Home > Others

PPTP VPN Server

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >



PPTP VPN server



VPN Overview



VPN(full name virtual PrivateNetwork)free vpn



(1) relying on the ISP and other NSP, in the public network to establish a dedicated data communication network technology, can provide security between enterprises or between the individual and the Enterprise data Transfer Tunnel service express vpn



(2) The connection between any two points in the VPN does not have the end-to-end physical link required by the traditional private network, but uses the dynamic composition of the public net resources, Can be understood as the use of private tunneling technology on the public data network simulation and dedicated to the same function of the point-to line technology



(3) The so-called virtual refers to the need not to pull the actual long-distance physical lines, what is a vpn but borrowed from the public Internet Network implementation.



(4) VPN-like tunnels:SSH,LVS, TUN(ipip),PPTP, IPsec,OpenVPN



Enterprise Application Classification



(1) remote access VPN service employee personal computer through remote dial-up to the corporate office network, such as the company's OA system Operations Personnel remote dial to IDC Computer room, remote maintenance server ( 2) VPN between intra-enterprise network VPN Service company branch office LAN and head office LAN connections, such as business settlement between major supermarkets



(3) internet company multiple IDC room VPN service between different computer room business management and business access, data flow



(4) Enterprise External VPN service establishes a VPN service between the provider, what is vpn the partner's LAN, and the company's LAN



(5) access to foreign websites FQ business Applications



1.3 Introduction to Common tunneling protocols



(1)PPTP: Point-to-Point Tunneling Protocol, default port number 1723, working on second tier,PPTP using TCP protocol, Suitable for use in networks without firewall restrictions, more suitable for remote enterprise users to dial to 楪 internal Office applications (2)L2TP



(3)IPSEC



(4)SSL VPN----Open VPN



1.4 Common open source products for VPN



(1)PPTP VPN maximum Advantage Windows native support, do not need to install the client; The disadvantage is that many communities and network devices do not support PPTP, which is not accessible, open source software PPTP



(2)SSL VPN typical Open VPN, not only suitable for PPTP scenarios, but also suitable for enterprises in different places between the total company VPN uninterrupted on-demand connection, cut-off required to install client



(3)IPSEC VPN is suitable for VPN uninterrupted on-demand connection between the total number of companies in different places or IDC rooms , and it is easier and easier to deploy and use, open source products Openswan Summary:



Ease of Use: PPTP > L2TP > Open VPN



Speed: PPTP > Open VPN UDP > L2TP > Open VPN TCP security:Open VPN > L2TP > PPTP Stability:Open VPN > L2 TP > PPTP network applicability:Open VPN > PPTP > L2TP






Deploying a PPTP VPN server



Check if the system supports PPTP



If this device is not shown, it can be installed PPTP Service



Cat/dev/ppp


    1. [Email protected] ~]# CAT/DEV/PPP
    2. Cat:/dev/ppp:no such device or address


Hint: If the above hint indicates PPP is open, can set up PPTP service normally , if there are other hints such as Permission denied, you need to go to the VPS first Panel to see if there is a function switch to enable PPP, if not, you need to send a message to your provider, let them help you open, otherwise you do not have to look down,100% cannot successfully configure PPTP



5 Setting up kernel forwarding



? View Kernel Parameters



grep forw/etc/sysctl.conf


    1. [[email protected] ~]# grep forw/etc/sysctl.conf
    2. # Controls IP Packet forwarding
    3. Net.ipv4.ip_forward = 0


? The kernel parameter's Net.ipv4.ip_forward modified to 1



Sed-i ' S#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g '/etc/sysctl.conf



Check if the changes are complete



grep forw/etc/sysctl.conf


    1. [[email protected] ~]# grep forw/etc/sysctl.conf
    2. # Controls IP Packet forwarding
    3. Net.ipv4.ip_forward = 1





Configure the kernel to take effect



Sysctl-p


  2. [Email protected] ~]# sysctl-p
  4. Net.ipv4.ip_forward = 1
  6. Net.ipv4.conf. default. Rp_filter = 1
  8. Net.ipv4.conf. default. Accept_source_route = 0
  10. KERNEL.SYSRQ = 0
  12. Kernel.core_uses_pid = 1
  14. Net.ipv4.tcp_syncookies = 1
  16. KERNEL.MSGMNB = 65536
  18. Kernel.msgmax = 65536
  20. Kernel.shmmax = 68719476736
  22. Kernel.shmall = 4294967296
  24. Net.ipv4.tcp_fin_timeout = 2
  26. Net.ipv4.tcp_tw_reuse = 1
  28. Net.ipv4.tcp_tw_recycle = 1
  30. Net.ipv4.tcp_syncookies = 1
  32. Net.ipv4.tcp_keepalive_time = 600
  34. Net.ipv4.ip_local_port_range = 4000 65000
  36. Net.ipv4.tcp_max_syn_backlog = 16384
  38. Net.ipv4.tcp_max_tw_buckets = 36000
  40. Net.ipv4.route.gc_timeout = 100
  42. Net.ipv4.tcp_syn_retries = 1
  44. Net.ipv4.tcp_synack_retries = 1
  46. Net.core.somaxconn = 16384
  48. Net.core.netdev_max_backlog = 16384
  50. Net.ipv4.tcp_max_orphans = 16384
  52. Error: "net.nf_conntrack_max" is an unknown key
  54. Error: "net.netfilter.nf_conntrack_max" is an unknown key
  56. Error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
  58. Error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
  60. Error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
  62. Error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
  64. Net.core.wmem_default = 8388608
  66. Net.core.rmem_default = 8388608
  68. Net.core.wmem_max = 16777216
  70. Net.core.rmem_max = 16777216





