Simple VPN implementation solution for Linux in VM

VPN is widely used in the current network. In windows, you can refer to the relevant documents to easily build a VPN network, this experiment is based on the VPN setup experiment on the linux platform. The linux Server under two VMS on the experimental platform and the Ip address of a windows host as the client are planned as follows: client 192.

VPN is widely used in the current network. In windows, you can refer to the relevant documents to easily build a VPN network, this experiment is based on the VPN setup experiment on the linux platform.

Experiment Platform: two linux servers under the VM, one as the windows Host of the Client

Ip address planning:

Client 192.168.1.188 (analog Internet IP)

Intermediate server (used as a router): eth0 192.168.1.192 (analog Internet IP) eth1 10.0.0.1 (analog Intranet IP)

Intranet server segment (simulating Intranet environment): 10.0.0.2

 

First, the configuration on the intermediate router (most important) is as follows:

First, set the ip Address:

[Root @ localhost ~] # Vi/etc/sysconfig/network

NETWORKING = yes

NETWORKING_IPV6 = no

HOSTNAME = localhost. localdomain

GATEWAY = 192.168.1.1

[Root @ localhost ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0

# AdvaNcEdMicro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE = eth0

BOOTPROTO =StatIc

IPADDR = 192.168.1.192

NETMASK = 255.255.255.0

ONBOOT = yes

HWADDR = 00: 0c: 29: fa: fb: e6

[Root @ localhost ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth1

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE = eth1

BOOTPROTO = static

IPADDR = 10.0.0.1

NETMASK = 255.255.255.0

ONBOOT = yes

Next, configure the firewall iptables (using a script)

[Root @ localhost ~] # Vi ip. sh

#! /Bin/bash

/Sbin/ModprobeIp_tables

/Sbin/modprobe ip_nat _Ftp

/Sbin/modprobe ip_connTrAck_ftp

/Sbin/iptables-F

/Sbin/iptables-F-t nat

/Sbin/iptables-Z

/Sbin/iptables-X

/Sbin/iptables-P INPUT ACCEPT

/Sbin/iptables-P FORWARD ACCEPT

/Sbin/iptables-P OUTPUT ACCEPT

Echo "1">/proc/sys/net/ipv4/ip_forward

####### Ech0 wlan #############

/Sbin/iptables-t nat-a postrouting-o eth0-j MASQUERADE

/Sbin/iptables-a forward-s 0/0-d 0/0-j ACCEPT

[Root @ localhost ~] #ChmodA + x ip. sh

[Root @ localhost ~] #./Ip. sh

[Root @ localhost ~] # Service iptables save

The functions here are implemented using the pptp suite. The following is the installation and configuration

[Root @ localhost ~] # Rpm-qa |GrepPptp // check whether pptp has been installed. If not, proceed to the next step.

Pptpd-1.3.4-2.fc9

[Root @ localhost ~] # Yum-y install pptp

[Root @ localhost ~] # Wget http://poptop.sourceforge.net/yum/beta/packages/pptpd-1.3.4-2.fc9.i386.rpm // download pptpd

[Root @ localhost ~] # Rpm-ivh pptpd-1.3.4-2.fc9.i386.rpm

Next, configure the archive.

[Root @ localhost ~] # Vi/etc/pptpd. conf // Add the following two statements:

Localip 10.0.0.1

Remoteip 10.0.0.100-200

[Root @ localhost ~] #Cd/Etc/ppp/

[Root @ localhost ppp] # vi options.ppt pd // set an available DNS. Here I use internal

Ms-dns 202.102.240.65

[Root @ localhost ppp] # vi chap-secrets // set the account and password that can be logged on to the client

# Secrets for authentiCatIon using CHAP

# Client server secret IPDdResses

Admin pptpd 123456

Restart related services.

[Root @ localhost ~] #/Etc/init. d/network restart

[Root @ localhost ~] #/Etc/init. d/pptpd start

 

2. settings on the Intranet host

[Root @ localhost ~] # Vi/etc/sysconfig/network // configure the Gateway

NETWORKING = yes

NETWORKING_IPV6 = no

HOSTNAME = localhost. localdomain

GATEWAY = 10.0.0.1

[Root @ localhost ~] # Vi/etc/sysconfig/network-scripts/ifcfg-eth0 // set ip

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE = eth0

BOOTPROTO = none

IPADDR = 10.0.0.2

NETMASK = 255.255.255.0

BONBOOT = yes

[Root @ localhost ~] # Iptables-F

[Root @ localhost ~] # Iptables-F-t nat

[Root @ localhost ~] #/Etc/init. d/network restart

 

Third: settings on the client

Create a VPN connection

 

Experiment summary:

In this way, the experiment has been completely completed and the theoretical knowledge of VPN has been learned, because the restrictions on conditions have not been implemented until now, and some errors have also occurred in the middle, the VPN connection experiment is finally achieved through careful check!