linux下PPTP Server測試環境搭建
1.1 伺服器軟體安裝
安裝PPTP Server 所需的軟體:
Ø 安裝PPTP:
sudo apt-get install pptpd
PPTPServer的軟體安裝很簡單,只需要安裝pptpd就可以了。
1.2 配置
Ø 執行命令vi /etc/pptpd.conf配置pptpd.conf檔案,增加修改如下:
------------------/etc/pptpd.conf-----------------------------
……#省略部分列印
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
localip 66.66.66.1 #server端地址
remoteip 66.66.66.2-100 #client端可分配地址段
-------------------------------------------------------------------
Ø 執行命令vi /etc/ppp/pptpd-options配置pptpd-option檔案,編輯修改如下:
------------------/etc/ppp/pptpd-options-----------------------------
……#省略部分列印
# (must match the second field in/etc/ppp/chap-secrets entries)
name 192.168.10.99 #修改用於認證的本機名,可直接使用IP地址
# Optional: domain name to use forauthentication
# domain mydomain.net
# Strip the domain prefix from the usernamebefore authentication.
# (applies if you use pppd withchapms-strip-domain patch)
#chapms-strip-domain
# Encryption
# Debian: on systems with a kernel builtwith the package
# kernel-patch-mppe >= 2.4.2 and usingppp >= 2.4.2, ...
# {{{
#refuse-pap
#refuse-chap
#refuse-mschap #註釋掉預設拒絕的方式
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2]authentication.
#require-mschap-v2 #註釋掉預設允許的方式
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 duringauthentication)
#require-mppe-128
require-chap #新增允許的方式
# }}}
# Network and Routing
# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by aWindows
# client. See KB311218 in Microsoft's knowledge base for moreinformation.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
ms-dns 202.106.0.20
ms-dns 6.6.6.6 #新增server端為client分配的dns
……#省略部分列印
-------------------------------------------------------------------
Ø 新增使用者,編輯chap-secrets檔案增加使用者名稱密碼:
---------------/etc/ppp/chap-secrets------------------
# Secretsfor authentication using CHAP
#client server secret IP addresses
test-pptp * 123456 *
-----------------------------------------------------------
//*表示不指定伺服器和IP地址
1.3 啟動和關閉伺服器
執行如下命令可以啟動、停止或重啟pptp server:
# /etc/init.d/pptpd start
# /etc/init.d/pptpd stop
# /etc/init.d/pptpd restart
可以檢視程序檢查伺服器是否已啟動:
1.4 啟用伺服器資料轉發
通過前面的配置,pptp客戶端應該已經可以正常撥號並獲取地址,但是如果不啟用伺服器的資料轉發,client即使拿到IP地址,流量也只能到達server而無法轉發出去,可通過以下步驟啟用伺服器的資料轉發。
Ø 修改sysctl.conf檔案啟用forward:
# vi /etc/sysctl.conf
執行命令sysctl –p讓修改生效:
Ø 使用iptables規則
iptables -A INPUT -i eth0 -s 66.66.66.0/24 -j DROP
iptables -t nat -A POSTROUTING -s 66.66.66.0/24 -j SNAT --to-source 192.168.10.99 //192.168.10.99為伺服器上實際網路出口的地址
1.5 測試
本處使用win7系統進行測試:
建立新的網路連線
建立完成後,修改VPN型別為PPTP:
撥號連線則可以正常從伺服器上獲取地址並連線網路:
檢視獲取到的地址和DNS:
路由跟蹤可以看到所有訪問外部網路的資料均經過pptp server進行轉發:
電腦上抓包可以看到資料包已進行ppp和gre封裝:
Server端: