Pptp settings and local vpn (and solve the problem that ssh cannot access the remote host under the vpn)

Source: Internet
Author: User

Pptp settings and local vpn (and solve the problem that ssh cannot access the remote host under the vpn)
1. Install pptp

Sudo apt-get install-y ppp pptpdsudo vim/etc/pptpd. conf modification: option/etc/ppp/pptpd-optionslocalip 172.31.26.19 (local vpn address) remoteip 172.31.26.20-200 (vpn customer point address range)
Create a vpn account sudo vim/etc/ppp/chap-secrets and add a service named test with the pptpd password 123456 to allow all IP addresses to log on to: test pptpd 123456 *
About restarting the service, if sudo service pptpd stop cannot be stopped, killall pptpd is used to disable the service and then sudo service pptpd start is used to start sudo netstat-apnl | grep pptp if port 1723 is displayed, the pptpd service is successfully started, of course, access to port 1723 is required in the external firewall.
Configure forwarding as follows. Otherwise, the VPN Client cannot access sudo vim/etc/sysctl. confnet. ipv4.ip _ forward = 1.
Sysctl-p refresh
Set iptables to forward sudo iptables-t nat-a postrouting-o eth0-j MASQUERADE
Add this entry to/etc/rc. local to prevent failure after restart.
For client 741 errors, see: http://bbs.aliyun.com/read/161352.html

2. The local vpn settings are as follows: 1. set vpn connection properties-Network-TCP/IP protocol-advanced cancel "use the default gateway on the remote network" so that the global data of the VPN connection still goes through the local network. 2. Set the local route table with a single ip address 8.8.8.8 as the column: route-p add 8.8.8.8 mask route 255.255.255 172.31.26.19
After this configuration, all data will be sent from the gateway of the vpn 172.31.26.19, and other ip addresses will not be affected. delete route delete 8.8.8.8

[About the problem that ssh cannot connect to linux after VPN connection] PPTPD's default MTU is too large, leading to some device congestion on the link.
The solution is to reduce MTU by three methods:
1. If iptables is enabled (verified)
Iptables-a forward-p tcp -- syn-s 10.0.0.0/24-j TCPMSS -- set-mss 1356 where the bold part is replaced with the IP segment of your pptp client
2. Add before exit 0 in/etc/ppp/ip-up (verified)
Ifconfig $1 mtu 1356
There is a line in ip-up: [-x/etc/ppp/ip-up.local] &/etc/ppp/ip-up.local "$ @" So adding ifconfig $1 mtu 1356 to the ip-up.local file also works the same way.
3. Set in the PPTPD configuration file:
Open/etc/ppp/options.ppt pd and add mtu1356 at the end of the file.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.