PPP and pptp settings

For the content of PPP and pptp, we will give a brief explanation here. Of course, the installation and configuration analysis is indispensable. PS: After pptpd is started, port 1723 is used, port 1701 is used in l2tpd, after the service is started, netstat-tnl can be used to view the port startup) In addition: There is a configuration article see: http://blog.chinaunix.net/u2/69106/showart_1751714.html

Nowadays, more and more linux environments are used. For example, if the Headquarters uses linux, but the branches are scattered and not easy to manage, windows is still used, generally, we connect the branches to the Headquarters through VPN. Generally, VPN includes pptp vpn, ipsec vpn, and L2TP VPN. PPTP is the easiest, and ipsec vpn is the most common. It is supported by all platforms. L2TP VPN is the safest. After many experiments, I finally succeeded. I will share it with you today.

Let's take a look at the specific configuration process:

(1) download and install

Since Linux does not integrate the PPTP function, we need to install related components to allow our RedHat to support PPP. According to the kernel version, download the corresponding installation package. Here the kernel is kernel2.6.9-5. EL and 2.6.14 use the following components:

Dkms-2.0.6-1.noarch.rpm

Kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Ppp-2.4.3-5.rhel4.i386.rpm

Pptpd-1.3.0-0.i386.rpm

1. PPTP requires PPP support, although the system itself has PPP function, but it does not support MPPE, so you need to update the PPP components of the system, download the ppp-2.4.3-5.rhel4.i386.rpm installation command as follows:

# Rpm-Uvh ppp-2.4.3-5.rhel4.i386.rpm

2. Install the kernel MPPEMicrosoft Point to Point Encryption, Microsoft Point-to-Point Encryption) patch. The installation command is as follows:

# Rpm-ivh dkms-2.0.6-1.noarch.rpm

# Rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Run the following command to check whether the kernel MPPE patch is successfully installed. If the MPPE module is loaded, run the following command:

# Modprobe ppp-compress-18 & echo success

3. Run the following command to install pptpd:

# Rpm-ivh pptpd-1.3.0-0.i386.rpm

4. Run the following command to check whether the PPP supports MPPE:

# Strings '/usr/sbin/pppd' | grep-I mppe | wc -- lines

46 <if the above command output is "0", it means not supported; If the output is "30" or a larger number, it means yes, I am going to 46>.

(2) modify the configuration file

1. Edit the/etc/pptpd. conf file to determine the IP address of the local VPN Server and the IP address range allocated after the client logs on. Pptpd. conf is the configuration file used when PPTPD is running in PPTP. The common options are as follows (the option description is displayed after ):

Option/etc/ppp/options.ppt pd # configuration file to be used by the PPP component

# Stimeout 10 # Start PPTP to control the connection timeout time, in seconds

Debug # record all debug information to system logs/var/log/messages

Localip 192.168.1.4 # IP address allocated by the server VPN Virtual Interface

Remoteip 192.168.1.254 # the IP address allocated after the client VPN connection is successful. The address range can be expressed as 192.168.1.200-234.

2. edit the/etc/ppp/options.ppt pd file, which is the configuration file used by the PPP function component pppd. Because the encryption and verification of pptp vpn are related to PPP, therefore, the encryption and authentication options of PPTP will be configured in this configuration file.

Lock

Debug

Name vpn1

Refuse-pap

Refuse-chap

Refuse-mschap

Rrequire-mschap-v2

Require-mppe-128

Proxyarp

3. Edit the/etc/ppp/chap-secrets file and configure the user, password, and IP address that can be connected to the VPN Server:

# Secrets for authentication using CHAP

# Client server secret IP addresses

Aaa vpn1 "qazxsw123456 "*

(3) Start the PPTP Service

Service pptpd start

Run the # netstat-an command to check whether the TCP port 1723 is in the listening status.

(4) Firewall Configuration

To allow external users to connect to pptp vpn, you also need to add the following rules in the firewall, that is, to open port 1723 and port 47 of the Linux server and enable the GRE Protocol ):

(5) Enable the NAT service on the PPTP server so that the client can access the Internet

Echo "1">/proc/sys/net/ipv4/ip_forward

Iptables-t nat-a postrouting-j SNAT -- to XXX. XXX

Install dynamic domain name client software

(6) since the PPTP client needs to know the IP address of the PPTP server, but the ADSL dialing here is a dynamic IP address, we need to install a dynamic domain name client software, in this way, the PPTP client only needs to know the dynamic domain name of the server.

You can use the free dynamic domain name provided by Jin wanwei, so that the dynamic domain name client automatically updates the corresponding domain name and IP address value after the ADSL dial-up...

========================================================== ============================

Now, the setting of the Linux pptp vpn server is complete, and the rest of the task is to use the Windows client for testing.