Build a virtual private network

Build a virtual private network
Build Environment: 1. test environment requirements # cat/dev/net/tun if the command displays the following text, it indicates that the command passes: cat:/dev/net/tun: file descriptor in bad state 2. install pptpapt-get install pptpd 3. edit vi/etc/pptpd. conf. The IP address set here will be used later .... Note .... Comment remove the comment (you can modify it accordingly, but I don't have it) of the last localip and remoteip parameters of the file. localip 10.100.0.1 remoteip 10.100.0.2-10 localip is the ip address of the server after VPN connection, remoteip is the client's allocable ip address. 4. to edit vi/etc/ppp/pptpd-options, you need to change the ms-dns option and assign the DNS server address ms-dns 8.8.8.8 ms-dns 8.8.4.4 to the VPN Client for resolution: ms-dns 8.8.8.8 and ms-dns 8.8.4.4 use google's dns server. 5. edit vi/etc/ppp/chap-secrets to store the VPN user name and password, as shown in the notes in the file. The first column is the user name, and the second column is the name (pptpd by default, if it has been changed in the pptpd-options file, be sure to keep it consistent here), the third column is the password, and the fourth column is the IP address restriction (do not limit writing *) Example: vpn1 pptpd "123456789" * 6. we need to restart the pptpd service to make the new configuration take effect/etc/init. d/pptpd restart now. If we establish a connection, we will find that, apart from the resources that can access the server, the contents of other internal and external contents and the Internet cannot be accessed. If you need to access the content, we need to further set: first, enable ipv4 forward. The method is to modify/etc/sysctl. conf, locate the rows similar to the following and cancel their comments (*. annotations must be removed for all 4.x = 1.): 7. edit vi/etc/sysctl. conf cancels the following comments: (if there is a problem with the bar ,*. when 42.* = 1, all annotations are removed.) net. ipv4.ip _ forward = 1 make the configuration take effect: sysctl-p: Modify the kernel settings so that it supports forwarding, the client machine can access the Internet (I can perform this operation on the virtual machine ). But I still cannot access the network after performing this operation on the lab server, so we need to create a NAT. Here we use powerful iptables to create NAT. First, install iptables: 8. it is critical to enable iptables and nat forwarding by adding iptables forwarding rules. install iptables apt-get intall iptables2. in order for the client to smoothly connect to the VPN Server, the host firewall also needs to open the VPN port (default: 1723) sudo iptables-I input-p tcp -- dport 1723-j ACCEPT sudo iptables-I input-p tcp -- dport 47-j ACCEPT sudo iptables-I OUTPUT-p tcp -- dport 1723- j ACCEPT sudo iptables-I OUTPUT-p tcp -- dport 47-j ACCEPT3. then, we add a rule to the nat table: Set iptables NAT forwarding iptables -T nat-a postrouting-s 192.168.0.0/24-o eth0-j MASQUERADE the settings here are different from those in the previous/etc/pptpd. conf is associated. For more information, see http://www.dabu.info/centos6-4-structures-pptp-vpn.html. Step 4: Start the pptp vpn service and iptables 4. after this operation, the client machine should be able to access the Internet. However, in this case, the iptables rule will be cleared at the next restart, so we also need to save it by using the iptables-save command: iptables-save>/etc/iptables-rules follow the tutorial. 5. edit vi/etc/network/interfaces and find eth0. Add the following sentence at the end of eth0 settings: pre-up iptables-restore </etc/iptables-rules but here I am my file does not have this eth0, it is estimated that the NIC name is not the same, available ifconfig View Details can be found: http://www.dabu.info/centos6-4-structures-pptp-vpn.html 6. set MTU to ensure that too large packets are not discarded (this can be left blank) iptables-I forward-s 192.168.0.0/24-p tcp -- syn-I ppp +-j TCPMSS -- set-mss 1300 9. start the service/etc/init. d/pptpd restart