Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to use a single network card Ubuntu server to create PPTP Server. The editor thinks it is very practical, so I share it with you as a reference. I hope you can get something after reading this article.

There are many very useful resources in the internal network of the laboratory, such as scientific research literature, personal experimental data and so on, which are not easy to access once left the laboratory. The best way to solve this problem is VPN. There are many ways to build VPN servers on Ubuntu, the more famous of which are PPTP, L2TP/IPSec and OpenVPN. The security of the latter two of these three methods is better, but the configuration is more troublesome. Among them, OpenVPN needs additional clients on the Windows/Mac platform. Although the L2TP/IPSec method is better, after I configure it, although there is no problem with Windows and Linux users, Mac/iPhone has always been unable to connect, so I temporarily deleted it and later found out what the problem is and then switch to this method.

All that's left is PPTP. In fact, PPTP is the easiest way to configure among the three, and because the corresponding clients are built into the Windows/Mac system, it is very convenient to use. Below I will briefly write about my installation process, hoping to be useful to friends who need it. Of course, if you have any suggestions, you are welcome to put forward them.

First of all, all my operations are done in the Ubuntu 8.04 Server system introduced in the previous article. If your system is different from mine, please refer to the previous two articles. My server environment is a single network card eth0.

The software package needed to set up pptp server in Ubuntu is pptpd, which can be installed with apt-get:

Sudo apt-get pptpd pptpd

The system will automatically resolve dependencies, and after installation, you need to make some settings. Edit / etc/pptpd.conf first

Sudo nano / etc/pptpd.conf

Remove the comments on the parameters localip and remoteip at the end of the file and modify them accordingly. Here, localip is the ip address of the server after the VPN is connected, and remoteip is the assignable ip address of the client. Here is my configuration:

Localip 10.100.0.1 remoteip 10.100.0.2-10

After editing this file, we need to edit the / etc/ppp/pptpd-options file, or use nano to edit, the command will not be written here. Most of the parameters here only need to maintain the original default values, and we just need to change the ms-dns option to assign the DNS server address to the VPN client:

Ms-dns 202.113.16.10 ms-dns 208.67.222.222

Modify the / etc/ppp/chap-secrets file, which stores the user name and password of VPN, which can be filled in according to your actual situation. As shown in the comments in the file, the first column is the user name, the second column is the server name (you can write pptpd by default, and note that it is consistent here if you have changed it in the pptpd-options file), the third column is the password, and the fourth column is the IP restriction (no restrictions on writing *). I won't post my configuration here.

Once all is done, we need to restart the pptpd service for the new configuration to take effect:

Sudo / etc/init.d/pptpd restart

Find a Windows computer, create a new VPN link, fill in the server's IP (or domain name), fill in the username and password just set, the domain is empty (if you set it in pptpd-options, keep it consistent here), and click on the connection. Normally you should be able to establish a VPN link to the server.

After establishing a connection, you will find that except for the resources of the server, the rest of the internal and external and Internet content is inaccessible. If we need to access this content, we need to set up further:

First, turn on ipv4 forward. To do this, modify / etc/sysctl.conf, find lines similar to the following, and uncomment them:

Net.ipv4.ip_forward=1

Then make the new configuration effective:

Sudo sysctl-p

Sometimes, after this setting, the client machine can surf the Internet (I can do this on the virtual machine). But I still can't access the network after doing this on the server in the lab, so we need to set up a NAT. Here we use the powerful iptables to build NAT. First, install iptables:

Sudo apt-get intall iptables

Once installed, we add a rule to the nat table:

Sudo iptables-t nat-A POSTROUTING-s 10.100.0.0 Universe 24-o eth0-j MASQUERADE

After this operation, the client machine should be able to surf the Internet.

But, that's all, the iptables rule will be cleared the next time it restarts, so we need to save it again by using the iptables-save command:

Sudo iptables-save > / etc/iptables-rules

Then modify the / etc/network/interfaces file, find the eth0 section, and add the following sentence at the end of the setting for eth0:

Pre-up iptables-restore < / etc/iptables-rules

In this way, when the network card eth0 is loaded, the configuration we saved in advance with iptables-save will be loaded automatically.

At this point, a VPN Server/Gateway is basically set up. Of course, maybe you did it my way, but you still can't succeed, so here are some of the problems and solutions I encountered:

Unable to establish VPN connection

After pptpd is installed and set up, the client still cannot establish a connection to the server. The reasons may be as follows:

Server-side firewall settings: the PPTP service requires port 1723 (tcp) and the gre protocol, so make sure your firewall settings allow both.

If the server is behind the router, make sure that the appropriate settings and port forwarding are made on the router.

If the server is behind the router, make sure your server supports VPN Passthrough.

If the client is behind the router, the router used by the client must also support VPN Passthrough. In fact, the slightly better routers on the market support VPN Passthrough, and of course, it does not rule out that the cheapest and cheapest do not support it. Of course, if your router can swipe DD-Wrt, then do so, DD-Wrt is supported.

Able to establish links, but "almost" unable to access the Internet

I use the word "almost" here because it is not completely inaccessible to the Internet. The symptom is that it's okay to open a Google search, but no other sites can be opened; SSH is available, but scp is not; ftp can shake hands, but can't transfer files. I encountered this kind of situation. After careful Google, I found that it was the problem of MTU. I used ping to detect that the packet was too big. It is easy to know the problem, and we can correct it through iptables. Don't talk about the specific principle, you need your own Google. Just talking about the solution, add the following rules to the filter table:

Sudo iptables-A FORWARD-s 10.100.0.0Ma24-p tcp- m tcp--tcp-flags SYN,RST SYN-j TCPMSS-- set-mss 1200

1200 of the above rules can be modified according to your actual situation, in order to ensure the best network performance, this value should be constantly modified to ensure the maximum value of normal network use.

Well, at this point, a single network card pptp-server is complete.

This is the end of the article on "how to use a single network card Ubuntu server to build PPTP Server". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.