here, the vast majority of parameters only need to maintain the original default value. We only need to change the ms-dns option and assign the DNS server address to the VPN client:

Ms-dns 202.113.16.10
Ms-dns 208.67.222.222

Modify the/etc/ppp/chap-secrets file, which contains the VPN user name and password. Enter the password based on your actual situation. As shown in the comments in the file, the first column is the user name, and the second column is the server name (by default, pptpd is used. If you have changed the name in the pptpd-options file, note that it is consistent here ), the third column is the password, and the fourth column is the IP address restriction (do not limit writing ).

After all the operations are completed, we need to restart the pptpd service to make the new configuration take effect:

Sudo/etc/init. d/pptpd restart

Find a Windows computer, create a VPN link, fill in the server IP address (or domain name), fill in the set username and password, the field is empty (if you set it in pptpd-options, it will be consistent here), just click the link. Under normal circumstances, you should be able to establish a VPN connection with the server.

After the connection is established, you will find that in addition to the resources on the server, other internal and external content and Internet content cannot be accessed. If you need to access these contents, we need to further set:

First, enable ipv4 forward. The method is to modify/etc/sysctl. conf, find the rows similar to the following and cancel their comments:

Net. ipv4.ip _ forward = 1

Then make the new configuration take effect:

Sudo sysctl-p
Sometimes, after this setting, the client machine can access the Internet (I can perform this operation on the virtual machine ). But I still cannot access the network after performing this operation on the lab server, so we need to create a NAT. Here we use powerful iptables to create NAT. First, install iptables:

Sudo apt-get install iptables

After installation, we add a rule to the nat table:

Sudo iptables-t nat-a postrouting-s 10.100.0.0/24-o eth0-j MASQUERADE

After this operation, the client machine should be able to access the Internet.

However, in this case, the iptables rule will be cleared at the next restart, so you need to save it by using the iptables-save command:

Sudo iptables-save>/etc/iptables-rules

Modify the/etc/network/interfaces file, find eth0, and add the following sentence at the end of eth0 settings:

Pre-up iptables-restore </etc/iptables-rules

In this way, when the network adapter eth0 is loaded, it will automatically load the configuration we saved with iptables-save in advance.

At this point, a VPN Server/Gateway is basically set up. Of course, you may have followed my methods and still cannot succeed. Here are some of the problems and solutions I have encountered:

Unable to establish VPN connection

After pptpd is installed and configured, the client still cannot establish a connection to the server. Possible causes include:

1. Server-side firewall settings: The PPTP service must use the 1723 (tcp) port and gre protocol. Therefore, make sure that your firewall settings allow both of them to pass through.
2. If the server is behind the vro, make sure that the corresponding settings and port forwarding are completed on the vro.
3. If the server is behind the router, make sure that your server supports VPN Passthrough.
4. If the client is behind the vrorough, the vro used by the client must also support VPN Passthrough. In fact, a slightly better vro on the market supports VPN Passthrough. Of course, it is not ruled out that the cheapest and cheapest goods are indeed not supported. Of course, if your vro can be flushed to DD-Wrt, it will be flushed. DD-Wrt is supported.
Can establish connections, but "almost" cannot access the Internet

The word "[almost]" is used here because it is not completely inaccessible to the Internet. The problem is that it is okay to open Google search, but other websites cannot open it. SSH is available, but scp is not; ftp can shake hands, but files cannot be transferred. I encountered this kind of problem. After careful Google, I found that it was a problem with MTU. I tested it with ping and it turned out that the package was too large. You can solve the problem by using iptables. I will not talk about the specific principles. I need to Google myself. Here we only talk about the solution. Add the following rules in the filter table:

Sudo iptables-a forward-s 10.100.0.0/24-p tcp-m tcp -- tcp-flags SYN, rst syn-j TCPMSS -- set-mss 1200

The 1200 in the above rule can be modified according to your actual situation. To ensure the best network performance, this value should be continuously modified until the maximum value can be ensured during normal network usage.

Now, a single network adapter pptp-server is complete.