LinuxVPN

Install VPN (PPTP)

1) Get the following packages
dkms-1.12-2.noarch.rpm 
kernel_ppp_mppe-0.0.4-2dkms.noarch.rpm 
ppp-2.4.3-0.cvs_20040527.2.fc2.i386.rpm 
pptpd-1.2.1-1.i386.rpm 
依次安装这些软件包 

2)配置/etc/pptpd.conf 
#######################################################################
# 
# Sample PoPToP configuration file 
# 
# for PoPToP version 1.1.4 
# 
#######################################################################

# TAG: speed 
# 
# Specifies the speed for the PPP daemon to talk at. 
# 
#speed 115200 

# TAG: option 
# 
# Specifies the location of the PPP options file. 
# By default PPP looks in '/etc/ppp/options' 
# 
#option /etc/ppp/options.pptpd 

# TAG: stimeout 
# 
# Specifies timeout (in seconds) on starting ctrl connection 
# 
# stimeout 10 

# TAG: debug 
# 
# Turns on (more) debugging to syslog 
# 
#debug 

# TAG: bcrelay <if> 
# 
# Turns on broadcast relay to clients from interface <if> 
# Not yet implemented this way. Read README.bcrelay 
# 
#bcrelay eth1 

# TAG: localip 
# TAG: remoteip 
# 
# Specifies the local and remote IP address ranges. 
# 
# You can specify single IP addresses seperated by commas or you can 
# specify ranges, or both. For example: 
# 
# 192.168.0.234,192.168.0.245-249,192.168.0.254 
# 
# IMPORTANT RESTRICTIONS: 
# 
# 1. No spaces are permitted between commas or within addresses. 
# 
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will 
# start at the beginning of the list and go until it gets 
# MAX_CONNECTIONS IPs. Others will be ignored.

# 
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, 
# you must type 234-238 if you mean this. 
# 
# 4. If you give a single localIP, that's ok - all local IPs will 
# be set to the given one. You MUST still give at least one remote 
# IP for each simultaneous client. 
# 
option /etc/ppp/options.pptpd 
#localip 10.10.40.32 
# remoteip 10.10.40.250-254 
# or 
localip 192.168.0.1 
remoteip 192.168.0.2-254 
netmask 255.255.255.0

3) 配置 /etc/ppp/options.pptpd 
## CHANGE TO SUIT YOUR SYSTEM 
lock 

## turn pppd syslog debugging on 
debug 
dump 
logfd 2 
logfile /var/log/pptpd.log 

## change 'pptpd' to whatever you specify as your server name in chap-secrets 
name pptpd 

proxyarp 
#asyncmap 

auth 

# This option applies if you use ppp with chapms-strip-domain patch 
#chapms-strip-domain 

# These options apply if you use ppp with mppe patch 
# NB! You should also apply the ChapMS-V2 patch 
-chap 
-mschap 
+mschap-v2 
require-mppe 
lcp-echo-failure 30 
lcp-echo-interval 5 
ipcp-accept-local 
ipcp-accept-remote 

#-chapms 
#+chapms-v2 
#mppe-128 
#mppe-stateless 
multilink 

4) 配置 /etc/ppp/chap-secrets 
# Secrets for authentication using CHAP 
# client server secret IP addresses 
"vpn" pptpd "vpn" * 
# 帐号名 服务名 密码 自动分配IP地址 


# +++ pptpconfig added for tunnel vpn
vpn * 
# --- pptpconfig added for tunnel vpn 

5) 启动NAT转发机制 
echo 1 > /proc/sys/net/ipv4/ip_forward 
/sbin/modprobe ip_tables 
/sbin/modprobe iptable_filter 
/sbin/modprobe iptable_nat 
/sbin/modprobe ip_conntrack 
/sbin/modprobe ip_conntrack_ftp 
/sbin/modprobe ip_nat_ftp 
/sbin/iptables --flush INPUT 
/sbin/iptables --flush FORWARD 
/sbin/iptables --flush POSTROUTING --table nat 
echo 2 > /proc/sys/net/ipv4/ip_dynaddr 

echo 0 > /proc/sys/net/ipv4/tcp_ecn 

echo 1 > /proc/sys/net/ipv4/tcp_syncookies 

for f in /proc/sys/net/ipv4/conf/*/rp_filter; do 
echo 1 > $f 
done 
echo 1 > /proc/sys/net/ipv4/ip_forward 


iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE 
iptables -F FORWARD 
iptables -P FORWARD ACCEPT

iptables -t nat -A POSTROUTING -j MASQUERADE 
iptables -F FORWARD 
iptables -A FORWARD -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT 
iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 1723 -j ACCEPT 
iptables -A FORWARD -p gre -s 192.168.0.0/24 -j ACCEPT 
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 

至此 VPN就配置通了

但是本人有一个问题: 就是VPN的客户端在通过VPN连接FTP的时候 在LIST的时候 就无法出现文件列表 请问这个问题如何解决 应该讲这个是IPTABLES里面的问题

Source: http://bbs.chinaunix.net/forum/50/20041015/425676.html

Goto Linux