Build PPTP VPN
1. VPN overview VPN (Virtual Private Network) Virtual Private Network. It relies on ISP and other facilities and services to establish a dedicated data communication network in a public network, A secure data transmission tunnel service can be provided between enterprises or between individuals and enterprises. The connection between any two points in the VPN does not have an end-to-end physical link required by the traditional private network, instead, public network resources are dynamically formed, it can be understood that the private network simulated on the public data network through the private tunnel technology has the same function of point-to-point leased line technology. The so-called virtual connection means that you do not need to pull the actual long-distance physical link, instead, the public Internet network is used for implementation. 2. VPN enterprise application classification. 1) remote access to the VPN service. The employee's personal computer is remotely dialing to the enterprise office network, for example, the O & M personnel of the company's OA system remotely dial to the IDC room and remotely maintain the server. 2) VPN service between the Intranet of the company's branches and the LAN of the company's headquarters. For example, business settlement among major supermarkets 3) Internet companies VPN between multiple IDCs to serve business management and business access between different IDCs, data flow 4) external VPN service of the enterprise establishes a VPN service between the LAN of the supplier, the LAN of the partner, and the LAN of the company. 5) access the business application of foreign websites through the wall. 3. Common Tunnel Protocol Introduction. 1) PPTP: the point-to-point tunnel protocol (PPTP) is a point-to-point tunnel protocol developed by PPTP forums consisting of Microsoft and 3Com. It is based on the PPP protocol used for dialing, use encryption algorithms such as PAP or CHAP, or use Microsoft's point-to-point encryption algorithm MPPE. It creates a VPN over a TCP/IP-based data network to implement secure data transmission from a remote client to a dedicated Enterprise Server. PPTP supports creating on-demand, multi-protocol, and virtual private networks through public networks (such as the Internet. PPTP allows encrypted IP communication, and then encapsulates it in the IP header sent across the company's IP network or public IP network (such as the Internet. The typical open-source software for linux is pptpPPTP (Point to point Tunneling Protocol, Point to point tunnel Protocol). The default port number is 1723, which works on the second layer. PPTP is a Point-to-Point Tunneling Protocol that separates control packets from data packets, and controls control packets over TCP. PPTP uses the TCP protocol and is suitable for use in networks without firewall restrictions. It is suitable for remote enterprise users to dial in to the enterprise for office and other applications. 2) L2TP 3) IPSEC 4) ssl vpn → OpenVPN 4. achieve the maximum advantage of pptp vpn, a common open-source product of VPN, Windows native support, without the need to install a client, the disadvantage is that many residential areas and network devices do not support PPTP and thus cannot access the typical OpenVPN of ssl vpn, which is not only suitable for pptp scenarios, it is also suitable for non-stop on-demand VPN connections between two branch companies in different regions. The disadvantage is that the client ipsec vpn needs to be installed. It is suitable for non-stop on-demand VPN connections between the company's two branch offices in different regions or multiple IDCs, and is easier to deploy and use: PPTP> L2TP> OpenVPN speed: PPTP> OpenVPN UDP> L2TP> OpenVPN TCP security: OpenVPN> L2TP> PPTP stability: OpenVPN> L2TP> PPTP network Applicability: openVPN> PPTP> L2TP 5. Install pptp vpn in practice. 1) check whether the system has enabled PPP. Generally, You need to verify the VPS [root @ backup ~]. # Cat/dev/ppp cat:/dev/ppp: No such device or address if the above prompt is displayed, it indicates that PPP is enabled and the PPTP service can be properly structured, if you see other prompts such as Permission denied, you need to go to the VPS panel to see if there is any enable ppp function switch. If not, you need to send a message to your provider and ask them to activate it for you. 2) Set kernel forwarding [root @ m01 ~] # Grep forw/etc/sysctl. conf # Controls IP packet forwardingnet. ipv4.ip _ forward = 0 [root @ m01 ~] # Sed-I's # net. ipv4.ip _ forward = 0 # net. ipv4.ip _ forward = 1 # G'/etc/sysctl. conf [root @ m01 ~] # Grep forw/etc/sysctl. conf # Controls IP packet forwardingnet. ipv4.ip _ forward = 1 [root @ m01 ~] # Sysctl-p 3) install pptprz-yrpm-ivh ppp-2.4.5-17.0.rhel6.x86_64.rpm rpm-ivh pptpd-1.3.4-2.el6.x86_64.rpm 4) Configure pptp to modify the pptpd configuration file and add the Local Public IP (localIP) vim/etc/pptpd. add two lines to conf: localip 10.0.0.5remoteip 172.16.1.100-172.16.1.120 modify the ppp configuration file and add the DNS address vim/etc/ppp/options.ppt pd search keyword dnsms-dns 180.76.76.76 5) add a user and start vim/etc/ppp/chap-secrets ###### system-config-network will overwrite this part !!! (Begin) ######### wyz * 123456 * ####### system-config-network will overwrite this part !!! (End )############