PPTP VPN server
VPN Overview
VPN(full name virtual PrivateNetwork)free vpn
(1) relying on the ISP and other NSP, in the public network to establish a dedicated data communication network technology, can provide security between enterprises or between the individual and the Enterprise data Transfer Tunnel service express vpn
(2) The connection between any two points in the VPN does not have the end-to-end physical link required by the traditional private network, but uses the dynamic composition of the public net resources, Can be understood as the use of private tunneling technology on the public data network simulation and dedicated to the same function of the point-to line technology
(3) The so-called virtual refers to the need not to pull the actual long-distance physical lines, what is a vpn but borrowed from the public Internet Network implementation.
(4) VPN-like tunnels:SSH,LVS, TUN(ipip),PPTP, IPsec,OpenVPN
Enterprise Application Classification
(1) remote access VPN service employee personal computer through remote dial-up to the corporate office network, such as the company's OA system Operations Personnel remote dial to IDC Computer room, remote maintenance server ( 2) VPN between intra-enterprise network VPN Service company branch office LAN and head office LAN connections, such as business settlement between major supermarkets
(3) internet company multiple IDC room VPN service between different computer room business management and business access, data flow
(4) Enterprise External VPN service establishes a VPN service between the provider, what is vpn the partner's LAN, and the company's LAN
(5) access to foreign websites FQ business Applications
1.3 Introduction to Common tunneling protocols
(1)PPTP: Point-to-Point Tunneling Protocol, default port number 1723, working on second tier,PPTP using TCP protocol, Suitable for use in networks without firewall restrictions, more suitable for remote enterprise users to dial to 楪 internal Office applications (2)L2TP
(3)IPSEC
(4)SSL VPN----Open VPN
1.4 Common open source products for VPN
(1)PPTP VPN maximum Advantage Windows native support, do not need to install the client; The disadvantage is that many communities and network devices do not support PPTP, which is not accessible, open source software PPTP
(2)SSL VPN typical Open VPN, not only suitable for PPTP scenarios, but also suitable for enterprises in different places between the total company VPN uninterrupted on-demand connection, cut-off required to install client
(3)IPSEC VPN is suitable for VPN uninterrupted on-demand connection between the total number of companies in different places or IDC rooms , and it is easier and easier to deploy and use, open source products Openswan Summary:
Ease of Use: PPTP > L2TP > Open VPN
Speed: PPTP > Open VPN UDP > L2TP > Open VPN TCP security:Open VPN > L2TP > PPTP Stability:Open VPN > L2 TP > PPTP network applicability:Open VPN > PPTP > L2TP
Deploying a PPTP VPN server
Check if the system supports PPTP
If this device is not shown, it can be installed PPTP Service
Cat/dev/ppp
- [Email protected] ~]# CAT/DEV/PPP
- Cat:/dev/ppp:no such device or address
Hint: If the above hint indicates PPP is open, can set up PPTP service normally , if there are other hints such as Permission denied, you need to go to the VPS first Panel to see if there is a function switch to enable PPP, if not, you need to send a message to your provider, let them help you open, otherwise you do not have to look down,100% cannot successfully configure PPTP
5 Setting up kernel forwarding
? View Kernel Parameters
grep forw/etc/sysctl.conf
- [[email protected] ~]# grep forw/etc/sysctl.conf
- # Controls IP Packet forwarding
- Net.ipv4.ip_forward = 0
? The kernel parameter's Net.ipv4.ip_forward modified to 1
Sed-i ' S#net.ipv4.ip_forward = 0#net.ipv4.ip_forward = 1#g '/etc/sysctl.conf
Check if the changes are complete
grep forw/etc/sysctl.conf
- [[email protected] ~]# grep forw/etc/sysctl.conf
- # Controls IP Packet forwarding
- Net.ipv4.ip_forward = 1
Configure the kernel to take effect
Sysctl-p
-
- [Email protected] ~]# sysctl-p
-
- Net.ipv4.ip_forward = 1
-
- Net.ipv4.conf. default. Rp_filter = 1
-
- Net.ipv4.conf. default. Accept_source_route = 0
-
- KERNEL.SYSRQ = 0
-
- Kernel.core_uses_pid = 1
-
- Net.ipv4.tcp_syncookies = 1
-
- KERNEL.MSGMNB = 65536
-
- Kernel.msgmax = 65536
-
