Build pptpvpnserver using fedora

Source: Internet
Author: User
Tags freeradius
1 first download the pptpd source code from sourceforge http: sourceforgenetprojectspoptopfiles? Source = navbar2: compile the source code configure & amp; make & amp; makeinstall3. 1. first download the pptpd source code from sourceforge.Http://sourceforge.net/projects/poptop/files? Source = navbar
2. compile the source code Examples/examples + Cjxicj4KCjMuMSC/examples + examples/examples + NDQ0N64xAo8YnI + examples + example "ynote_table" border = "1" cellpadding = "2" cellspacing = "0" width = "100%">Localip 222.201.139.156 # The physical IP address of the local machine. you can use ifconfig to obtain the remoteip 192.168.0.234-238,192.168 .0.245 # The IP address space allocated to the remotely connected machine.

4.2 modify/etc/ppp/chap-secrets as the user name and password for remote connection. with the configuration template, you can see how to add
# Secrets for authentication using CHAP # client server secret IP addresses # username pptpd password * ethanshan pptpd 111111 *

4.3 modify/etc/ppp/options.ppt pd and find the ms-dns option under the configuration item Netwok and Routing. the option is commented out by default and changed to the following configuration,
Ms-dns 222.201.130.30ms-dns 222.201.130.33
The IP address of the domain name system after ms-dns can be obtained by viewing the/etc/resolv. conf file.

4.4 modify packet forward configuration in/etc/sysctl. conf. open the file and find net. ipv4.ip _ forward and change it to = 1.

# Kernel sysctl configuration file # For binary values, 0 is disabled, 1 is enabled. See sysctl (8) and # sysctl. conf (5) for more details.
# Controls IP packet forwarding # Default this conf is 0, I use pptpd, so edit it to 1net. ipv4.ip _ forward = 1
# Controls source route verificationnet. ipv4.conf. default. rp_filter = 1
# Do not accept source routingnet. ipv4.conf. default. accept_source_route = 0
# Controls the System Request debugging functionality of the kernelkernel. sysrq = 0
# Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel. core_uses_pid = 1
# Disable netfilter on bridges.net. bridge. bridge-nf-call-ip6tables = 0net. bridge. bridge-nf-call-iptables = 0net. bridge. bridge-nf-call-arptables = 0
Then run the following command to make it take effect immediately,
Sysctl-p

4.5 Modify the mtu value in the/etc/ppp/ip-up configuration file to open the configuration file. add the following command before the last exit command:
Ifconfig $1 mtu 1400


5. if the iptables firewall is enabled, add the pptpd configuration to it and execute the following commands:
Iptables-a input-I eth0-p tcp -- dport 1723-j ACCEPT
Iptables-a input-I eth0-p gre-j ACCEPT
Iptables-a forward-I ppp +-o p3p1-j ACCEPT
Iptables-a forward-I eth0-o ppp +-j ACCEPT
Iptables-a output-p tcp -- dport 1723-j ACCEPT
Iptables-a output-p gre-j ACCEPT
Iptables-t nat-a postrouting-o eth0-j MASQUERADE

6. run pptpd. run the following command to run pptpd on the foreground:
Pptpd-f

7. pptpd running errorWhen the Client connection is possible pptpd output pptpd-logwtmp.so cannot be found, the solution is to compile the pptpd directory under the plugin directory corresponding to the. so file copy to/usr/lib/pptpd directory. This may prompt that the version is incorrect. you can modify the patch in the plugin directory. level. H File, change the version to the one found in the error output, and then make the following. the so file overwrites the files in the/usr/lib/pptpd directory, so that you can run pptpd again.

8. Windows link configurationDuring configuration, the link always fails. you can check it online and find that you need to set the Data encryption option to Optional encryption.



9 limit the number of connections under an account

Pptp vpn service provided on linux uses chap authentication by default. This authentication method is simple. you only need to use the correct user name and password to connect to an account. you cannot limit the number, traffic, and speed of connections to an account. If you want to implement these restrictions, you can use freeradius certification. However, I personally feel that configuring freeradius is not a very tedious task. after a few hours of a night, I finally gave up...

However, there is a simple method to limit the number of connections in the same account. The method provided here is changed from an English website. If you cannot find what you want in Chinese, you may find something new in English.

The implementation method is simple. Create a file named auth-up under the/etc/ppp folder. Write the following content in it:

Click to closeBASH CODE
#!/bin/sh# get the username/ppp line number from the parameters  REALDEVICE=$1  USER=$2# create the directory to keep pid files per user  mkdir -p /var/run/pptpd-users# if there is a session already for this user, terminate the old one  if [ -f /var/run/pptpd-users/$USER ]; then    kill -HUP `cat /var/run/pptpd-users/$USER`  fi# copy the pid file of current user to /var/run/pptpd-users  cp "/var/run/$REALDEVICE.pid" /var/run/pptpd-users/$USER

In this way, if an account is connected, it is recorded in the/var/run/pptpd-users directory. Once this account is logged on again, the old connection will be killed. Therefore, the subsequent connections have priority.


Youdao Note connection: http://note.youdao.com/share? Id = fc97d357e5852a6f15cefb14a99f06d1 & type = note
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.