VPN is an indispensable service for all Internet enterprises. Its existence greatly facilitates our office efficiency. When a Server failure occurs, engineers no longer need to take a taxi to the company to handle the problem. They can dial up and connect to the company at home, so they can handle the problem easily and happily. Of course, what I am talking about here is not a hardware device fault. If it is a physical fault, you still have to take a taxi to the company's office.
Currently, VPN is divided into two types: Software and Hardware. A powerful company will choose a hardware VPN, which is stable and easy to configure. Small companies can choose to use software for cost saving.
Today, we take PPTPD as an example to learn how to quickly build our own VPN Server in linux.
- Operating System: centos 5.8 x86_64
- Both single and dual NICs are supported.
Check the system environment before installation:
Check whether the system kernel supports the MPPE patch. If OK is displayed, the system supports the MPPE patch. If not, install kernel-devel first.
- modprobe ppp-compress-18 && echo ok
Check whether TUN/TAP support is enabled.
- cat /dev/net/tun
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 133 "src =" http://www.bkjia.com/uploads/allimg/131228/0210152243-0.png "/>
You can install pptp only after both of the preceding steps are passed. Otherwise, you need to consider using other VPN service software.
Check whether ppp and iptables are installed. If not, install pptpd based on these software.
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 133 "src =" http://www.bkjia.com/uploads/allimg/131228/0210154K0-1.png "/>
The installation command is as follows:
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 188 "src =" http://www.bkjia.com/uploads/allimg/131228/0210155115-2.png "/>
Install pptpd:
- rpm -ivh http://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.x86_64.rpm
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 70 "src =" http://www.bkjia.com/uploads/allimg/131228/021015D93-3.png "/>
Configure pptp. First, edit the/etc/pptpd. conf file:
- Vim/etc/pptpd. conf
- Remove # from the field below. Here, set the IP address range that can be obtained by the default gateway and vpn Client:
- Localip 192.168.66.1
- Remoteip 192.168.66.101-130
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 136 "src =" http://www.bkjia.com/uploads/allimg/131228/021015LH-4.png "/>
Next, edit/etc/ppp/options.ppt pd:
- Vim/etc/ppp/options.ppt pd
- Remove "#" before "ms-dns" and modify it to the following fields. Here we mainly set the DNS server to be used:
- Ms-dns 211.147.6.3
- Ms-dns 202.106.0.20
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 135 "src =" http://www.bkjia.com/uploads/allimg/131228/0210153Y0-5.png "/>
Set the pptp VPN account password. Edit the/etc/ppp/chap-secrets file:
- Vim/etc/ppp/chap-secrets
- Enter the following field. An asterisk indicates that any IP address is allowed to connect to the VPN Server:
- Testuser pptpd testpass *
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 96 "src =" http://www.bkjia.com/uploads/allimg/131228/021015FN-6.png "/>
Modify the kernel settings to support forwarding. Edit the/etc/sysctl. conf file:
- Vim/etc/sysctl. conf
- Change "net. ipv4.ip _ forward" to 1:
- Net. ipv4.ip _ forward = 1
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 448 "src =" http://www.bkjia.com/uploads/allimg/131228/0210152c2-7.png "/>
Save and exit, and execute the following command to take effect:
- sysctl -p
Add iptables forwarding rules.
- iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
- iptables -I INPUT -p tcp --dport 47 -j ACCEPT
- iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
- iptables -I INPUT -p gre -j ACCEPT
Save the firewall settings.
- /etc/init.d/iptables save
Set to automatically run the service at startup.
- chkconfig pptpd on
- chkconfig iptables on
PPTPD server control method:
- Start the pptpd service:
- /Etc/init. d/pptpd start
- Stop pptpd:
- /Etc/init. d/pptpd stop
- Restart pptpd:
- /Etc/init. d/pptpd restart
- Close the service and kill an online vpn Client:
- /Etc/init. d/pptpd restart-kill
- View the current running status of pptpd:
- /Etc/init. d/pptpd status
Client connection test:
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 196 "src =" http://www.bkjia.com/uploads/allimg/131228/0210151010-8.png "/>
650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 383 "src =" http://www.bkjia.com/uploads/allimg/131228/0210154J5-9.png "/>
650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/0210153350-10.png "/>
For more information about client VPN configuration, see Baidu.
Let's try it all. If you have any questions, please join me.
This article from the "small Cui's growth path" blog, please be sure to keep this source http://cyr520.blog.51cto.com/714067/1161788