Installing PPTP



(1) installation PPTP before you need to deploy YUM Source is Epel Source



Wget-o/etc/yum.repos.d/epel.repo Http://mirrors.aliyun.com/repo/epel-6.repo



(2) Use YUM Install pptpd Service software



Yum-y Install pptpd



[email protected] ~]# yum-y install pptpd ? Installing PPTP software



(2) Check whether PPTP software is installed successfully



Rpm-qa pp*


    1. [Email protected] ~]# Rpm-qa pp*
    2. Ppp-2.4.5-10.el6.x86_64
    3. Ppl-0.10.2-11.el6.x86_64
    4. Pptpd-1.4.0-3.el6.x86_64


A. Configuring PPTP



echo "Localip 10.0.0.61" >>/etc/pptpd.conf



echo "Remoteip 172.16.1.200-250" >>/etc/pptpd.conf



Or



Vim/etc/pptpd.conf


    1. #在配置文件的最后一行添加如下内容
    2. Localip 10.0.0.61
    3. # Add native public IP (localip), you can set the native IP address
    4. Remoteip 172.16.1.200-250
    5. #分配VPN用户的内网网段 (REMOTEIP). Set the intranet address assigned after the VPN connection





5. Set User and password


    1. [Email protected] ~]# vim/etc/ppp/chap-secrets
    2. # VPN Account VPN password
    3. Oldboy * 123456 *
    4. First column: User name third column: password
    5. Tip: The last column of * can specify the IP address that the user obtains after signing in to the VPN
    6. [Email protected] ~]# tail-1/etc/ppp/chap-secrets? Check for changes to complete Oldboy * 123456 *
    7. [[Email protected] ~] #ll/etc/ppp/chap-secrets? Because of the clear text of the permission, the permissions of the file are modified to
    8. 600
    9. -RW-------1 root root 174 Jul 6 10:36/etc/ppp/chap-secrets


6. Start PPTP service


    1. [Email protected] ~]#/ETC/INIT.D/PPTPD start PPTP service
    2. Starting pptpd: [OK]
    3. [[Email protected] ~] #netstat-tunlp|grep 1723
    4. TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 26574/pptpd
    5. [Email protected] ~]# systemctl start pptpd
    6. [[Email protected] ~] #systemctl status pptpd


Check If PPTP service is turned on, view 1723 Network Port


    1. [Email protected] ~]# Netstat-ltnup|grep 1723
    2. TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN
    3. 14927/pptpd





7. Connect VPN via Windows client



Control Panel \ Network and internet\ Network and Sharing Center





















C



741 Error



Windows7 system, "security" - data encryption, selected as "optional encryption ( can also be connected without encryption ) ".














We can connect the VPN assigned IP address on our server


  2. [[Email protected] ~]# IP add
  4. 1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN
  6. Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
  8. inet 127.0.0.1/8 Scope host Lo
  10. INET6:: 1/128 Scope Host
  12. Valid_lft Forever Preferred_lft Forever
  14. 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000
  16. Link/ether 00:0c:29:2e:5e:4e BRD FF:FF:FF:FF:FF:FF
  18. inet 10.0.0.61/24 BRD 10.0.0.255 Scope Global eth0
  20. Inet6 FE80::20C:29FF:FE2E:5E4E/64 Scope link
  22. Valid_lft Forever Preferred_lft Forever
  24. 3:eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000
  26. Link/ether 00:0c:29:2e:5e:58 BRD FF:FF:FF:FF:FF:FF
  28. inet 172.16.1.61/24 BRD 172.16.1.255 Scope Global eth1
  30. Inet6 FE80::20C:29FF:FE2E:5E58/64 Scope link
  32. Valid_lft Forever Preferred_lft Forever
  34. 10:PPP0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> MTU 1396 Qdisc pfifo_fast State UNKNOWN Qlen 3
  36. Link/ppp
  38. inet 10.0.0.61 Peer 172.16.1.100/32 Scope Global PPP0


PPTP VPN Server


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
pptp vpn server free create pptp vpn test pptp vpn mac pptp vpn client ipad pptp vpn pptp vpn client best pptp vpn

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More