Create a Linux-based VPN Server

Source: Internet
Author: User
Article Title: Create a Linux-based VPN Server. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

VPN (Virtual Private Network) is an extension of a Private Network. It can simulate a point-to-point Private connection through a shared Internet or public Network connection, send data between a local computer and a remote computer.

It has good confidentiality and is not subject to authorization, so that both parties can establish a free and secure point-to-point connection. The following describes how to quickly build a VPN Server.

Install software

  1. Install PPP

Install PPP (Point-to-Point Protocol, Point-to-Point Protocol) 2.4.2 or later versions, can you go to the http://sourceforge.net/project/showfiles.php? Group_id = 44827 download the ppp-2.4.3-0.cvs_20040527.1.i386.rpm package.

The installation command is as follows:

# Rpm-Uvh ppp-2.4.3-0.cvs_20040527.1.i386.rpm

  2. Install kernel MPPE patch

Install the kernel MPPE (Microsoft Point to Point Encryption, Microsoft Point-to-Point Encryption) patch and select the appropriate version based on the kernel. The Linux Kernel used by the author is 2.4.20-31.9. The installation command is as follows:

# Rpm-ivh kernel-mppe-2.4.20-31.9.i686.rpm

Run the following command to check whether the kernel MPPE patch is successfully installed:

# Modprobe ppp-compress-18


  3. Check whether PPP supports MPPE.

Run the following command to check whether PPP supports MPPE:

# Strings '/usr/sbin/pppd' | grep-I mppe | wc -- lines

If the above command output is "0", it means not supported; If the output is "30" or a larger number, it means support.

  4. Install PPTPD

To http://sourceforge.net/project/showfiles.php? Group_id = 44827 download the pptpd-1.1.4-b4.i386.rpm package and install it.

# Rpm-ivh pptpd-1.1.4-b4.i386.rpm

Modify configuration file

  1. Modify the modules. conf file

Edit the/etc/modules. conf configuration file and add the following content:

Alias net-pf-47 ip_gre

  2. Modify the pptpd. conf file

Edit the/etc/pptpd. conf configuration file and add the following content to determine the IP address of the local VPN Server and the IP address range allocated after the client logs on.

Debug
Option/etc/ppp/options.ppt pd
Localip 192.168.0.254 # IP address of the local VPN Server
Remoteip 192.168.1.1-254 # IP address range allocated by the client

  3.modify the options.ppt pd File

Edit the/etc/ppp/options.ppt pd configuration file and replace it with the following content:

Auth
Lock
Debug
Proxyarp
Lock
Name rh9vpn # name of the VPN Server
Multilink
Refuse-pap
Refuse-chap
Refuse-mschap
Refuse-eap
Refuse-mschap-v2
Require-mppe
Ms-wins 192.168.1.2 # enter the IP address of the machine you want to see in the network neighbor.
Ms-dns 192.168.1.2 # DNS server address
Dump
Logfile/var/log/pptpd. log # log storage path

  4. Modify the chap-secrets File

Edit the/etc/chap-secrets configuration file and add the following content:

# Client server secret IP addresses
"Test@gd.cn" * "test "*

The four items in the second line of code correspond to the four items in the first line. "Test@gd.cn" is the VPN user name of the Client; "server" corresponds to the name of the VPN server, the name must be the same as the/etc/ppp/options.ppt pd file, or set "*" to automatically identify the server. "secret" corresponds to the logon password. "IP addresses" corresponds to the IP address of the client that can be dialed in. If you do not need to set any special restrictions, you can set it.

  5. set IP disguised forwarding

Only remote computers connected to the VPN can ping each other after IP disguised Forwarding is configured, so as to achieve sharing like a LAN. Run the following command to set the parameters:

# Echo 1>/proc/sys/net/ipv4/ip_forward

You can put this command in the file/etc/rc. d/rc. local to automatically run this command at startup.

  6. Open the firewall port

Open port 1723 and port 47 of the Linux server and enable the GRE protocol.

#/Sbin/iptables-a input-p tcp -- dport 1723-j ACCEPT
#/Sbin/iptables-a input-p tcp -- dport 47-j ACCEPT
#/Sbin/iptables-a input-p gre-j ACCEPT

Now the settings of the Linux Server are complete, and the Windows client is used for testing.

Test

The following uses Windows Server 2003 as an example for testing.

  1. Create a connection

Click Start → set → network and dial-up connections to open the network and dial-up connections window, and then click New connection to open the network connection wizard window, select or enter "connect to my workplace network> virtual private network connection> company name (you can enter it as needed)> do not dial the initial connection → IP address (enter the IP address of the VPN Server )", click OK to create a new connection.

 2. Modify connection attributes

Right-click the connection you just created, and click "Properties> network (select TCP/IP protocol)> Properties> advanced ", remove the check box before "use the default gateway on the remote network" and click "OK ".

 3. Establish a connection

Double-click the established connection, enter the username and password set in advance, and click OK to connect. If the connection is successful, you can see the IP address allocated to the server and other information in the connection "details. Then, you can communicate with other computers in the connected LAN.

If the client is still using Windows 95 or Windows 98, download the relevant dial program at http://support.microsoft.com/support/kb/articles/q285/1/89.asp.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.