Set up a VPN for a single network card in Linux and use NAT to share the Internet

Article title: set up a VPN for a single Linux Nic and use NAT to share the Internet. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.

The server uses shorewall as the firewall. In fact, shorewall is only used as a configuration program of iptables. In fact, the firewall is still iptables;
The first step is to establish a VPN and use the software package PPTPD. the advantage of this is that authentication is convenient and windows is supported. the security is not as good as openvpn, but it is simple and practical;

Server environment:
OS: ubuntu server 8.10
Firewall: shorewall
IP: 192.168.2.100
Installation:

Sudo apt-get install pptpd

Modify the configuration file:/etc/pptpd. conf

Modify localip remoteip

Localip 192.168.250.1
Remoteip 192.168.250.234-238,192.168 .250.245

The local IP address is the server address after dialing. it can be written as the local IP address or the same IP address as the remoteip address.

Remoteip is the IP Segment allocated by the client. 12 IP addresses are allocated here, so that only 12 machines are allowed to connect through the VPN at the same time. then, the remoteip cannot be allocated to the IP address.

Modify the configuration file:/etc/ppp/chap-secrets

Set the account and password used for login in this file.

The format is as follows:

# Client server secret IP addresses

Abc * 123456

The first is the user name, the server address, the password used for login, and the IP address allocated after dialing for the customer. If this parameter is not specified, it is automatically assigned by the system.

After the above process, we have configured PPTPD.

Because the server uses the shorewall firewall, open ports 1723,47 and gre.

Edit/etc/shorewall/rules

Added:

ACCEPT net $ FW gre
ACCEPT net $ FW tcp 1723
ACCEPT net $ FW tcp 47

Then restart shorewall:

Sudo shorewall restart

Start testing VPN dialing on windows.

For more information about how to establish a VPN connection in windows

OK. You can dial the VPN, but you cannot connect to the Internet through the server network. you may find that you cannot do anything except access the server.

I will do the NAT below, but I have not done a good job in this place, and there are some defects. I hope this problem can be solved in the future.

After the VPN is dialed, you can see an additional PPP * network connection when using ifconfig on the server. for example, here I am ppp0

I also use shorewall for NAT.

Modify/etc/shorewall/interface

Added:

Ppp0 ipv4

Modify/etc/shorewall/zones

Added:

Ppp ppp0

Modify/etc/shorewall/masq

Added:

Eth0 ppp0

OK, and restart shorewall.

Sudo shorewall restart

NAT configured

Note that ppp0 must exist. Otherwise, an error is reported for shorewall. this is where shorewall is insufficient and inflexible.

If you do not use the shorewall firewall and directly use the iptables command to perform the dnat operation, no error will be reported because no ppp0 connection is available.