Quickly build a VPN Server for Small and Medium-sized Enterprises

Source: Internet
Author: User

VPN is an indispensable service for all Internet enterprises. Its existence greatly facilitates our office efficiency. When a Server failure occurs, engineers no longer need to take a taxi to the company to handle the problem. They can dial up and connect to the company at home, so they can handle the problem easily and happily. Of course, what I am talking about here is not a hardware device fault. If it is a physical fault, you still have to take a taxi to the company's office.

Currently, VPN is divided into two types: Software and Hardware. A powerful company will choose a hardware VPN, which is stable and easy to configure. Small companies can choose to use software for cost saving.

Today, we take PPTPD as an example to learn how to quickly build our own VPN Server in linux.

 
 
  1. Operating System: centos 5.8 x86_64 
  2. Both single and dual NICs are supported.
     

Check the system environment before installation:

Check whether the system kernel supports the MPPE patch. If OK is displayed, the system supports the MPPE patch. If not, install kernel-devel first.

 
 
  1. modprobe ppp-compress-18 && echo ok 

Check whether TUN/TAP support is enabled.

 
 
  1. cat /dev/net/tun 

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 133 "src =" http://www.bkjia.com/uploads/allimg/131228/0210152243-0.png "/>

You can install pptp only after both of the preceding steps are passed. Otherwise, you need to consider using other VPN service software.

Check whether ppp and iptables are installed. If not, install pptpd based on these software.

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 133 "src =" http://www.bkjia.com/uploads/allimg/131228/0210154K0-1.png "/>

The installation command is as follows:

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 188 "src =" http://www.bkjia.com/uploads/allimg/131228/0210155115-2.png "/>

Install pptpd:

 
 
  1. rpm -ivh http://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.x86_64.rpm 

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 70 "src =" http://www.bkjia.com/uploads/allimg/131228/021015D93-3.png "/>

Configure pptp. First, edit the/etc/pptpd. conf file:

 
 
  1. Vim/etc/pptpd. conf
  2. Remove # from the field below. Here, set the IP address range that can be obtained by the default gateway and vpn Client: 
  3. Localip 192.168.66.1
  4. Remoteip 192.168.66.101-130

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 136 "src =" http://www.bkjia.com/uploads/allimg/131228/021015LH-4.png "/>

Next, edit/etc/ppp/options.ppt pd:

 
 
  1. Vim/etc/ppp/options.ppt pd
  2. Remove "#" before "ms-dns" and modify it to the following fields. Here we mainly set the DNS server to be used: 
  3. Ms-dns 211.147.6.3
  4. Ms-dns 202.106.0.20

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 135 "src =" http://www.bkjia.com/uploads/allimg/131228/0210153Y0-5.png "/>

Set the pptp VPN account password. Edit the/etc/ppp/chap-secrets file:

 
 
  1. Vim/etc/ppp/chap-secrets
  2. Enter the following field. An asterisk indicates that any IP address is allowed to connect to the VPN Server:
  3. Testuser pptpd testpass *

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 96 "src =" http://www.bkjia.com/uploads/allimg/131228/021015FN-6.png "/>

Modify the kernel settings to support forwarding. Edit the/etc/sysctl. conf file:

 
 
  1. Vim/etc/sysctl. conf
  2. Change "net. ipv4.ip _ forward" to 1: 
  3. Net. ipv4.ip _ forward = 1

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 448 "src =" http://www.bkjia.com/uploads/allimg/131228/0210152c2-7.png "/>

Save and exit, and execute the following command to take effect:

 
 
  1. sysctl -p 

Add iptables forwarding rules.

 
 
  1. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 
  2. iptables -I INPUT -p tcp --dport 47 -j ACCEPT 
  3. iptables -I INPUT -p tcp --dport 1723 -j ACCEPT 
  4. iptables -I INPUT -p gre -j ACCEPT 

Save the firewall settings.

 
 
  1. /etc/init.d/iptables save 

Set to automatically run the service at startup.

 
 
  1. chkconfig pptpd on 
  2. chkconfig iptables on 

PPTPD server control method:

 
 
  1. Start the pptpd service:
  2. /Etc/init. d/pptpd start
  3. Stop pptpd: 
  4. /Etc/init. d/pptpd stop
  5. Restart pptpd:
  6. /Etc/init. d/pptpd restart
  7. Close the service and kill an online vpn Client: 
  8. /Etc/init. d/pptpd restart-kill
  9. View the current running status of pptpd: 
  10. /Etc/init. d/pptpd status

Client connection test:

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 196 "src =" http://www.bkjia.com/uploads/allimg/131228/0210151010-8.png "/>

650) this. width = 650; "style =" border-bottom: 0px; border-left: 0px; border-top: 0px; border-right: 0px "title =" image "border =" 0 "alt =" image "height =" 383 "src =" http://www.bkjia.com/uploads/allimg/131228/0210154J5-9.png "/>

650) this. width = 650; "border =" 0 "alt =" "src =" http://www.bkjia.com/uploads/allimg/131228/0210153350-10.png "/>

For more information about client VPN configuration, see Baidu.

Let's try it all. If you have any questions, please join me.

This article from the "small Cui's growth path" blog, please be sure to keep this source http://cyr520.blog.51cto.com/714067/1161788

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.