Quickly create a Linux VPN server

Source: Internet
Author: User
VPN (VirtualPrivateNetwork) is an extension of the private network. You can simulate a point-to-point dedicated connection through a shared Internet or public network connection to send data between a local computer and a remote computer. It has good confidentiality and is not subject to authorization, so that both parties can freely and securely point to VPN (Virtual Private Network) is an extension of the Private Network. You can simulate a point-to-point dedicated connection through a shared Internet or public network connection to send data between a local computer and a remote computer. It has good confidentiality and is not subject to authorization, so that both parties can establish a free and secure point-to-point connection.

The following describes how to quickly build a VPN server.

Install software

1. PPP installation


Install PPP (Point-to-Point Protocol) version 2.4.2 or later.

The installation command is as follows:

# Rpm-Uvh ppp-2.4.3-0.cvs_20040527.1.i386.rpm

2. kernel MPPE patch installation

Install the kernel MPPE (Microsoft Point to Point Encryption, Microsoft Point-to-Point Encryption) patch and select the appropriate version based on the kernel. The installation command is as follows:

# Rpm-ivh kernel-mppe-2.4.20-31.9.i686.rpm

Run the following command to check whether the kernel MPPE patch is successfully installed:

# Modprobe ppp-compress-18

3. does PPP support MPPE check?

Run the following command to check whether PPP supports MPPE:

# Strings/usr/sbin/pppd grep-I mppe wc -- lines

If the above command output is "0", it means not supported; if the output is "30" or a larger number, it means support.

4. PPTPD installation

Download and install the pptpd-1.1.4-b4.i386.rpm package.

# Rpm-ivh pptpd-1.1.4-b4.i386.rpm

Modify configuration file

1. modify the modules. conf file

Edit the/etc/modules. conf configuration file and add the following content:

Alias net-pf-47 ip_gre

2. modify the pptpd. conf file

Edit the/etc/pptpd. conf configuration file and add the following content to determine the IP address of the local VPN server and the IP address range allocated after the client logs on.

Debug

Option/etc/ppp/options.ppt pd

Localip 192.168.0.254 # IP address of the local VPN server

Remoteip 192.168.1.1-254 # IP address range allocated by the client

3.modify the options.ppt pd file

Edit the/etc/ppp/options.ppt pd configuration file and replace it with the following content:

Auth

Lock

Debug

Proxyarp

Lock

Name rh9vpn # name of the VPN server

Multilink

Refuse-pap

Refuse-chap

Refuse-mschap

Refuse-eap

Refuse-mschap-v2

Require-mppe

Ms-wins 192.168.1.2 # enter the IP address of the machine you want to see in the network neighbor.

Ms-dns 192.168.1.2 # DNS server address

Dump

Logfile/var/log/pptpd. log # log storage path

4. modify the chap-secrets file

Edit the/etc/chap-secrets configuration file and add the following content:

# Client server secret IP addresses

"Test@www.linuxidc.com" * "test "*

The four items in the second line of code correspond to the four items in the first line. Test@www.linuxidc.com "target =" _ blank ">" test@www.linuxidc.com "is the VPN user name of the Client;" server "corresponds to the name of the VPN server, the name must be the same as that specified in the/etc/ppp/options.ppt pd file, or be set to "*" to automatically identify the server; "secret" corresponds to the login password; "IP addresses" corresponds to the IP address of the client that can be dialed in. if you do not need to make any special restrictions, you can set it.

5. set IP disguised forwarding

Only remote computers connected to the VPN can ping each other after IP disguised forwarding is configured, so as to achieve sharing like a LAN. Run the following command to set the parameters:

# Echo 1>/proc/sys/net/ipv4/ip_forward

You can put this command in the file/etc/rc. d/rc. local to automatically run this command at startup.

6. open the firewall Port

Open port 1723 and Port 47 of the Linux server and enable the GRE protocol.

#/Sbin/iptables-a input-p tcp -- dport 1723-j ACCEPT

#/Sbin/iptables-a input-p tcp -- dport 47-j ACCEPT

#/Sbin/iptables-a input-p gre-j ACCEPT

Now the settings of the Linux server are complete, and the Windows client is used for testing.

Test

The following uses Windows Server 2003 as an example for testing.

1. create a connection

Click Start → Set → network and dial-up connections to open the network and dial-up connections window, and then click new connection to open the network connection wizard window, select or enter "connect to my workplace Network> virtual private network connection> company name (you can enter it as needed)> do not dial the initial connection → IP address (enter the IP address of the VPN server )", click OK to create a new connection.

2. modify connection attributes

Right-click the connection you just created, and click "properties> Network (select TCP/IP protocol)> Properties> Advanced ", remove the check box before "use the default gateway on the remote network" and click "OK ".

3. establish a connection

Double-click the established connection, enter the username and password set in advance, and click OK to connect. If the connection is successful, you can see the IP address allocated to the server and other information in the connection "details. Then, you can communicate with other computers in the connected Lan.
 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.