PPTP VPN Server

Source: Internet
Author: User



PPTP VPN server



VPN Overview



VPN(full name virtual PrivateNetwork)free vpn



(1) relying on the ISP and other NSP, in the public network to establish a dedicated data communication network technology, can provide security between enterprises or between the individual and the Enterprise data Transfer Tunnel service express vpn



(2) The connection between any two points in the VPN does not have the end-to-end physical link required by the traditional private network, but uses the dynamic composition of the public net resources, Can be understood as the use of private tunneling technology on the public data network simulation and dedicated to the same function of the point-to line technology



(3) The so-called virtual refers to the need not to pull the actual long-distance physical lines, what is a vpn but borrowed from the public Internet Network implementation.



(4) VPN-like tunnels:SSH,LVS, TUN(ipip),PPTP, IPsec,OpenVPN



Enterprise Application Classification



(1) remote access VPN service employee personal computer through remote dial-up to the corporate office network, such as the company's OA system Operations Personnel remote dial to IDC Computer room, remote maintenance server ( 2) VPN between intra-enterprise network VPN Service company branch office LAN and head office LAN connections, such as business settlement between major supermarkets



(3) internet company multiple IDC room VPN service between different computer room business management and business access, data flow



(4) Enterprise External VPN service establishes a VPN service between the provider, what is vpn the partner's LAN, and the company's LAN



(5) access to foreign websites FQ business Applications



1.3 Introduction to Common tunneling protocols



(1)PPTP: Point-to-Point Tunneling Protocol, default port number 1723, working on second tier,PPTP using TCP protocol, Suitable for use in networks without firewall restrictions, more suitable for remote enterprise users to dial to 楪 internal Office applications (2)L2TP



(3)IPSEC



(4)SSL VPN----Open VPN



1.4 Common open source products for VPN



(1)PPTP VPN maximum Advantage Windows native support, do not need to install the client; The disadvantage is that many communities and network devices do not support PPTP, which is not accessible, open source software PPTP



(2)SSL VPN typical Open VPN, not only suitable for PPTP scenarios, but also suitable for enterprises in different places between the total company VPN uninterrupted on-demand connection, cut-off required to install client



(3)IPSEC VPN is suitable for VPN uninterrupted on-demand connection between the total number of companies in different places or IDC rooms , and it is easier and easier to deploy and use, open source products Openswan Summary:



Ease of Use: PPTP > L2TP > Open VPN



Speed: PPTP > Open VPN UDP > L2TP > Open VPN TCP security:Open VPN > L2TP > PPTP Stability:Open VPN > L2 TP > PPTP network applicability:Open VPN > PPTP > L2TP






Deploying a PPTP VPN server



Check if the system supports PPTP



If this device is not shown, it can be installed PPTP Service



Cat/dev/ppp


    1. [Email protected] ~]# CAT/DEV/PPP
    2. Cat:/dev/ppp:no such device or address


Hint: If the above hint indicates PPP is open, can set up PPTP service normally , if there are other hints such as Permission denied, you need to go to the VPS first Panel to see if there is a function switch to enable PPP, if not, you need to send a message to your provider, let them help you open, otherwise you do not have to look down,100% cannot successfully configure PPTP



5 Setting up kernel forwarding



? View Kernel Parameters



grep forw/etc/sysctl.conf


    1. [[email protected] ~]# grep forw/etc/sysctl.conf
    2. # Controls IP Packet forwarding
    3. Net.ipv4.ip_forward = 0


? The kernel parameter's Net.ipv4.ip_forward modified to 1



Sed-i ' S#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g '/etc/sysctl.conf



Check if the changes are complete



grep forw/etc/sysctl.conf


    1. [[email protected] ~]# grep forw/etc/sysctl.conf
    2. # Controls IP Packet forwarding
    3. Net.ipv4.ip_forward = 1





Configure the kernel to take effect



Sysctl-p


  1. [Email protected] ~]# sysctl-p
  2. Net.ipv4.ip_forward = 1
  3. Net.ipv4.conf. default. Rp_filter = 1
  4. Net.ipv4.conf. default. Accept_source_route = 0
  5. KERNEL.SYSRQ = 0
  6. Kernel.core_uses_pid = 1
  7. Net.ipv4.tcp_syncookies = 1
  8. KERNEL.MSGMNB = 65536
  9. Kernel.msgmax = 65536
  10. Kernel.shmmax = 68719476736
  11. Kernel.shmall = 4294967296
  12. Net.ipv4.tcp_fin_timeout = 2
  13. Net.ipv4.tcp_tw_reuse = 1
  14. Net.ipv4.tcp_tw_recycle = 1
  15. Net.ipv4.tcp_syncookies = 1
  16. Net.ipv4.tcp_keepalive_time = 600
  17. Net.ipv4.ip_local_port_range = 4000 65000
  18. Net.ipv4.tcp_max_syn_backlog = 16384
  19. Net.ipv4.tcp_max_tw_buckets = 36000
  20. Net.ipv4.route.gc_timeout = 100
  21. Net.ipv4.tcp_syn_retries = 1
  22. Net.ipv4.tcp_synack_retries = 1
  23. Net.core.somaxconn = 16384
  24. Net.core.netdev_max_backlog = 16384
  25. Net.ipv4.tcp_max_orphans = 16384
  26. Error: "net.nf_conntrack_max" is an unknown key
  27. Error: "net.netfilter.nf_conntrack_max" is an unknown key
  28. Error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
  29. Error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
  30. Error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
  31. Error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
  32. Net.core.wmem_default = 8388608
  33. Net.core.rmem_default = 8388608
  34. Net.core.wmem_max = 16777216
  35. Net.core.rmem_max = 16777216





