ubuntu vps 搭建 VPN server技术
找到一篇比较好的文章,ubuntu 下的 VPS 搭建 VPN server。链接:https://vpnreviewer.com/how-to-install-vpn-server-pptp-debian-ubuntu-linux-vps。
Last login: Sun Mar 29 23:11:05 2015 from 101.231.33.158
root@may:~# vi /etc/pptpd.conf
root@may:~# vi /etc/ppp/pptpd-options
root@may:~# vi /etc/ppp/chap-secrets
root@may:~# sysctl -p
net.ipv4.ip_forward = 1
root@may:~# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2598 errors:0 dropped:0 overruns:0 frame:0
TX packets:2598 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:157633 (157.6 KB) TX bytes:157633 (157.6 KB)
venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.2 P-t-P:127.0.0.2 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:1072658 errors:0 dropped:0 overruns:0 frame:0
TX packets:1070483 errors:0 dropped:5084 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:317907819 (317.9 MB) TX bytes:306448988 (306.4 MB)
venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:107.155.101.65 P-t-P:107.155.101.65 Bcast:107.155.101.65 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
root@may:~# iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
root@may:~# iptables -A FORWARD -i venet0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
root@may:~# iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
root@may:~# service pptpd restart
Restarting PPTP:
Stopping PPTP: pptpd.
Starting PPTP Daemon: pptpd.
or
iptables:
iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j MASQUERADE
// try iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j SNAT --to-source xxx.xxx.xxx.xxx
root@may:~# iptables -I FORWARD -s 10.10.0.0/24 -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1300
Step 1: install pptpd apt-get update apt-get install pptpd this will install bcrelay, ppp, pptpd Step 2: configure pptpd and ppp pico -w /etc/pptpd.conf (or use your favorite text editor, like vim) Add the local and remote IP pool and the end of file: localip 10.10.0.1 remoteip 10.10.0.2-10 in the above example, the VPN server IP will be 10.10.0.1 and the clients connecting to the VPN will be assigned private IP addresses from 10.10.0.2 to 10.10.0.10. You can obviously use other IP range or different private IP addresses (ex.: 192.168.x.y) Save the file and exit the editor. Now edit the ppp configuration file: pico -w /etc/ppp/pptpd-options add the following at the end of file: name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 #ms-dns 8.8.4.4 proxyarp nodefaultroute lock nobsdcomp mtu 1490 mru 1490 this is what you should have in the file. Notice that the ppp daemon will refuse unsecure CHAP and MSCHAP V1 authentications. MS-CHAP V2 PPTP VPN is not too safe, either, but is definitely a better option that older CHAP and MS-CHAP V1. Now you should add the VPN account username/password to the ppp secrets file. Edit /etc/ppp/chap-secrets and add something like this: myusername pptpd mys3cr3tpass 10.10.0.2 myfriendsuser pptpd hisp@ssword 10.10.0.3 Step 3: enable packets forwarding Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing the # sign) and changing 0 to 1 so it looks like this: net.ipv4.ip_forward=1 Save & exit the editor, then run: sysctl -p for the changes to take effect. Add the iptables rule to create the NAT between eth0 and ppp interfaces: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT Note that iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and XEN. If you use OpenVZ, you need to use iptables SOURCE like this: iptables -t nat -A POSTROUTING -j SNAT --to-source <Public Server IP> now restart pptpd by running: service pptpd restart that’s all. Now you should test the connection.
相关文章
暂无