- Из всех возможных вариантов наиболее оптимальным является выбор между PPTP и OpenVPN. Point-To-Point Tunneling Protocol.
- From: vadim303 <http:// Date: Sun, 17: 02:14 +0000 (UTC) Subject: Настройка PPTP клиента в Linux Оригинал.
- Эта статья описывает установку и настройку того самого PPTP -сервера под управлением Linux. В качестве исходных данных будем использовать.
- Для начала удостоверимся, что наша сетевая плата обнаружилась и присутствует среди списка сетевых интерфейсов: [root@gw etc]# ifconfig eth0 Link.
- Настройка PPTP-клиента в Debian/Ubuntu $ apt-get install pptp-linux Для простоты введем переменные: название нашего соединения ($NameVPN) IP .
- PPTP не является эталоном безопасности и плохо дружит с Crossroads » Motel L.C. » Linux » VPN-сервер посредством PPTP на.
- . How to Setup a VPN (PPTP) Server on Debian Linux. VPN-ing into your server will allow you to connect to every possible service running on it, .
- Настройка PPTP-клиента в Debian/Ubuntu $ apt-get install pptp - linux Для простоты введем переменные: название нашего соединения ($NameVPN) IP.
PPTP Client - Arch. Wikipptpclient is a program implementing the Microsoft PPTP protocol. As such, it can be used to connect to a Microsoft VPN network (or any PPTP- based VPN) provided by a school or workplace. Installing PPTP Client. Install the pptpclient package. Configure. To configure pptpclient you will need to collect the following information from your network administrator.
The IP address or hostname of the VPN server. The username you will use to connect. The password you will use to connect. The authentication (Windows) domain name.
This is not necessary for certain networks. You must also decide what to name the tunnel. Configure using pptpsetup.
Недавно автору этих строк понадобилось настроить PPTP -соединение в Linux. После чтения документации оказалось что всё очень просто. Linux, FreeBSD and NetBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP.
You can configure and delete tunnels by running the pptpsetup tool as root. For example. pptpsetup - -create my_tunnel - -server vpn. You can #Connect after a tunnel has been configured.
Configure by hand. You can also edit all necessary configuration files by hand, rather than relying on pptpsetup. Edit The options File. The /etc/ppp/options file sets security options for your VPN client. If you have trouble connecting to your network, you may need to relax the options. At a minimum, this file should contain the options lock, noauth, nobsdcomp and nodeflate.
Lock the port. # We don't need the tunnel server to authenticate itself. Turn off compression protocols we know won't be used.
We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP- V2. MPPE). refuse- mschap. Edit The chap- secrets File. The /etc/ppp/chap- secrets file contains credentials for authenticating a tunnel.
Make sure no one except root can read this file, as it contains sensitive information. Edit the file. It has the following format. DOMAIN> \\< USERNAME> PPTP < PASSWORD> *Replace each bracketed term with an appropriate value. Omit < DOMAIN> \\ if your connection does not require a domain. Note: Place your password in double quotation marks (") if it contains special characters such as $. Warning: This file contains passwords in plain text. Guard it well! Name Your Tunnel.
The /etc/ppp/peers/< TUNNEL> file contains tunnel- specific configuration options. TUNNEL> is the name you wish to use for your VPN connection. The file should look like this. TUNNEL> pty "pptp < SERVER> - -nolaunchpppd". DOMAIN> \\< USERNAME>. PPTP. require- mppe- 1. TUNNEL> Again, omit < DOMAIN> \\ if your connection does not require a domain.
SERVER> is the remote address of the VPN server, < DOMAIN> is the domain your user belongs to, < USERNAME> is the name you will use to connect to the server, and < TUNNEL> is the name of the connection. Note: remotename PPTP is used to find < PASSWORD> in the /etc/ppp/chap- secrets File. Note: If you do not need MPPE support, you should remove the require- mppe- 1. Connect. To make sure that everything is configured properly, as root execute. TUNNEL> debug dump logfd 2 nodetach.
