The PPTP VPN on Linux server builds the whole strategy

Basic concepts of PPTP

First, let's understand what PPTP is. PPTP encapsulates a PPP (point-to-point Protocol) frame into an IP datagram, sent over an IP network such as the Internet or another enterprise-specific intranet. PPTP creates, maintains, terminates a tunnel through a PPTP control connection, and encapsulates the PPP frame using the Generic Routing encapsulation GRE (Generic Routing encapsulation). Prior to encapsulation, the payload of the PPP frame, i.e., the effective transmission of data, is usually encrypted, compressed or mixed with both. The PPTP protocol assumes a connected and available IP network between the PPTP client and the PPTP server. So if the PPTP client itself is already part of an IP network, you can get a connection to the PPTP server through that IP network. MPPE only provides connection encryption, not end-to-end encryption. End-to-end encryption belongs to the application layer encryption technology, if the application requires the implementation of End-to-end encryption, you can be established in the PPTP tunnel, the IP data streams at both ends are encrypted with IPSec. An internet-based PPTP server is a VPN server that uses the PPTP protocol, one with an interface on the Internet and another interface on an intranet.

　　PPTP connection process and tunnel maintenance

The PPTP control connection is established between the PPTP client IP address and the PPTP server IP address, the PPTP client uses the dynamically assigned TCP port number, and the PPTP server uses the reserved TCP port number 1723. PPTP control connections carry PPTP call control and management information to maintain PPTP tunnels, including sending loopback requests and loopback reply messages periodically in order to detect possible connection outages between the client and the server. The PPTP control connection packet includes an IP header, a TCP header and PPTP control information, and the packet format is as follows. The PPTP control connection packet shown also includes a data link layer header and a footer.

PPTP Typical connection process:

The TCP connection is established by a dynamically assigned TCP port on the PPTP client to TCP port 1723 on the PPTP server.

Build PPTP VPN

Domestic visit Google has always been good when bad, always used the host file, or DNS recently always do not work, friends have a U.S. VPS, here is thought of building a VPN, the following posted my installation steps

# Inspection Section

The code is as follows:

Modprobe ppp-compress-18 && Echo ' ok! MPPE was found! '

Ok! MPPE was found! Indicates that the system exists MPPE

# If not present, please install the attention version as follows

The code is as follows:

wget http://cdnetworks-kr-1.dl.sourceforge.net/project/poptop/mppe%20module%20builder/dkms-2.0.10-1/ dkms-2.0.10-1.noarch.rpm

wget http://surfnet.dl.sourceforge.net/project/poptop/mppe%20module%20builder/kernel_ppp_mppe-1.0.2% 20dkms-2.0.6/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Rpm-e Kernel_ppp_mppe

Yum Install Kernel-devel

RPM-IVH dkms-2.0.10-1.noarch.rpm

RPM-IVH kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

# Install PPTPD

The code is as follows:

# yum-y Install PPP

# Download Address

The code is as follows:

# http://surfnet.dl.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/

wget http://surfnet.dl.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/pptpd-1.3.4.tar.gz

Tar zxf pptpd-1.3.4.tar.gz

CD pptpd-1.3.4

./configure

--prefix=/soft/pptpd-1.3.4

--enable-bcrelay

--with-libwrap

Make

Make install

Mkdir-p/soft/pptpd-1.3.4/etc

# CP Samples/options.pptpd/soft/pptpd-1.3.4/etc

# The contents of the configuration file are as follows

The code is as follows:

Name PPTPD

Debug

#logwtmp

Logfile/var/log/pptpd.log

Lock

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

require-mppe-128

Proxyarp

Nobsdcomp

Novj

Novjccomp

Nologfd

Ms-dns 8.8.8.8

Ms-dns 8.8.4.4

# PPTP Master configuration file

The code is as follows:

CP Samples/pptpd.conf/soft/pptpd-1.3.4/etc

Option/soft/pptpd-1.3.4/etc/options.pptpd

Debug

Stimeout 30

Localip 192.168.142.136 (local IP)

Remoteip 192.168.142.200-205

# Copy Service files

Copy Code

The code is as follows:

CP PPTPD.INIT/ETC/INIT.D/PPTPD

# Add VPN Users

Copy Code

The code is as follows:

Vi/etc/ppp/chap-secrets

# Client Server Secret IP addresses//Add user's format

chmod +x/etc/init.d/pptpd

Sed-i s#/usr/sbin/pptpd#/soft/pptpd-1.3.4/sbin/pptpd--conf/soft/pptpd-1.3.4/etc/pptpd.conf--option/soft/ Pptpd-1.3.4/etc/options.pptpd#g

/etc/init.d/pptpd

/sbin/iptables-t nat-a postrouting-o eth0-s 192.168.142.0/24-j Masquerade

/sbin/iptables-p FORWARD ACCEPT

/sbin/iptables-a input-p tcp-m TCP--dport 1723-j ACCEPT