PPTPD for RHEL5.4VPN service configuration

1. pptp Protocol 1 pptp introduction pptp: Short for PointtopointTunnelingProtocol. Point-to-Point Tunneling is a technology that supports Virtual Private Networks with multiple protocols. through this protocol, remote users can securely access the company's network through the MicrosoftWindowsNT workstation or through the Point-to-Point Protocol installed on windows operating systems, connect to local ISPs through dialing, and connect to the company's network through Internet installation. p

Pptp Protocol

1 pptp Overview

Pptp: the abbreviation of Point to point Tunneling Protocol. Point-to-point Tunneling is a virtual private network technology that supports multiple protocols. through this protocol, remote users can securely access the company's network through the MicrosoftWindowsNT workstation or through the Point-to-Point Protocol installed on windows operating systems, connect to local ISPs through dialing, and connect to the company's network through Internet installation.

The pptp ipvp tunnel and the ppp session run on two identical machines. The caller uses the client ---- zhangp as a call control and management protocol, which allows the server to control the requests from the PAC and PNS. Other systems do not need to know the PPTP, the dial-up network can be connected to the PAC without knowing PPTP. the standard PPP client software can continue to operate on the tunnel PPP link.

PPTP uses the GRE extension version to transmit users' PPP packets. these enhancements provide underlying congestion control and Traffic Control for tunnels that transmit user data between PAC and PNS. this mechanism runs efficiently and tunnel can use bandwidth and avoid unnecessary re-transmission and buffer overflow. PPTP does not specify specific algorithms for underlying control. however, some communication parameters are defined to support such algorithms.

2. Configure the PPTP pn Service

1 download pptpd software http://sourceforge.net/projects/poptop/files/

# Tar xvf pptpd-1.3.4.tar.gz

# Cd pptpd-1.3.4

#./Configure -- prefix =/usr/local/pptpd -- enable-bcrelay -- with-libwrap

# Make & make install

2. In the pptpd installation directory, create the etc directory and copy the pptpd configuration file.

# Cd/usr/local/pptpd

# Mkdir etc

# Pptpd-1.3.4/cd/root

# Cd samples

# Cp pptpd. conf/usr/local/pptpd/etc

# Cp options.ppt pd/usr/local/pptpd/etc

# Cp chap-secrets/etc/ppp

3. Configure the master configuration file of pptpd

[Root @ localhost etc] # cat pptpd. conf | grep-v '^ #' | grep-v '^ $'

Option/usr/local/pptpd/etc/options.ppt pd

Debug

Stimeout 30

Logwtmp

Localip 1.1.1.1

Remoteip 192.168.0.10-20

Note: option/usr/local/pptpd/etc/option.ppt pd: pptpdextended authorization configuration file options.ppt pd

Debug is the debugging mode. pptpd information and errors are recorded in/var/log/message, which is helpful for troubleshooting.

Stimeout sets the maximum connection wait time (in seconds) for the client to connect to the pptpd server.

Which of the following is the IP address of the pptpd server?

Remoteip sets the IP address range that can be configured after the client connects to the pptpd server. Of course, it can also be written as 192.168.0.10-192.168.0.20

3. Modify options.ppt pd

[Root @ localhost etc] # cat options.ppt pd | grep-v '^ #' | grep-v '^ $'

Name Frank-VPN

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Ms-dns 210.5.153.250

Proxyarp

Debug

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd

Note:

Name Frank-VPN is the pptpd server name

Refuse-pap reject pap Authentication Mode

Refuse-chap reject chap authentication mode

Refuse-mschap: reject mschap Authentication Mode

Require-mschap-v2 requires Microsoft mschap-v2 for authentication when the endpoint is connected without receiving

Require-mppe-128 MPPE module encrypted with 128

Ms-dns 210.5.153.250 ppp provides DNS for windows clients. You can specify two DNS server addresses.

Proxyarp proxy ARP proxy key value

Debug enables the debugging mode and records the corresponding information in/var/log/message.

Lock the sci-fi PTY Device File

Nobsdcomp disable BSD compression mode

Novj

Disable Van Jacob compression mode for novjccomp

Nologfd prohibits you from recording error messages to standard error output devices.

4. Configure the pptpd account and password configuration file

# Cd/etc/ppp

[Root @ localhost ppp] # cat chap-secrets

# Secrets for authentication using CHAP

# Client server secret IP addresses

# Username pptpd password *

Frank-VPN frank *

5. Start PPTPD.

#/Usr/local/pptpd/sbin/pptpd-c/usr/local/pptpd/etc/pptpd. conf-o/usr/local/pptpd/etc/options.ppt pd

Check whether tcp port 1723 is enabled.

6. Enable linux route forwarding

# Vim/etc/sysctl. conf

Net. ipv4.ip _ forward = 0

Net. ipv4.ip _ forward = 1

Troubleshooting

1. Be sure to put the pptpd user and password files under the/etc/ppp directory. Otherwise

/Usr/sbin/pppd: The remote system is required to authenticate itself

/Usr/sbin/pppd: but I couldn't find any suitable secret (password) for it to use to do so.

2

A version error is reported when the library file is loaded.

Plugin/usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4

Switch to the source code, modify the version, and recompile the code.

# Cd/root/pptpd-1.3.4/plugins

# Cp patchlevel. h patchlevel. h. bak

# Cp pptpd-logwtmp.so pptpd-logwtmp.so.bak

# Sed-I's/2 \. 4 \. 3/2 \. 4 \. 4/G' patchlevel. h

# Make

# Cp pptpd-logwtmp.so/usr/lib/pptpd/pptpd-logwtmp.so

Restart the pptpd service and view logs.

# Tail/var/log/messages-f

May 22 00:58:26 localhost pptpd [10170]: CTRL: Client 1.1.1.2 control connection started

May 22 00:58:26 localhost pptpd [10170]: CTRL: Starting call (launching pppd, opening GRE)

May 22 00:58:26 localhost pppd [10171]: Plugin/usr/lib/pptpd/pptpd-logwtmp.so loaded.

May 22 00:58:26 localhost pppd [10171]: pptpd-logwtmp: $ Version $

May 22 00:58:26 localhost pppd [10171]: pppd 2.4.4 started by root, uid 0

May 22 00:58:26 localhost pppd [10171]: Using interface ppp0

May 22 00:58:26 localhost pppd [10171]: Connect: ppp0 <-->/dev/pts/2

May 22 00:58:30 localhost pptpd [10170]: CTRL: Ignored a set link info packet with real ACCMs!

May 22 00:58:30 localhost pppd [10171]: MPPE 128-bit stateless compression enabled

May 22 00:58:32 localhost pppd [10171]: found interface eth0 for proxy arp

May 22 00:58:32 localhost pppd [10171]: local IP address 1.1.1.1

May 22 00:58:32 localhost pppd [10171]: remote IP address 192.168.0.10

May 22 00:58:32 localhost pppd [10171]: pptpd-logwtmp.so ip-up ppp0 Frank 1.1.1.2