Linux study notes virtual private network VPN experiment PPTP

Article title: Linux study notes virtual private network VPN experiment PPTP. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The full name of VPN is "Virtual Private Network", which is translated as "Virtual Private Network ". As the name suggests, we can regard a virtual private network as an internal private line of an enterprise. It can establish a proprietary communication line between two or more enterprise intranets connected to the Internet in different places through special encrypted communication protocols, it is like setting up a leased line, but it does not need to lay physical lines such as optical cables. This is like applying for a leased line from the telecommunications board, but there is no need to pay for the laying of the line, or purchase a router or other hardware equipment. The core of a VPN is to use a public network to establish a virtual private network.

Lab environment: a Linux server (with a firewall) and a Windows client.

Linux Enterprise Edition 4

1. software installation

Install the RPM package. Note: The RPM packages are installed sequentially. Last installation with kernel.

The sequence of installing the RPM Package is:

(1 ). Dkms-2.0.5-1.noarch.rpm

(2 ). Pptpd-1.3.0-0.i386.rpm

(3 ). Ppp-2.4.3-5.rhel4.i386.rpm

(4 ). Kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm

Installation Command: First use rpm? Install ivh. if you are prompted that it cannot be installed, use rpm? Uvh installation

Because some packages already exist in the system, using-U is the upgrade package.

2. to edit the file:/etc/pptpd. conf, add the following two lines at the end of the file:

Localip + LINUX server IP address

Remoteip + IP address segment that can be dialed through VPN. // Note format: for example, 192.168.0.1-250

Create a user.

# Vi/etc/ppp/chap-secrets

Add "user" pptpd "passwd" "*"

Set the user name created by the user and passwd as the password of the created user name.

3. start the service: # service pptpd restart

4. detection

Create a VPN connection on WINDOWS. Log on with the created username and password.

Q: VPN is usually deployed on the Gateway and there is a firewall on the Gateway. how can I allow the firewall to pass through the VPN?

Add: (the INPUT chain defaults to DROP, and the output chain defaults to ACCEPT. if the output drop is used, the INPUT chain is repeated)

/Sbin/modprobe ip_gre

/Sbin/iptables-a input-p tcp-m multiport -- dport 1723,500, 47-I $ INET_DEV-j ACCEPT

/Sbin/iptables-a input-p gre-j ACCEPT

/Sbin/iptables-a input-d 127.0.0.1-j ACCEPT

($ INET_DEV is the network card connecting the firewall to the Internet)

Note: you must add a loopback interface, which is required for user and password verification.