Home | 简体中文 | 繁体中文 | 杂文 | Github | 知乎专栏 | 51CTO学院 | CSDN程序员研修院 | OSChina 博客 | 腾讯云社区 | 阿里云栖社区 | Facebook | Linkedin | Youtube | 打赏(Donations) | About
知乎专栏多维度架构

33.2. pptpd

33.2.1. Server 服务端

过程 33.12. pptpd 安装步骤

  1. install

    Ubuntu

    				
    $ sudo apt-get install pptpd
    				
    				

    CentOS

    				
    # yum install pptp pptp-setup
    				
    				
  2. $ sudo vim /etc/pptpd.conf

    				
    localip 172.16.0.1
    remoteip 172.16.0.50-100
    				
    				
  3. $ sudo vim /etc/ppp/pptpd-options

    				
    ms-dns 208.67.222.222
    ms-dns 208.67.220.220
    				
    				
  4. $ sudo vim /etc/ppp/chap-secrets

    				
    # Secrets for authentication using CHAP
    # client        server  secret                  IP addresses
    neo pptpd chen *
    				
    				
  5. restart

    				
    sudo /etc/init.d/pptpd restart
    Restarting PPTP:
    Stopping PPTP: pptpd.
    Starting PPTP Daemon: pptpd.
    				
    				
  6. 				
    # ifconfig ppp0
    ppp0      Link encap:Point-to-Point Protocol
              inet addr:192.168.3.9  P-t-P:192.168.3.15  Mask:255.255.255.255
              UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
              RX packets:1545 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1008 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:3
              RX bytes:342505 (334.4 KiB)  TX bytes:239324 (233.7 KiB)
    					
    				
  7. $ sudo vim /etc/sysctl.conf

    				
    # Uncomment the next line to enable packet forwarding for IPv4
    net.ipv4.ip_forward=1
    				
    				

    refresh status

    				
    $ sudo sysctl -p
    net.ipv4.ip_forward = 1
    				
    				
  8. NAT

    				
    $ sudo iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
    $ sudo iptables-save > /etc/iptables-rules
    				
    				

    $ sudo vim /etc/network/interfaces

    				
    pre-up iptables-restore < /etc/iptables-rules
    				
    				
  9. firewall

    				
    $ sudo ufw allow 1723
    Rules updated
    				
    				

MTU

		
$ sudo iptables -A FORWARD -s 10.100.0.0/24 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1200

还有一个最简单的修改mtu的办法:
$ sudo vim /etc/ppp/ip-up.local

!/bin/bash

/sbin/ifconfig $1 mtu 1496
		
		

33.2.2. Client 客户端

安装pptp客户端

		
yum install -y pptp pptp-setup
		
		
创建账号

普通账号

			
pptpsetup --create vpn --server vpn.netkiller.cn \
--username neo --password netkiller
			
			

加密账号

			
pptpsetup --create vpn0 --server vpn.netkiller.cn \
--username neo --password netkiller --encrypt
			
			

查看vpn配置文件

			
# cat /etc/ppp/peers/vpn 
# written by pptpsetup
pty "pptp vpn.netkiller.cn --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name neo
remotename vpn
ipparam vpn
			
			
内核模块安装
			
for module in nf_nat_pptp nf_conntrack_pptp nf_conntrack_proto_gre
do
    modprobe $module
done
			
			
拨入VPN

链接vpn

			
pppd call vpn
			
			

查看日志

			
# tail -f /var/log/messages | grep pppd
Sep  9 19:09:19 iZ621r6pk9aZ pppd[21801]: pppd 2.4.5 started by root, uid 0
Sep  9 19:09:19 iZ621r6pk9aZ pppd[21801]: Using interface ppp0
			
			
路由配置
自动配置路由

创建文件/etc/ppp/ip-up.local,写入添加路由命令,然后赋予可执行权限。

				
[neo@netkiller ppp]# cat /etc/ppp/ip-up.local 
ip route add 192.168.0.0/24 dev ppp0  scope link

[neo@netkiller ppp]# chmod +x /etc/ppp/ip-up.local 
				
				

创建文件 /etc/ppp/ip-down.local 写入删除路由命令,然后赋予可执行权限

				
# cat /etc/ppp/ip-down.local
ip route del 192.168.0.0/24 dev ppp0

chmod +x /etc/ppp/ip-down.local
				
				
手工配置路由

添加路由

				
ip route add 192.168.0.0/24 dev ppp0  scope link
				
				

查看路由表

				
[neo@netkiller ppp]# ip route 
default via 47.19.19.27 dev eth1 
1.2.2.2 dev ppp0  proto kernel  scope link  src 2.0.1.8 
10.0.0.0/8 via 10.47.47.247 dev eth0 
10.47.40.0/21 dev eth0  proto kernel  scope link  src 10.47.40.190 
47.89.36.0/22 dev eth1  proto kernel  scope link  src 47.89.36.254 
100.64.0.0/10 via 10.47.47.247 dev eth0 
118.142.17.226 via 47.89.39.247 dev eth1  src 47.89.36.254 
169.254.0.0/16 dev eth0  scope link  metric 1002 
169.254.0.0/16 dev eth1  scope link  metric 1003 
172.16.0.0/12 via 10.47.47.247 dev eth0  
192.168.0.0/24 dev ppp0  scope link
				
				

删除路由

				
ip route del 192.168.0.0/24 dev ppp0
				
				

FreeBSD 等老系统

				
route add -net 192.168.0.0/24 dev ppp0
				
				

33.2.3. FAQ

800 错误

错误:800

运行 ipconfig /flushdns 后,再试

测试 PPTP 端口
			
telnet vpn.netkiller.cn 1723	
			
			
debug
			
# pppd call vpn debug dump logfd 2 updetach
pppd options in effect:
debug		# (from command line)
updetach		# (from command line)
logfd 2		# (from command line)
dump		# (from command line)
noauth		# (from /etc/ppp/peers/vpn)
name cf4		# (from /etc/ppp/peers/vpn)
remotename vpn		# (from /etc/ppp/peers/vpn)
		# (from /etc/ppp/peers/vpn)
pty pptp vpn.netkiller.cn --nolaunchpppd		# (from /etc/ppp/peers/vpn)
ipparam vpn		# (from /etc/ppp/peers/vpn)
nobsdcomp		# (from /etc/ppp/peers/vpn)
nodeflate		# (from /etc/ppp/peers/vpn)
using channel 4
Using interface ppp0
Connect: ppp0 <--> /dev/pts/6
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xf6887c7c> <pcomp> <accomp>]