Basic concepts of PPTP
First, let's understand what PPTP is. PPTP encapsulates a PPP (point-to-point Protocol) frame into an IP datagram, sent over an IP network such as the Internet or another enterprise-specific intranet. PPTP creates, maintains, terminates a tunnel through a PPTP control connection, and encapsulates the PPP frame using the Generic Routing encapsulation GRE (Generic Routing encapsulation). Prior to encapsulation, the payload of the PPP frame, i.e., the effective transmission of data, is usually encrypted, compressed or mixed with both. The PPTP protocol assumes a connected and available IP network between the PPTP client and the PPTP server. So if the PPTP client itself is already part of an IP network, you can get a connection to the PPTP server through that IP network. MPPE only provides connection encryption, not end-to-end encryption. End-to-end encryption belongs to the application layer encryption technology, if the application requires the implementation of End-to-end encryption, you can be established in the PPTP tunnel, the IP data streams at both ends are encrypted with IPSec. An internet-based PPTP server is a VPN server that uses the PPTP protocol, one with an interface on the Internet and another interface on an intranet.
PPTP connection process and tunnel maintenance
The PPTP control connection is established between the PPTP client IP address and the PPTP server IP address, the PPTP client uses the dynamically assigned TCP port number, and the PPTP server uses the reserved TCP port number 1723. PPTP control connections carry PPTP call control and management information to maintain PPTP tunnels, including sending loopback requests and loopback reply messages periodically in order to detect possible connection outages between the client and the server. The PPTP control connection packet includes an IP header, a TCP header and PPTP control information, and the packet format is as follows. The PPTP control connection packet shown also includes a data link layer header and a footer.
PPTP Typical connection process:
The TCP connection is established by a dynamically assigned TCP port on the PPTP client to TCP port 1723 on the PPTP server.
Build PPTP VPN
Domestic visit Google has always been good when bad, always used the host file, or DNS recently always do not work, friends have a U.S. VPS, here is thought of building a VPN, the following posted my installation steps
# Inspection Section
The code is as follows:
Modprobe ppp-compress-18 && Echo ' ok! MPPE was found! '
Ok! MPPE was found! Indicates that the system exists MPPE
# If not present, please install the attention version as follows
The code is as follows:
wget http://cdnetworks-kr-1.dl.sourceforge.net/project/poptop/mppe%20module%20builder/dkms-2.0.10-1/ dkms-2.0.10-1.noarch.rpm
wget http://surfnet.dl.sourceforge.net/project/poptop/mppe%20module%20builder/kernel_ppp_mppe-1.0.2% 20dkms-2.0.6/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
Rpm-e Kernel_ppp_mppe
Yum Install Kernel-devel
RPM-IVH dkms-2.0.10-1.noarch.rpm
RPM-IVH kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
# Install PPTPD
The code is as follows:
# yum-y Install PPP
# Download Address
The code is as follows:
# http://surfnet.dl.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/
wget http://surfnet.dl.sourceforge.net/project/poptop/pptpd/pptpd-1.3.4/pptpd-1.3.4.tar.gz
Tar zxf pptpd-1.3.4.tar.gz
CD pptpd-1.3.4
./configure
--prefix=/soft/pptpd-1.3.4
--enable-bcrelay
--with-libwrap
Make
Make install
Mkdir-p/soft/pptpd-1.3.4/etc
# CP Samples/options.pptpd/soft/pptpd-1.3.4/etc
# The contents of the configuration file are as follows
The code is as follows:
Name PPTPD
Debug
#logwtmp
Logfile/var/log/pptpd.log
Lock
Refuse-pap
Refuse-chap
Refuse-mschap
Require-mschap-v2
require-mppe-128
Proxyarp
Nobsdcomp
Novj
Novjccomp
Nologfd
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
# PPTP Master configuration file
The code is as follows:
CP Samples/pptpd.conf/soft/pptpd-1.3.4/etc
Option/soft/pptpd-1.3.4/etc/options.pptpd
Debug
Stimeout 30
Localip 192.168.142.136 (local IP)
Remoteip 192.168.142.200-205
# Copy Service files
Copy Code
The code is as follows:
CP PPTPD.INIT/ETC/INIT.D/PPTPD
# Add VPN Users
Copy Code
The code is as follows:
Vi/etc/ppp/chap-secrets
# Client Server Secret IP addresses//Add user's format
chmod +x/etc/init.d/pptpd
Sed-i s#/usr/sbin/pptpd#/soft/pptpd-1.3.4/sbin/pptpd--conf/soft/pptpd-1.3.4/etc/pptpd.conf--option/soft/ Pptpd-1.3.4/etc/options.pptpd#g
/etc/init.d/pptpd
/sbin/iptables-t nat-a postrouting-o eth0-s 192.168.142.0/24-j Masquerade
/sbin/iptables-p FORWARD ACCEPT
/sbin/iptables-a input-p tcp-m TCP--dport 1723-j ACCEPT