linuxredhat9:pptpdvpn服务器的配置及说明
linux red hat 9 : pptpd vpn服务器的配置及说明
公司需要配置一个vpn的服务器,我选择了pptp这个协议,相关的软件如下:
1、kernelmod-0.7.1.tar.gz #MPPE的kernel补丁
2、ppp-2.4.2-b3.i386.rpm #升级PPP
3、pptpd-1.1.4-b4.i386.rpm #pptpd的软件
环境:
OS:red hat 9
在安装系统之后首先安装或升级PPP:
#rpm -qa|grep ppp #查询PPP有没有安装
#rpm -ivh pptpd-1.1.4-b4.i386.rpm #安装PPP
#rpm -Uvh pptpd-1.1.4-b4.i386.rpm #升级PPP
相关配置:
/etc/pptpd.conf pptpd的配置文件
/etc/ppp/options.pptpd 这是选项文件,我把它叫做控制文件
/etc/ppp/chap-secrtes 这是开帐户用的文件
实例:
/etc/pptpd.conf:
################################################################################
#
# Sample PoPToP configuration file
#
# for PoPToP version 1.1.4-b3
#
################################################################################
# TAG: speed
#
# Specifies the speed for the PPP daemon to talk at.
#
#speed 115200
# TAG: option
#
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/options.pptpd
# TAG: stimeout
#
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: debug
#
# Turns on (more) debugging to syslog
#
debug
# TAG: bcrelay <if>
#
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth0
listen 11.1.1.97
# TAG: localip
# TAG: remoteip
#
# Specifies the local and remote IP address ranges.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
localip 192.168.10.1
remoteip 192.168.10.100-240
netmast 255.255.255.0
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
########################################################################################
/etc/options.pptpd
## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
debug
dump
logfd 2
logfile /var/log/pptpd.log
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
mtu 1450
mru 1450
proxyarp
auth
#bsdcomp 0
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
nobsdcomp
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#+chap
#-chapms
#+chapms-v2
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
#mppe-128
#mppe-stateless
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
require-mschap-v2
# These options will tell ppp to pass on these to your clients
# To use ms-wins or ms-dns in options.pptpd it must exist in /etc/resolv.conf
multilink
require-mppe
#ms-wins your.server.here
#ms-dns 61.134.1.9
########################################################################################
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
####### redhat-config-network will overwrite this part!!! (begin) ##########
####### redhat-config-network will overwrite this part!!! (end) ############
user1 pptpd password1 *
user2 pptpd password2 *
查看内核是否支持Mppe :
#strings ' /usr/sbin/pppd' |grep -i mppe|wc --lines
大于30则支持mppe
加入模块
#modprobe ppp_mppe
出现一些提示说明成功加载
启动pptpd:
service pptpd start
本文出自
www.linuxstudy.cn
我的文章转过来!
