https://www.weweweb.net/wiki/index.php?action=history&feed=atom&title=LinuxVPN 2026-06-12T16:23:34Z Revision history for this page on the wiki MediaWiki 1.35.5 https://www.weweweb.net/wiki/index.php?title=LinuxVPN&diff=86&oldid=prev 2022-01-27T04:01:43Z

<p>Created page with &quot;==Install VPN (PPTP)== 1) Get the following packages dkms-1.12-2.noarch.rpm kernel_ppp_mppe-0.0.4-2dkms.noarch.rpm ppp-2.4.3-0.cvs_20040527.2.fc2.i386.rpm pptpd-1.2.1-...&quot;</p> <p><b>New page</b></p><div>==Install VPN (PPTP)==<br /> 1) Get the following packages<br /> dkms-1.12-2.noarch.rpm <br /> kernel_ppp_mppe-0.0.4-2dkms.noarch.rpm <br /> ppp-2.4.3-0.cvs_20040527.2.fc2.i386.rpm <br /> pptpd-1.2.1-1.i386.rpm <br /> 依次安装这些软件包 <br /> <br /> 2)配置/etc/pptpd.conf <br /> #######################################################################<br /> # <br /> # Sample PoPToP configuration file <br /> # <br /> # for PoPToP version 1.1.4 <br /> # <br /> #######################################################################<br /> <br /> # TAG: speed <br /> # <br /> # Specifies the speed for the PPP daemon to talk at. <br /> # <br /> #speed 115200 <br /> <br /> # TAG: option <br /> # <br /> # Specifies the location of the PPP options file. <br /> # By default PPP looks in '/etc/ppp/options' <br /> # <br /> #option /etc/ppp/options.pptpd <br /> <br /> # TAG: stimeout <br /> # <br /> # Specifies timeout (in seconds) on starting ctrl connection <br /> # <br /> # stimeout 10 <br /> <br /> # TAG: debug <br /> # <br /> # Turns on (more) debugging to syslog <br /> # <br /> #debug <br /> <br /> # TAG: bcrelay &lt;if&gt; <br /> # <br /> # Turns on broadcast relay to clients from interface &lt;if&gt; <br /> # Not yet implemented this way. Read README.bcrelay <br /> # <br /> #bcrelay eth1 <br /> <br /> # TAG: localip <br /> # TAG: remoteip <br /> # <br /> # Specifies the local and remote IP address ranges. <br /> # <br /> # You can specify single IP addresses seperated by commas or you can <br /> # specify ranges, or both. For example: <br /> # <br /> # 192.168.0.234,192.168.0.245-249,192.168.0.254 <br /> # <br /> # IMPORTANT RESTRICTIONS: <br /> # <br /> # 1. No spaces are permitted between commas or within addresses. <br /> # <br /> # 2. If you give more IP addresses than MAX_CONNECTIONS, it will <br /> # start at the beginning of the list and go until it gets <br /> # MAX_CONNECTIONS IPs. Others will be ignored.<br /> <br /> # <br /> # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, <br /> # you must type 234-238 if you mean this. <br /> # <br /> # 4. If you give a single localIP, that's ok - all local IPs will <br /> # be set to the given one. You MUST still give at least one remote <br /> # IP for each simultaneous client. <br /> # <br /> option /etc/ppp/options.pptpd <br /> #localip 10.10.40.32 <br /> # remoteip 10.10.40.250-254 <br /> # or <br /> localip 192.168.0.1 <br /> remoteip 192.168.0.2-254 <br /> netmask 255.255.255.0<br /> <br /> 3) 配置 /etc/ppp/options.pptpd <br /> ## CHANGE TO SUIT YOUR SYSTEM <br /> lock <br /> <br /> ## turn pppd syslog debugging on <br /> debug <br /> dump <br /> logfd 2 <br /> logfile /var/log/pptpd.log <br /> <br /> ## change 'pptpd' to whatever you specify as your server name in chap-secrets <br /> name pptpd <br /> <br /> proxyarp <br /> #asyncmap <br /> <br /> auth <br /> <br /> # This option applies if you use ppp with chapms-strip-domain patch <br /> #chapms-strip-domain <br /> <br /> # These options apply if you use ppp with mppe patch <br /> # NB! You should also apply the ChapMS-V2 patch <br /> -chap <br /> -mschap <br /> +mschap-v2 <br /> require-mppe <br /> lcp-echo-failure 30 <br /> lcp-echo-interval 5 <br /> ipcp-accept-local <br /> ipcp-accept-remote <br /> <br /> #-chapms <br /> #+chapms-v2 <br /> #mppe-128 <br /> #mppe-stateless <br /> multilink <br /> <br /> 4) 配置 /etc/ppp/chap-secrets <br /> # Secrets for authentication using CHAP <br /> # client server secret IP addresses <br /> &quot;vpn&quot; pptpd &quot;vpn&quot; * <br /> # 帐号名 服务名 密码 自动分配IP地址 <br /> <br /> <br /> # +++ pptpconfig added for tunnel vpn<br /> vpn * <br /> # --- pptpconfig added for tunnel vpn <br /> <br /> 5) 启动NAT转发机制 <br /> echo 1 &gt; /proc/sys/net/ipv4/ip_forward <br /> /sbin/modprobe ip_tables <br /> /sbin/modprobe iptable_filter <br /> /sbin/modprobe iptable_nat <br /> /sbin/modprobe ip_conntrack <br /> /sbin/modprobe ip_conntrack_ftp <br /> /sbin/modprobe ip_nat_ftp <br /> /sbin/iptables --flush INPUT <br /> /sbin/iptables --flush FORWARD <br /> /sbin/iptables --flush POSTROUTING --table nat <br /> echo 2 &gt; /proc/sys/net/ipv4/ip_dynaddr <br /> <br /> echo 0 &gt; /proc/sys/net/ipv4/tcp_ecn <br /> <br /> echo 1 &gt; /proc/sys/net/ipv4/tcp_syncookies <br /> <br /> for f in /proc/sys/net/ipv4/conf/*/rp_filter; do <br /> echo 1 &gt; $f <br /> done <br /> echo 1 &gt; /proc/sys/net/ipv4/ip_forward <br /> <br /> <br /> iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE <br /> iptables -F FORWARD <br /> iptables -P FORWARD ACCEPT<br /> <br /> iptables -t nat -A POSTROUTING -j MASQUERADE <br /> iptables -F FORWARD <br /> iptables -A FORWARD -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT <br /> iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 1723 -j ACCEPT <br /> iptables -A FORWARD -p gre -s 192.168.0.0/24 -j ACCEPT <br /> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT <br /> <br /> 至此 VPN就配置通了<br /> <br /> 但是本人有一个问题: 就是VPN的客户端在通过VPN连接FTP的时候 在LIST的时候 就无法出现文件列表 请问这个问题如何解决 应该讲这个是IPTABLES里面的问题<br /> <br /> Source: http://bbs.chinaunix.net/forum/50/20041015/425676.html<br /> ----<br /> Goto [[Linux]]</div>

Willy