- Kernel.shmmax = 68719476736
-
- Kernel.shmall = 4294967296
-
- Net.ipv4.tcp_fin_timeout = 2
-
- Net.ipv4.tcp_tw_reuse = 1
-
- Net.ipv4.tcp_tw_recycle = 1
-
- Net.ipv4.tcp_syncookies = 1
-
- Net.ipv4.tcp_keepalive_time = 600
-
- Net.ipv4.ip_local_port_range = 4000 65000
-
- Net.ipv4.tcp_max_syn_backlog = 16384
-
- Net.ipv4.tcp_max_tw_buckets = 36000
-
- Net.ipv4.route.gc_timeout = 100
-
- Net.ipv4.tcp_syn_retries = 1
-
- Net.ipv4.tcp_synack_retries = 1
-
- Net.core.somaxconn = 16384
-
- Net.core.netdev_max_backlog = 16384
-
- Net.ipv4.tcp_max_orphans = 16384
-
- Error: "net.nf_conntrack_max" is an unknown key
-
- Error: "net.netfilter.nf_conntrack_max" is an unknown key
-
- Error: "net.netfilter.nf_conntrack_tcp_timeout_established" is an unknown key
-
- Error: "net.netfilter.nf_conntrack_tcp_timeout_time_wait" is an unknown key
-
- Error: "net.netfilter.nf_conntrack_tcp_timeout_close_wait" is an unknown key
-
- Error: "net.netfilter.nf_conntrack_tcp_timeout_fin_wait" is an unknown key
-
- Net.core.wmem_default = 8388608
-
- Net.core.rmem_default = 8388608
-
- Net.core.wmem_max = 16777216
-
- Net.core.rmem_max = 16777216
Installing PPTP
(1) installation PPTP before you need to deploy YUM Source is Epel Source
Wget-o/etc/yum.repos.d/epel.repo Http://mirrors.aliyun.com/repo/epel-6.repo
(2) Use YUM Install pptpd Service software
Yum-y Install pptpd
[email protected] ~]# yum-y install pptpd ? Installing PPTP software
(2) Check whether PPTP software is installed successfully
Rpm-qa pp*
- [Email protected] ~]# Rpm-qa pp*
- Ppp-2.4.5-10.el6.x86_64
- Ppl-0.10.2-11.el6.x86_64
- Pptpd-1.4.0-3.el6.x86_64
A. Configuring PPTP
echo "Localip 10.0.0.61" >>/etc/pptpd.conf
echo "Remoteip 172.16.1.200-250" >>/etc/pptpd.conf
Or
Vim/etc/pptpd.conf
- #在配置文件的最后一行添加如下内容
- Localip 10.0.0.61
- # Add native public IP (localip), you can set the native IP address
- Remoteip 172.16.1.200-250
- #分配VPN用户的内网网段 (REMOTEIP). Set the intranet address assigned after the VPN connection
5. Set User and password
- [Email protected] ~]# vim/etc/ppp/chap-secrets
- # VPN Account VPN password
- Oldboy * 123456 *
- First column: User name third column: password
- Tip: The last column of * can specify the IP address that the user obtains after signing in to the VPN
- [Email protected] ~]# tail-1/etc/ppp/chap-secrets? Check for changes to complete Oldboy * 123456 *
- [[Email protected] ~] #ll/etc/ppp/chap-secrets? Because of the clear text of the permission, the permissions of the file are modified to
- 600
- -RW-------1 root root 174 Jul 6 10:36/etc/ppp/chap-secrets
6. Start PPTP service
- [Email protected] ~]#/ETC/INIT.D/PPTPD start PPTP service
- Starting pptpd: [OK]
- [[Email protected] ~] #netstat-tunlp|grep 1723
- TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 26574/pptpd
- [Email protected] ~]# systemctl start pptpd
- [[Email protected] ~] #systemctl status pptpd
Check If PPTP service is turned on, view 1723 Network Port
- [Email protected] ~]# Netstat-ltnup|grep 1723
- TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN
- 14927/pptpd
7. Connect VPN via Windows client
Control Panel \ Network and internet\ Network and Sharing Center
C
741 Error
Windows7 system, "security" - data encryption, selected as "optional encryption ( can also be connected without encryption ) ".
We can connect the VPN assigned IP address on our server
-
- [[Email protected] ~]# IP add
-
- 1:lo: <LOOPBACK,UP,LOWER_UP> MTU 65536 qdisc noqueue State UNKNOWN
-
- Link/loopback 00:00:00:00:00:00 BRD 00:00:00:00:00:00
-
- inet 127.0.0.1/8 Scope host Lo
-
- INET6:: 1/128 Scope Host
-
- Valid_lft Forever Preferred_lft Forever
-
- 2:eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000
-
- Link/ether 00:0c:29:2e:5e:4e BRD FF:FF:FF:FF:FF:FF
-
- inet 10.0.0.61/24 BRD 10.0.0.255 Scope Global eth0
-
- Inet6 FE80::20C:29FF:FE2E:5E4E/64 Scope link
-
- Valid_lft Forever Preferred_lft Forever
-
- 3:eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> MTU Qdisc pfifo_fast State up Qlen 1000
-
- Link/ether 00:0c:29:2e:5e:58 BRD FF:FF:FF:FF:FF:FF
-
- inet 172.16.1.61/24 BRD 172.16.1.255 Scope Global eth1
-
- Inet6 FE80::20C:29FF:FE2E:5E58/64 Scope link
-
- Valid_lft Forever Preferred_lft Forever
-
- 10:PPP0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> MTU 1396 Qdisc pfifo_fast State UNKNOWN Qlen 3
-
- Link/ppp
-
- inet 10.0.0.61 Peer 172.16.1.100/32 Scope Global PPP0
PPTP VPN Server