If everything has been configured correctly, the pon command should not terminate. Once you are satisfied that it has connected successfully, you can terminate the command. Note: As an additional verification you can run ip addr show and ensure that a new device, ppp. To connect to your VPN normally, simply execute. TUNNEL>. Where < TUNNEL> is the name of the tunnel you established earlier. Note that this command should be run as root.
Routing. Once you have connected to your VPN, you should be able to interact with anything available on the VPN server. To access anything on the remote network, you need to add a new route to your routing table. Note: Depending on your configuration, you may need to re- add the routing information every time you connect to your VPN. For more information on how to add routes, you can read this article which has many more examples: PPTP Routing Howto.
Split Tunneling. Packets with a destination of your VPN's network should be routed through the VPN interface (usually ppp. To do this, you create the route.
This will route all the traffic with a destination of 1. VPN's interface, (ppp. Route All Traffic. It may be desirable to route all traffic through your VPN connection. You can do this by running. Note: Routing all traffic through the VPN may result in slower over all connection speed because your traffic will be routed through the remote VPN before being routed normally.
Route All Traffic by /etc/ppp/ip- up. Note: All scripts in /etc/ppp/ip- up. VPN connection is established./etc/ppp/ip- up. This script is called with the following arguments. Interface name. # $3 The link speed. Local IP number. # $5 Peer IP number.
Optional ``ipparam'' value foo. Make sure the script is executable. Split Tunneling based on port by /etc/ppp/ip- up. Note: All scripts in /etc/ppp/ip- up. VPN connection is established./etc/ppp/ip- up. This script is called with the following arguments.
Interface name. # $3 The link speed. Local IP number. # $5 Peer IP number. Optional ``ipparam'' value foo. IRC ports over VPN. A OUTPUT - p tcp - m multiport - -dports 6. MARK - -set- mark 0x.
A POSTROUTING - o $1 - j MASQUERADE. Make sure the script is executable and that the vpn table is added to /etc/iproute.
Disconnect. Execute the following to disconnect from a VPN. TUNNEL>. < TUNNEL> is the name of your tunnel. Making A VPN Daemon and Connecting On Boot. You can create a simple daemon for your VPN connection by creating an appropriate /etc/rc. Note: As always, < TUNNEL> is the name of your tunnel.
ROUTING COMMAND> is the command you use to add the appropriate route to the routing table. Note: The stop functionality of this script will not work if the updetach and persist arguments are passed to /usr/bin/pon when pon is started. The reason for this is that the /usr/bin/poff script contains a bug when determining the PID of the specified pppd process if arguments were passed to pon.
To resolve this issue, you can patch your /usr/bin/poff file by making the following changes on line 9. PID=`ps axw | grep "[ /]pppd call $1 *\$" | awk '{print $1}'`. PID=`ps axw | grep "[ /]pppd call $1" | awk '{print $1}'`/etc/rc. DAEMON=< TUNNEL> -vpn. DAEMON ] & & . DAEMON. stat_busy "Starting $DAEMON". TUNNEL> updetach persist & > /dev/null & & < ROUTING COMMAND> & > /dev/null.
DAEMON. stat_busy "Stopping $DAEMON". TUNNEL> & > /dev/null.
DAEMON. echo "usage: $0 {start|stop|restart}". Note: We call pon in the script with two additional arguments: updetach and persist. The argument updetach makes pon block until the connection has been established. The other argument, persist, makes the network automatically reconnect in the event of a failure. To connect at boot add @< TUNNEL> -vpn to the end of your DAEMONS array in /etc/rc.
Troubleshooting. If client connections keep timing out, make sure that GRE is allowed through the client firewall. For iptables, the necessary command is. A INPUT - p 4. 7 - j ACCEPT. If your client is timing out with "LCP: timeout sending Config- Requests", then you might not have the proper modules loaded. You can find more information about configuring pptpclient at their website: pptpclient website. The contents of this article were adapted from their Ubuntu How- To which also provides some hints on how to do things such as connecting on boot.
These examples should be easy to adapt into daemons or other scripts to help automate your configuration. See also. PPTP server.