Configure a VPN Server for Windows host access in Ubuntu

Source: Internet
Author: User
VPN (VirtualPrivateNetwork) is a virtual network established on the basis of the existing network, mainly used to help two networks communicate through the VPN tunnel. the advantage of VPN is that after the computer A1 in Network A is connected to the computer in Network B through A tunnel, A1 will be able to use the network environment of network B.

VPN (Virtual Private Network) is a Virtual Network established on the basis of the existing Network, mainly used to help two networks communicate through the VPN tunnel. the advantage of VPN is that after the computer A1 in Network A is connected to the computer in Network B through A tunnel, A1 will be able to use the network environment of network B. VPN is divided into two types: encryption and non-encryption. generally, we use encrypted VPN. common protocols for encrypted VPN include SSL and PPTP. PPTP is a built-in protocol in Windows. Therefore, if you want to build a VPN server that supports Windows computer access, you 'd better use the PPTP server software. the main purpose of the current VPN is to access an internal network in a remote location.

 

Note: the VPN server must be a computer with an Internet IP address. if the IP address belongs to 10.0.0.0 ~ 10.20.255.255, 172.16.0.0 ~ 172.31.255.255, 192.168.0.0 ~ The three IP address segments 192.168.255.255 do not have the conditions for building a VPN server.

Poptop is a PPTP server software in Linux. Today We mainly use it to configure a VPN server. The Ubuntu system uses the following command to install Poptop: $ sudo apt-get install pptpd
If your Linux kernel version is earlier than 2.6.15, check whether MPPE: $ sudo modprobe ppp-compress-18 is supported & echo "success"
If "success" is not output, the kernel is not supported. you can follow the steps here to configure the kernel.

After Poptop is installed, you need to simply configure it and open "/etc/pptpd. conf "file, add the following two lines, or this file already has some examples, you only need to remove the annotator. localip 192.168.0.1
Remoteip 192.168.0.234-238,192.168 .0.245
"Localip" indicates the IP address of the server in the VPN tunnel, and "remoteip" indicates the IP address that can be allocated by the client in the VPN tunnel. about "pptdp. for more options of the conf file, read its man page.
Then, set the username and password used for logon, open the "/etc/ppp/chap-secrets" file, and add the following line. The brackets indicate the areas to be configured: [username] pptpd [password] *
Finally, restart Poptop: $ sudo/etc/init. d/pptpd restart.
Now try to use other computers to connect. Note that the IP address entered by the client is the Internet IP address of the VPN server, rather than the configured "localip ".

Although you can successfully establish a VPN connection, you cannot connect to the Internet through the VPN server. there are many reasons. First, let's take a look at the whole process of communication between the client and the server on the Internet through the VPN server: client <--> client ppp0 <--> VPN server ppp0 <--> VPN server eth0 <--> Internet server eth0 <--> Internet server
"Ppp0" is actually a virtual VPN network interface (it can be imagined that it is a virtual NIC). The VPN tunnel is built through the two network interfaces of the client and server. the "eth0" indicates the physical network card that actually exists on the server. the VPN server needs to communicate with the Internet through it. the specific process is: the client sends a request to the VPN server through "ppp0". after the VPN server detects the request, it forwards the request through "eth0". after the request arrives at the destination, the Internet server sends a response based on the request. the response is then returned to the client based on the preceding path, so that the client successfully communicates with the Internet server.
The arrow part ("<-->") in the preceding figure is the key that may cause the connection to the Internet. Therefore, you need to troubleshoot each part one by one. here, we will only introduce the two most likely aspects. if you want to learn how to detect each key point, you can read this article "Diagnosing Forwarding on pptpd.

Is IP forwarding enabled?
Check whether the value in the "/proc/sys/net/ipv4/ip_forward" file is "1". if not, run the command in "/etc/sysctl. add "net. ipv4.ip _ forward = 1 ", and then execute the following command: $ sudo/etc/init. d/procps restart
Is NAT configured for the client IP address on the VPN server?
Run the following command to check whether the table has corresponding table items: $ sudo iptables -- table nat-L POSTROUTING
If no, run the following command: $ sudo iptables -- table nat -- append POSTROUTING -- out-interface eth0 -- jump MASQUERADE
After completing the above two checks, you should be able to successfully communicate with the Internet through the VPN server, and a VPN server is also basically configured.
 

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.