Ubuntu9.04 install the PPTPVPN Service

In fact, it is not difficult to set p installation. It takes a long time to configure the corresponding iptables. sudoapt-get

The iPhone does not support OpenVPN. previous articles have explained how to set OpenVPN on Ubuntu of Linode. today, we are eager to support the iPhone by PPTP. In addition, although PPTP is slower than OpenVPN, it is easy to load. the installation and setting of pptp is not difficult at all, but it takes a lot of time to configure the corresponding iptables.

Sudo apt-get install pptpd-y

It is so convenient In Ubuntu that the package dependency is automatically solved. After the installation is complete, back up/etc/pptpd. conf to modify the configuration. Well, here we will talk about a long waste of time.

Option/etc/ppp/pptpd-options
# Logwtmp
Localip 192.168.100.254
Remoteip 192.168.100.130-199
In fact, this configuration file is very simple option and will not be mentioned. The default value is. for localip and remoteip, use the last two sections of the sample configuration file to open the comment. here, we need to comment out the logwtmp option on Ubuntu 9. I don't know why. Thanks for your help on twitter, the previous configuration always fails to connect to the user. It is easy to use it after modification ..
The second step is to modify the configuration file/etc/ppp/chap-secrets, which stores the PPTP user information. According to the description in the configuration file, the following format is OK. the intermediate pptpd service does not need to be modified if it is used by default.

Yourname pptpd yourpassword *
At last, an asterisk is used to indicate that the VPN can be accessed by this user anywhere. Does the VPN provide convenient access? The last modification is/etc/ppp/pptpd-options. I only modified ms-dns xx. xx. xx. xx XXOO indicates the vro address of the server. It is similar to the push DNS of openvpn, that is, to allow the client to access the network through this DNS,
After configuration, restart the pptp service. In ubuntu, I restarted it like this.

$ Sudo/etc/init. d/pptpd stop
$ Sudo/etc/init. d/pptpd start
If the iptables firewall is not configured on your server, you can now establish a simple PPTP connection on XP to access server resources, the next step is to configure iptables. Remember to back up the current configuration carefully. add a rule to allow port 1723 to pass, and then allow the gre protocol to pass through the firewall. xx. xx. xx is the address bound to the server Nic. Generally, eth0 is the address connected to the Internet.

$ Sudo iptables-a input-p tcp-m state -- state NEW -- dport 1723-j ACCEPT
$ Sudo iptables-a input-p gre-j ACCEPT
$ Sudo iptables-a output-p gre-j ACCEPT
$ Sudo iptables-a input-p tcp -- sport 1723-s xx. xx-j ACCEPT
$ Sudo iptables-a output-p tcp -- dport 1723-d xx. xx-j ACCEPT
Everything has a successful connection, but now there is another thing to do, that is, the current PPTP link can be smoothly linked to the server to form an internal network, but it can only access server resources, A small step away from accessing the Internet through VPN,

$ Sudo iptables-t nat-a postrouting-s 192.168.100.0/24-o eth0-j MASQUERADE
In this step, the external links are implemented through the routing of data packets in section 192.168 and section 100 to the master network card. All the work is done. Bingo!