1.1 服务器软件安装
安裝PPTP Server 所需的软件:
Ø 安装PPTP:
sudo apt-get install pptpd
PPTPServer的软件安装很简单,只需要安装pptpd就可以了。
1.2 配置
Ø 执行命令vi /etc/pptpd.conf配置pptpd.conf文件,增加修改如下:
------------------/etc/pptpd.conf-----------------------------
……#省略部分打印
3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
you must type 234-238 if you mean this.
4. If you give a single localIP, that's ok - all local IPs will
be set to the given one. You MUST still give at least one remote
IP for each simultaneous client.
(Recommended)
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
localip 66.66.66.1 #server端地址
remoteip 66.66.66.2-100 #client端可分配地址段
Ø 执行命令vi /etc/ppp/pptpd-options配置pptpd-option文件,编辑修改如下:
------------------/etc/ppp/pptpd-options-----------------------------
……#省略部分打印
# (must match the second field in/etc/ppp/chap-secrets entries)
name 192.168.10.99 #修改用于认证的本机名,可直接使用IP地址
Optional: domain name to use forauthentication
domain mydomain.net
Strip the domain prefix from the usernamebefore authentication.
(applies if you use pppd withchapms-strip-domain patch)
chapms-strip-domain
Encryption
Debian: on systems with a kernel builtwith the package
kernel-patch-mppe >= 2.4.2 and usingppp >= 2.4.2, ...
{{{
refuse-pap
refuse-chap
refuse-mschap #注释掉默认拒绝的方式
Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
Challenge Handshake Authentication Protocol, Version 2]authentication.
require-mschap-v2 #注释掉默认允许的方式
Require MPPE 128-bit encryption
(note that MPPE requires the use of MSCHAP-V2 duringauthentication)
require-mppe-128
require-chap #添加允许的方式
}}}
Network and Routing
If pppd is acting as a server for Microsoft Windows clients, this
option allows pppd to supply one or two DNS (Domain Name Server)
addresses to the clients. The first instance of this option
specifies the primary DNS address; the second instance (if given)
specifies the secondary DNS address.
Attention! This information may not be taken into account by aWindows
client. See KB311218 in Microsoft's knowledge base for moreinformation.
ms-dns 10.0.0.1
ms-dns 10.0.0.2
ms-dns 202.106.0.20
ms-dns 6.6.6.6 #添加server端为client分配的dns
……#省略部分打印
Ø 添加用户,编辑chap-secrets文件增加用户名密码:
---------------/etc/ppp/chap-secrets------------------
Secretsfor authentication using CHAP
client server secret IP addresses
test-pptp * 123456 *
//*表示不指定服务器和IP地址
1.3 启动和关闭服务器
执行如下命令可以启动、停止或重启pptp server:
/etc/init.d/pptpd start
/etc/init.d/pptpd stop
/etc/init.d/pptpd restart
可以查看进程检查服务器是否已启动:
1.4 启用服务器数据转发
通过前面的配置,pptp客户端应该已经可以正常拨号并获取地址,但是如果不启用服务器的数据转发,client即使拿到IP地址,流量也只能到达server而无法转发出去,可通过以下步骤启用服务器的数据转发。
Ø 修改sysctl.conf文件启用forward:
vi /etc/sysctl.conf
执行命令sysctl –p让修改生效:
Ø 使用iptables规则
iptables -A INPUT -i eth0 -s 66.66.66.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 66.66.66.0/24 -j SNAT --to-source 192.168.10.99 //192.168.10.99为服务器上实际网络出口的地址
1.5 测试
本处使用win7系统进行测试:
创建新的网络连接
创建完成后,修改VPN类型为PPTP:
拨号连接则可以正常从服务器上获取地址并连接网络:
查看获取到的地址和DNS:
路由跟踪可以看到所有访问外部网络的数据均经过pptp server进行转发:
电脑上抓包可以看到数据包已进行ppp和gre封装:
Server端: