For the content of PPP and pptp, we will give a brief explanation here. Of course, the installation and configuration analysis is indispensable. PS: After pptpd is started, port 1723 is used, port 1701 is used in l2tpd, after the service is started, netstat-tnl can be used to view the port startup) In addition: There is a configuration article see: http://blog.chinaunix.net/u2/69106/showart_1751714.html
Nowadays, more and more linux environments are used. For example, if the Headquarters uses linux, but the branches are scattered and not easy to manage, windows is still used, generally, we connect the branches to the Headquarters through VPN. Generally, VPN includes pptp vpn, ipsec vpn, and L2TP VPN. PPTP is the easiest, and ipsec vpn is the most common. It is supported by all platforms. L2TP VPN is the safest. After many experiments, I finally succeeded. I will share it with you today.
Let's take a look at the specific configuration process:
(1) download and install
Since Linux does not integrate the PPTP function, we need to install related components to allow our RedHat to support PPP. According to the kernel version, download the corresponding installation package. Here the kernel is kernel2.6.9-5. EL and 2.6.14 use the following components:
Dkms-2.0.6-1.noarch.rpm
Kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
Ppp-2.4.3-5.rhel4.i386.rpm
Pptpd-1.3.0-0.i386.rpm
1. PPTP requires PPP support, although the system itself has PPP function, but it does not support MPPE, so you need to update the PPP components of the system, download the ppp-2.4.3-5.rhel4.i386.rpm installation command as follows:
# Rpm-Uvh ppp-2.4.3-5.rhel4.i386.rpm
2. Install the kernel MPPEMicrosoft Point to Point Encryption, Microsoft Point-to-Point Encryption) patch. The installation command is as follows:
# Rpm-ivh dkms-2.0.6-1.noarch.rpm
# Rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
Run the following command to check whether the kernel MPPE patch is successfully installed. If the MPPE module is loaded, run the following command:
# Modprobe ppp-compress-18 & echo success
3. Run the following command to install pptpd:
# Rpm-ivh pptpd-1.3.0-0.i386.rpm
4. Run the following command to check whether the PPP supports MPPE:
# Strings '/usr/sbin/pppd' | grep-I mppe | wc -- lines
46 <if the above command output is "0", it means not supported; If the output is "30" or a larger number, it means yes, I am going to 46>.
(2) modify the configuration file
1. Edit the/etc/pptpd. conf file to determine the IP address of the local VPN Server and the IP address range allocated after the client logs on. Pptpd. conf is the configuration file used when PPTPD is running in PPTP. The common options are as follows (the option description is displayed after ):
Option/etc/ppp/options.ppt pd # configuration file to be used by the PPP component
# Stimeout 10 # Start PPTP to control the connection timeout time, in seconds
Debug # record all debug information to system logs/var/log/messages
Localip 192.168.1.4 # IP address allocated by the server VPN Virtual Interface
Remoteip 192.168.1.254 # the IP address allocated after the client VPN connection is successful. The address range can be expressed as 192.168.1.200-234.
2. edit the/etc/ppp/options.ppt pd file, which is the configuration file used by the PPP function component pppd. Because the encryption and verification of pptp vpn are related to PPP, therefore, the encryption and authentication options of PPTP will be configured in this configuration file.
Lock
Debug
Name vpn1
Refuse-pap
Refuse-chap
Refuse-mschap
Rrequire-mschap-v2
Require-mppe-128
Proxyarp
3. Edit the/etc/ppp/chap-secrets file and configure the user, password, and IP address that can be connected to the VPN Server:
# Secrets for authentication using CHAP
# Client server secret IP addresses
Aaa vpn1 "qazxsw123456 "*
(3) Start the PPTP Service
Service pptpd start
Run the # netstat-an command to check whether the TCP port 1723 is in the listening status.
(4) Firewall Configuration
To allow external users to connect to pptp vpn, you also need to add the following rules in the firewall, that is, to open port 1723 and port 47 of the Linux server and enable the GRE Protocol ):
(5) Enable the NAT service on the PPTP server so that the client can access the Internet
Echo "1">/proc/sys/net/ipv4/ip_forward
Iptables-t nat-a postrouting-j SNAT -- to XXX. XXX
Install dynamic domain name client software
(6) since the PPTP client needs to know the IP address of the PPTP server, but the ADSL dialing here is a dynamic IP address, we need to install a dynamic domain name client software, in this way, the PPTP client only needs to know the dynamic domain name of the server.
You can use the free dynamic domain name provided by Jin wanwei, so that the dynamic domain name client automatically updates the corresponding domain name and IP address value after the ADSL dial-up...
========================================================== ============================
Now, the setting of the Linux pptp vpn server is complete, and the rest of the task is to use the Windows client for testing.