Pptp settings and local vpn (and solve the problem that ssh cannot access the remote host under the vpn)
1. Install pptp
Sudo apt-get install-y ppp pptpdsudo vim/etc/pptpd. conf modification: option/etc/ppp/pptpd-optionslocalip 172.31.26.19 (local vpn address) remoteip 172.31.26.20-200 (vpn customer point address range)
Create a vpn account sudo vim/etc/ppp/chap-secrets and add a service named test with the pptpd password 123456 to allow all IP addresses to log on to: test pptpd 123456 *
About restarting the service, if sudo service pptpd stop cannot be stopped, killall pptpd is used to disable the service and then sudo service pptpd start is used to start sudo netstat-apnl | grep pptp if port 1723 is displayed, the pptpd service is successfully started, of course, access to port 1723 is required in the external firewall.
Configure forwarding as follows. Otherwise, the VPN Client cannot access sudo vim/etc/sysctl. confnet. ipv4.ip _ forward = 1.
Sysctl-p refresh
Set iptables to forward sudo iptables-t nat-a postrouting-o eth0-j MASQUERADE
Add this entry to/etc/rc. local to prevent failure after restart.
For client 741 errors, see: http://bbs.aliyun.com/read/161352.html
2. The local vpn settings are as follows: 1. set vpn connection properties-Network-TCP/IP protocol-advanced cancel "use the default gateway on the remote network" so that the global data of the VPN connection still goes through the local network. 2. Set the local route table with a single ip address 8.8.8.8 as the column: route-p add 8.8.8.8 mask route 255.255.255 172.31.26.19
After this configuration, all data will be sent from the gateway of the vpn 172.31.26.19, and other ip addresses will not be affected. delete route delete 8.8.8.8
[About the problem that ssh cannot connect to linux after VPN connection] PPTPD's default MTU is too large, leading to some device congestion on the link.
The solution is to reduce MTU by three methods:
1. If iptables is enabled (verified)
Iptables-a forward-p tcp -- syn-s 10.0.0.0/24-j TCPMSS -- set-mss 1356 where the bold part is replaced with the IP segment of your pptp client
2. Add before exit 0 in/etc/ppp/ip-up (verified)
Ifconfig $1 mtu 1356
There is a line in ip-up: [-x/etc/ppp/ip-up.local] &/etc/ppp/ip-up.local "$ @" So adding ifconfig $1 mtu 1356 to the ip-up.local file also works the same way.
3. Set in the PPTPD configuration file:
Open/etc/ppp/options.ppt pd and add mtu1356 at the end of the file.