LinuxVPN
From WeWeWeb Wiki
Jump to navigationJump to searchThe printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.
Install VPN (PPTP)
1) Get the following packages dkms-1.12-2.noarch.rpm kernel_ppp_mppe-0.0.4-2dkms.noarch.rpm ppp-2.4.3-0.cvs_20040527.2.fc2.i386.rpm pptpd-1.2.1-1.i386.rpm 依次安装这些软件包
2)配置/etc/pptpd.conf ####################################################################### # # Sample PoPToP configuration file # # for PoPToP version 1.1.4 # ####################################################################### # TAG: speed # # Specifies the speed for the PPP daemon to talk at. # #speed 115200 # TAG: option # # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # #option /etc/ppp/options.pptpd # TAG: stimeout # # Specifies timeout (in seconds) on starting ctrl connection # # stimeout 10 # TAG: debug # # Turns on (more) debugging to syslog # #debug # TAG: bcrelay <if> # # Turns on broadcast relay to clients from interface <if> # Not yet implemented this way. Read README.bcrelay # #bcrelay eth1 # TAG: localip # TAG: remoteip # # Specifies the local and remote IP address ranges. # # You can specify single IP addresses seperated by commas or you can # specify ranges, or both. For example: # # 192.168.0.234,192.168.0.245-249,192.168.0.254 # # IMPORTANT RESTRICTIONS: # # 1. No spaces are permitted between commas or within addresses. # # 2. If you give more IP addresses than MAX_CONNECTIONS, it will # start at the beginning of the list and go until it gets # MAX_CONNECTIONS IPs. Others will be ignored. # # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238, # you must type 234-238 if you mean this. # # 4. If you give a single localIP, that's ok - all local IPs will # be set to the given one. You MUST still give at least one remote # IP for each simultaneous client. # option /etc/ppp/options.pptpd #localip 10.10.40.32 # remoteip 10.10.40.250-254 # or localip 192.168.0.1 remoteip 192.168.0.2-254 netmask 255.255.255.0
3) 配置 /etc/ppp/options.pptpd ## CHANGE TO SUIT YOUR SYSTEM lock ## turn pppd syslog debugging on debug dump logfd 2 logfile /var/log/pptpd.log ## change 'pptpd' to whatever you specify as your server name in chap-secrets name pptpd proxyarp #asyncmap auth # This option applies if you use ppp with chapms-strip-domain patch #chapms-strip-domain # These options apply if you use ppp with mppe patch # NB! You should also apply the ChapMS-V2 patch -chap -mschap +mschap-v2 require-mppe lcp-echo-failure 30 lcp-echo-interval 5 ipcp-accept-local ipcp-accept-remote #-chapms #+chapms-v2 #mppe-128 #mppe-stateless multilink
4) 配置 /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses "vpn" pptpd "vpn" * # 帐号名 服务名 密码 自动分配IP地址 # +++ pptpconfig added for tunnel vpn vpn * # --- pptpconfig added for tunnel vpn
5) 启动NAT转发机制 echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/modprobe ip_tables /sbin/modprobe iptable_filter /sbin/modprobe iptable_nat /sbin/modprobe ip_conntrack /sbin/modprobe ip_conntrack_ftp /sbin/modprobe ip_nat_ftp /sbin/iptables --flush INPUT /sbin/iptables --flush FORWARD /sbin/iptables --flush POSTROUTING --table nat echo 2 > /proc/sys/net/ipv4/ip_dynaddr echo 0 > /proc/sys/net/ipv4/tcp_ecn echo 1 > /proc/sys/net/ipv4/tcp_syncookies for f in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 1 > $f done echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE iptables -F FORWARD iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -j MASQUERADE iptables -F FORWARD iptables -A FORWARD -p udp -s 192.168.0.0/24 --dport 53 -j ACCEPT iptables -A FORWARD -p tcp -s 192.168.0.0/24 --dport 1723 -j ACCEPT iptables -A FORWARD -p gre -s 192.168.0.0/24 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
至此 VPN就配置通了
但是本人有一个问题: 就是VPN的客户端在通过VPN连接FTP的时候 在LIST的时候 就无法出现文件列表 请问这个问题如何解决 应该讲这个是IPTABLES里面的问题
Source: http://bbs.chinaunix.net/forum/50/20041015/425676.html
Goto Linux