[VPN] VPN server configuration and application

Experimental scenario By configuring a VPN server on Linux, remote computers can access the intranet.

My purpose:

Now it is necessary to develop a third-party interface, and the third-party interface has a server IP address authentication configuration, so that the program developed locally must be published to the server for testing every time.

1. Download and install the VPN service

1. Download the required installation package

Enter: wget http://poptop.sourceforge.net/yu ... 0.17.5-1.noarch.rpm

Enter: wget http://poptop.sourceforge.net/yu ... . 2-3dkms.noarch.rpm

Input: http://poptop.sourceforge.net/yu ... -2.rhel5.x86_64.rpm

Because the above packages are officially upgraded and changed frequently, if they cannot be downloaded, they will be downloaded to http://poptop.sourceforge.net/yum/stable/packages/ according to the name

2. Install in turn

● Install gcc, which is the C compilation library (no need to install if the server already has one)

yum -install gcc

If the server configuration is configured with yum, refer to my other blog for configuration, or find information on the Internet to configure yum.

● Install dkms-2.0.17.5-1.noarch.rpm

rpm -ivh dkms-2.0.17.5-1.noarch.rpm

● Install kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

● Install pptpd-1.3.4-2.rhel5.x86_64.rpm

rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm

2. Configure the VPN server

1. Configure the main configuration file

vi /etc/pptpd.conf

Added at the end:

debug
ppp /usr/sbin/pppd
option /etc/ppp/options.pptpd
localip 117.34.78.222
remoteip 192.168.0.2-4

2. Configure the account file

vi /etc/ppp/chap-secrets

The edit content is (* in IP represents all):

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
Username pptpd password *
Username pptpd password 192.168.0.3
Username pptpd password 192.168.0.4

3. Start the service

service pptpd start

4. View port 1723 used by PPTP to listen

netstat -ntpl

5. Set NAT and turn on the Linux kernel routing function

Run the following command in turn:

iptables -t nat -F

iptables -t nat -A POSTROUTING -s 192.168.0.2/24 -j SNAT --to 117.34.78.222

echo 1 > /proc/sys/net/ipv4/ip_forward

6. Configure VPN to start automatically

Execute the command: ntsysv

7. Set iptables to allow VPN connection (or disable firewall)

Execute the command in turn:

iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
iptables -I INPUT -p tcp --dport 47 -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT

3. Use a VPN client to access

The server IP address is the 117.34.78.22 we configured above, and the account number and password are also set in the configuration file (I used red correction liquid to correct the part above, you can configure it yourself)

I won't go into detail here about how to dial up to connect to a VPN in win7.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Come to an end