1. Install the vpn service
The code is as follows: |
Copy code |
Sudo apt-get install pptpd |
II. Configure the pptpd service
There are three configuration files
The code is as follows: |
Copy code |
/Etc/pptpd. conf /Etc/ppp/pptpd-options /Etc/ppp/chap-secrets
|
Modify pptpd. conf first.
The code is as follows: |
Copy code |
Vim/etc/pptpd. conf
|
IP address of the localip server
Remoteip: IP address allocated to the client, for example, 192.168.8.150-238
Set dns in/etc/ppp/pptpd-options
The code is as follows: |
Copy code |
Vim/etc/ppp/pptpd-options Ms-dns 8.8.8.8 Ms-dns 8.8.4.4 |
Finally, modify the/etc/ppp/chap-secrets user configuration.
The code is as follows: |
Copy code |
Vim/etc/ppp/chap-secrets # Secrets for authentication using CHAP # Client server secret IP addresses
|
User name (tab) * (tab) password (tab )*
You can add multiple
Note: The First Star represents any pptpd host. If there are multiple hosts, you can specify the name. The second star represents the IP addresses allowed for dial-in. Generally, the client does not have a fixed IP address *
Modify kernel parameters
The code is as follows: |
Copy code |
Vim/etc/sysctl. conf Remove the comment before "net. ipv4.ip _ forward = 1" Reload takes effect immediately Sudo sysctl-p Restart the pptpd service to reload the modified configuration. /Etc/init. d/pptpd restart |
After completing the preceding steps, you can dial in the vpn but cannot access the external network.
3. You need to set iptables for NAT route translation.
The code is as follows: |
Copy code |
Sudo apt-get install iptables Iptables-t nat-a postrouting-s 192.168.8.0/24-o eth0-j MASQUERADE Save Settings Iptables-save-c>/etc/ufw/iptables. save Add to start Iptables-restore-c/etc/ufw/iptables. save |
IV. ufw configuration
Note: if you disable ufw, you do not need to set it.
The code is as follows: |
Copy code |
Vim/etc/default/ufw DEFAULT_FORWARD_POLICY = "ACCEPT" is set to ACCEPT enabled. And open 1723 47 Ufw allow1723/tcp Ufw allow 47/tcp Restart ufw Ufw disable Ufw enable |