Build PPTPServer with a single Nic Ubuntu Server

Source: Internet
Author: User
Tags passthrough
Since a Linux server is installed in the lab, more and more things are available. Although the main job of this server is WebServer, it is a good choice to let it do more work, because the pressure on our small site is very small and the vast majority of server resources are still wasted. Since the lab has installed a Linux server, more and more things are available. Although the main job of this Server is Web Server, it is a good choice to let it do more work, because the pressure on our small site is very small and the vast majority of Server resources are still wasted. There are many useful resources in the internal network of the laboratory, such as literature for scientific research and personal experiment data. Once the lab leaves the lab, the content is not so easy to access. The best solution to this problem is VPN. There are many methods to build a VPN server on Ubuntu, including PPTP, L2TP/IPSec, and OpenVPN. Among the three methods, the latter two have better security, but the configuration is troublesome. OpenVPN also requires additional clients on the Windows/Mac platform. Although the L2TP/IPSec method is relatively good, but after I configure it, although Windows and Linux users are normal, Mac/iPhone cannot be connected, so I deleted it temporarily, later, I figured out what the problem was and switched to this method.
 
Only PPTP is left. In fact, PPTP is the easiest way to configure the three, and it is very convenient to use because the corresponding clients are built in Windows/Mac systems. Next I will simply write my installation process, hoping to be useful to friends who need it. If you have any comments, you are welcome to raise them.
 
First, all my operations are performed on the Ubuntu 8.04 Server system described in the previous article. if your system is different from mine, please refer to the previous two articles. My server environment is a single Nic eth0.
 
The required software package for building pptp server in Ubuntu is pptpd, which can be installed with apt-get:
 
The sudo apt-get install pptpd system automatically resolves the dependency. after the dependency is installed, you need to set the dependency. First edit/etc/pptpd. conf
 
Sudo nano/etc/pptpd. conf removes the comments of the localip and remoteip parameters at the end of the file, and modifies them accordingly. Here, localip is the ip address of the server after VPN connection, while remoteip is the client's allocable ip address. The following is my configuration:
 
Localip 10.100.0.1
After the remoteip 10.100.0.2-10 file is edited, we need to edit the/etc/ppp/pptpd-options file with nano. the command will not be written here. Here, the vast majority of parameters only need to maintain the original default value. we only need to change the ms-dns option and assign the DNS server address to the VPN client:
 
Ms-dns 202.113.16.10
Modify the/etc/ppp/chap-secrets file in ms-dns 208.67.222.222. the user name and password of the VPN are stored in the file. enter the password based on your actual situation. As shown in the comments in the file, the first column is the user name, and the second column is the server name (by default, pptpd is used. if you have changed the name in the pptpd-options file, note that it is consistent here ), the third column is the password, and the fourth column is the IP address restriction (do not limit writing ). Here I will not post my configuration.
 
After all the operations are completed, we need to restart the pptpd service to make the new configuration take effect:
 
Sudo/etc/init. d/pptpd restart: Find a Windows computer, create a VPN link, enter the server IP address (or domain name), and enter the user name and password as set, the field is empty (if you set it in pptpd-options, it will be consistent here), just click the link. Under normal circumstances, you should be able to establish a VPN connection with the server.
 
After the connection is established, you will find that in addition to the resources on the server, other internal and external content and Internet content cannot be accessed. If you need to access these contents, we need to further set:
 
First, enable ipv4 forward. The method is to modify/etc/sysctl. conf, find the rows similar to the following and cancel their comments:
 
Net. ipv4.ip _ forward = 1 and then make the new configuration take effect:
 
Sudo sysctl-p sometimes, after this setting, the client machine can access the Internet (I can perform this operation on the virtual machine ). But I still cannot access the network after performing this operation on the lab server, so we need to create a NAT. Here we use powerful iptables to create NAT. First, install iptables:
 
After sudo apt-get intall iptables is installed, we add a rule to the nat table:
 
Sudo iptables-t nat-a postrouting-s 10.100.0.0/24-o eth0-j MASQUERADE, the client machine should be able to access the Internet.
 
However, in this case, the iptables rule will be cleared at the next restart, so we also need to save it by using the iptables-save command:
 
Sudo iptables-save>/etc/iptables-rules, modify the/etc/network/interfaces file, find eth0, and add the following sentence at the end of eth0 settings:
 
Pre-up iptables-restore </etc/iptables-rules: when the eth0 of the NIC is loaded, it is automatically loaded to the configuration saved with iptables-save in advance.
 
At this point, a VPN Server/Gateway is basically set up. Of course, you may have followed my methods and still cannot succeed. Here are some of the problems and solutions I have encountered:
 
Unable to establish VPN connection
After pptpd is installed and configured, the client still cannot establish a connection to the server. Possible causes include:
 
Server-side firewall settings: The PPTP service must use the 1723 (tcp) port and gre protocol. therefore, make sure that your firewall settings allow both of them to pass through.
If the server is behind the vro, make sure that the corresponding settings and port forwarding are completed on the vro.
If the server is behind the router, make sure that your server supports VPN Passthrough.
If the client is behind the router, the router used by the client must also support VPN Passthrough. In fact, a slightly better vro on the market supports VPN Passthrough. of course, it is not ruled out that the cheapest and cheapest goods are indeed not supported. Of course, if your vro can be flushed to DD-Wrt, it will be flushed. DD-Wrt is supported.
Can establish connections, but "almost" cannot access the Internet
Here I use the word "almost" because it is not completely inaccessible to the Internet. The problem is that it is okay to open Google search, but other websites cannot open it. SSH is available, but scp is not; ftp can shake hands, but files cannot be transferred. I encountered this kind of problem. after careful Google, I found that it was a problem with MTU. I tested it with ping and it turned out that the package was too large. You can solve the problem by using iptables. I will not talk about the specific principles. I need to Google myself. Here we only talk about the solution. add the following rules in the filter table:
 
Sudo iptables-a forward-s 10.100.0.0/24-p tcp-m tcp -- tcp-flags SYN, RST SYN
-J TCPMSS -- set-mss 1200 the 1200 in the above rule can be modified according to your actual situation. to ensure the best network performance, this value should be continuously modified, the maximum value in normal network usage.
 
Now, a single network adapter pptp-server is complete.
 
Ps. recently I found my articles have been copied by numerous websites, large and small, many of which are "big sites ". Here I use the term "plagiarism" because your practice is far beyond the normal "reproduction ". After each article, I will emphasize that "repost the source and authorize commercial websites first", but I don't know why it is so difficult to send an email to these editors. I will not name this time. please give a warning first. If you want me to discover it next time, don't blame me. I will reveal it to you in time.
 
Link to the original article **: Hua 'er opened-a single network card Ubuntu Server creates a PPTP Server
 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.