Installing PPTP



(1) installation PPTP before you need to deploy YUM Source is Epel Source



Wget-o/etc/yum.repos.d/epel.repo Http://mirrors.aliyun.com/repo/epel-6.repo



(2) Use YUM Install pptpd Service software



Yum-y Install pptpd



[email protected] ~]# yum-y install pptpd ? Installing PPTP software



(2) Check whether PPTP software is installed successfully



Rpm-qa pp*


    1. [Email protected] ~]# Rpm-qa pp*
    2. Ppp-2.4.5-10.el6.x86_64
    3. Ppl-0.10.2-11.el6.x86_64
    4. Pptpd-1.4.0-3.el6.x86_64


A. Configuring PPTP



echo "Localip 10.0.0.61" >>/etc/pptpd.conf



echo "Remoteip 172.16.1.200-250" >>/etc/pptpd.conf



Or



Vim/etc/pptpd.conf


    1. #在配置文件的最后一行添加如下内容
    2. Localip 10.0.0.61
    3. # Add native public IP (localip), you can set the native IP address
    4. Remoteip 172.16.1.200-250
    5. #分配VPN用户的内网网段 (REMOTEIP). Set the intranet address assigned after the VPN connection





5. Set User and password


    1. [Email protected] ~]# vim/etc/ppp/chap-secrets
    2. # VPN Account VPN password
    3. Oldboy * 123456 *
    4. First column: User name third column: password
    5. Tip: The last column of * can specify the IP address that the user obtains after signing in to the VPN
    6. [Email protected] ~]# tail-1/etc/ppp/chap-secrets? Check for changes to complete Oldboy * 123456 *
    7. [[Email protected] ~] #ll/etc/ppp/chap-secrets? Because of the clear text of the permission, the permissions of the file are modified to
    8. 600
    9. -RW-------1 root root 174 Jul 6 10:36/etc/ppp/chap-secrets


6. Start PPTP service


    1. [Email protected] ~]#/ETC/INIT.D/PPTPD start PPTP service
    2. Starting pptpd: [OK]
    3. [[Email protected] ~] #netstat-tunlp|grep 1723
    4. TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 26574/pptpd
    5. [Email protected] ~]# systemctl start pptpd
    6. [[Email protected] ~] #systemctl status pptpd


Check If PPTP service is turned on, view 1723 Network Port


    1. [Email protected] ~]# Netstat-ltnup|grep 1723
    2. TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN
    3. 14927/pptpd





7. Connect VPN via Windows client



Control Panel \ Network and internet\ Network and Sharing Center





















C



741 Error



Windows7 system, "security" - data encryption, selected as "optional encryption ( can also be connected without encryption ) ".














We can connect the VPN assigned IP address on our server


  1. [[Email protected] ~]# IP add
  2. 1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN
  3. Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
  4. inet 127.0.0.1/8 Scope host Lo
  5. INET6:: 1/128 Scope Host
  6. Valid_lft Forever Preferred_lft Forever
  7. 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000
  8. Link/ether 00:0c:29:2e:5e:4e BRD FF:FF:FF:FF:FF:FF
  9. inet 10.0.0.61/24 BRD 10.0.0.255 Scope Global eth0
  10. Inet6 FE80::20C:29FF:FE2E:5E4E/64 Scope link
  11. Valid_lft Forever Preferred_lft Forever
  12. 3:eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000
  13. Link/ether 00:0c:29:2e:5e:58 BRD FF:FF:FF:FF:FF:FF
  14. inet 172.16.1.61/24 BRD 172.16.1.255 Scope Global eth1
  15. Inet6 FE80::20C:29FF:FE2E:5E58/64 Scope link
  16. Valid_lft Forever Preferred_lft Forever
  17. 10:PPP0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> MTU 1396 Qdisc pfifo_fast State UNKNOWN Qlen 3
  18. Link/ppp
  19. inet 10.0.0.61 Peer 172.16.1.100/32 Scope Global PPP0


PPTP VPN Server


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.