LMLPHP后院

ubuntu vps 搭建 VPN server技术

maybe yes 发表于 2015-03-30 13:30

找到一篇比较好的文章ubuntu 下的 VPS 搭建 VPN server。链接https://vpnreviewer.com/how-to-install-vpn-server-pptp-debian-ubuntu-linux-vps

Last login: Sun Mar 29 23:11:05 2015 from 101.231.33.158
root@may:~# vi /etc/pptpd.conf
root@may:~# vi /etc/ppp/pptpd-options
root@may:~# vi /etc/ppp/chap-secrets
root@may:~# sysctl -p
net.ipv4.ip_forward = 1
root@may:~# ifconfig
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:2598 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2598 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:157633 (157.6 KB)  TX bytes:157633 (157.6 KB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:127.0.0.2  P-t-P:127.0.0.2  Bcast:0.0.0.0  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:1072658 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1070483 errors:0 dropped:5084 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:317907819 (317.9 MB)  TX bytes:306448988 (306.4 MB)

venet0:0  Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:107.155.101.65  P-t-P:107.155.101.65  Bcast:107.155.101.65  Mask:255.255.255.255
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1

root@may:~# iptables -t nat -A POSTROUTING -o venet0 -j MASQUERADE
root@may:~# iptables -A FORWARD -i venet0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
root@may:~# iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
root@may:~# service pptpd restart
Restarting PPTP:
Stopping PPTP: pptpd.
Starting PPTP Daemon: pptpd.
or

iptables:

iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j MASQUERADE
// try iptables -t nat -A POSTROUTING -s 10.10.0.0/24 -o venet0 -j SNAT --to-source xxx.xxx.xxx.xxx
root@may:~# iptables -I FORWARD -s 10.10.0.0/24 -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1300 
Step 1: install pptpd

apt-get update
apt-get install pptpd
this will install bcrelay, ppp, pptpd

Step 2: configure pptpd and ppp

pico -w /etc/pptpd.conf
(or use your favorite text editor, like vim)

Add the local and remote IP pool and the end of file:

localip 10.10.0.1
remoteip 10.10.0.2-10
in the above example, the VPN server IP will be 10.10.0.1 and the clients connecting to the VPN will be assigned private IP addresses from 10.10.0.2 to 10.10.0.10. You can obviously use other IP range or different private IP addresses (ex.: 192.168.x.y)

Save the file and exit the editor. Now edit the ppp configuration file:

pico -w /etc/ppp/pptpd-options
add the following at the end of file:

name pptpd
 refuse-pap
 refuse-chap
 refuse-mschap
 require-mschap-v2
 require-mppe-128
 ms-dns 8.8.8.8
 #ms-dns 8.8.4.4
 proxyarp
 nodefaultroute
 lock
 nobsdcomp
 mtu 1490
 mru 1490
this is what you should have in the file. Notice that the ppp daemon will refuse unsecure CHAP and MSCHAP V1 authentications. MS-CHAP V2 PPTP VPN is not too safe, either, but is definitely a better option that older CHAP and MS-CHAP V1.

Now you should add the VPN account username/password to the ppp secrets file. Edit /etc/ppp/chap-secrets and add something like this:

myusername pptpd mys3cr3tpass 10.10.0.2
myfriendsuser pptpd hisp@ssword 10.10.0.3
Step 3: enable packets forwarding 

Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing the # sign) and changing 0 to 1 so it looks like this:

net.ipv4.ip_forward=1
Save & exit the editor, then run:

sysctl -p
for the changes to take effect.

Add the iptables rule to create the NAT between eth0 and ppp interfaces:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
Note that iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and XEN.

If you use OpenVZ, you need to use iptables SOURCE like this:

iptables -t nat -A POSTROUTING -j SNAT --to-source <Public Server IP>
now restart pptpd by running:

service pptpd restart
that’s all. Now you should test the connection.
相关文章
2024-12-22 19:51:00 1734868260 0.008361