PPTPServer在UBUNTU下的配置

大綱：

1 在10.3.105.4 ubuntu14.04 上配置PPTPD服務端

2 在10.3.105.140  ubuntu14.04 上配置PPTPD客戶端

3 在10.3.105.90  windows7 上配置PPTPD客戶端

 

 

參考資料：

PPTPServer - Community Help Wiki.pdf

在Ubuntu上安裝PPTP VPN服務.pdf

 

第一部分 服務端配置

First we need to install pptp server using apt-get

# sudo apt-get install pptpd

Then we need to configure the pptpd.

# sudo nano /etc/pptpd.conf

Add server IP and client IP at the end of the file. You can add like below:

localip 192.168.0.1

remoteip 192.168.0.100-200

This sets up the PPTP server to use IP 192.168.0.1 while distributing the IP range 192.168.0.100 to 192.168.0.200 to PPTP clients.

Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.

Configure DNS servers to use when clients connect to this PPTP server

# sudo nano /etc/ppp/pptpd-options

Uncomment the ms-dns and add google like below or OpenDNS

ms-dns 8.8.8.8

ms-dns 8.8.4.4

Now add a VPN user in /etc/ppp/chap-secrets file.

# sudo nano /etc/ppp/chap-secrets

The column is username. Second column is server name, you can put “pptpd” in there. Third column is password. The last column is

the IP addresses, you can put * to allow all IP.

# client server secret IP addresses

username * myPassword *

Finally start your server

# /etc/init.d/pptpd restart

Setup IP Forwarding

To enable IPv4 forward. Change /etc/sysctl.conf file, add forward rule below.

# sudo nano /etc/sysctl.conf

Uncomment the line

net.ipv4.ip_forward=1

Then reload the configuration

sudo sysctl -p

Add forward rule in iptables

# sudo nano /etc/rc.local

adding to the bottom just before the exit 0

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356

This example is using 192.168.0 for its PPTP subnet. The second rule adjusts the MTU size :

You are done. Just reboot your server and you should be able to connect to using PPTPD and send all your traffic through this server.

第二部分 ubuntu客戶端驗證

參考文件：Ubuntu透過PPTP協議使用VPN.pdf

操作日誌：

  52  apt list pptp-linux

   53  route -n

   54  ip route

   55  pptpsetup --create myvpn --server 10.3.105.4 --username test --password 123 --encrypt --start

   56  cd /etc/ppp/peers/

   63  cat myvpn

   64  ip a

   65  cd ..

   66  ls

   67  cat chap-secrets

   68  which traceroute

   69  apt list traceroute

   70  apt install traceroute

   71  which traceroute

   72  traceroute

   73  route -n

   74  ip route

   75  poff myvpn

   76  ip a

   77  history

root@slave1:~#

 

root@slave1:~# pon myvpn

root@slave1:~# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 08:00:27:84:53:65 brd ff:ff:ff:ff:ff:ff

    inet 10.3.105.140/24 brd 10.3.105.255 scope global eth0

       valid_lft forever preferred_lft forever

    inet6 fe80::a00:27ff:fe84:5365/64 scope link

       valid_lft forever preferred_lft forever

4: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN group default qlen 3

    link/ppp

    inet 192.168.0.235 peer 192.168.0.1/32 scope global ppp0

       valid_lft forever preferred_lft forever

root@slave1:~#

root@slave1:~# traceroute

traceroute to (202.89.233.101), 30 hops max, 60 byte packets

 1  bogon (10.3.105.254)  6.987 ms  7.080 ms  7.086 ms

 2  bogon (10.2.0.1)  3.894 ms  3.987 ms  3.989 ms

 3  hn.kd.ny.adsl (218.29.137.73)  3.989 ms  3.987 ms  3.853 ms

 4  pc85.zz.ha.cn (61.168.8.85)  7.426 ms  7.405 ms  7.379 ms

 5  pc69.zz.ha.cn (61.168.195.69)  9.448 ms pc133.zz.ha.cn (61.168.253.133)  24.774 ms pc77.zz.ha.cn (61.168.195.77)  10.334 ms

 6  219.158.98.177 (219.158.98.177)  26.707 ms  24.809 ms 219.158.14.205 (219.158.14.205)  11.493 ms

 7  124.65.194.82 (124.65.194.82)  24.912 ms 219.158.21.57 (219.158.21.57)  26.924 ms  26.901 ms

 8  124.65.56.182 (124.65.56.182)  21.248 ms 124.65.194.82 (124.65.194.82)  23.781 ms 124.65.56.182 (124.65.56.182)  16.410 ms^C

root@slave1:~#

 

root@slave1:~# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         10.3.105.254    0.0.0.0         UG    0      0        0 eth0

10.3.105.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

10.3.105.4      0.0.0.0         255.255.255.255 UH    0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0

192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

root@slave1:~#

 

我們發現預設路由是指向eth0。

下面修改路由配置：

#修改路由命令

root@slave1:~# ip route del default

root@slave1:~# ip route add default dev ppp0

root@slave1:~#

root@slave1:~# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 ppp0

10.3.105.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

10.3.105.4      0.0.0.0         255.255.255.255 UH    0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0

192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

root@slave1:~#

 

 

root@slave1:~# ip route

default dev ppp0  scope link

10.3.105.0/24 dev eth0  proto kernel  scope link  src 10.3.105.140

10.3.105.4 dev eth0  scope link  src 10.3.105.140

169.254.0.0/16 dev eth0  scope link  metric 1000

192.168.0.1 dev ppp0  proto kernel  scope link  src 192.168.0.235

root@slave1:~#

 

 

root@slave1:~# traceroute

traceroute to (202.89.233.101), 30 hops max, 60 byte packets

 1  bogon (192.168.0.1)  4.824 ms  4.966 ms  4.399 ms

 2  * * *

 3  bogon (10.2.0.1)  6.225 ms  5.586 ms  5.665 ms

 4  hn.kd.ny.adsl (218.29.137.73)  8.696 ms  12.815 ms  12.217 ms

 5  pc85.zz.ha.cn (61.168.8.85)  12.999 ms  12.401 ms  11.912 ms

 6  pc133.zz.ha.cn (61.168.253.133)  30.627 ms pc73.zz.ha.cn (61.168.195.73)  17.468 ms pc129.zz.ha.cn (61.168.253.129)  18.783 ms

 7  219.158.21.121 (219.158.21.121)  18.999 ms 219.158.14.225 (219.158.14.225)  8.762 ms 219.158.14.205 (219.158.14.205)  12.403 ms

 8  219.158.21.57 (219.158.21.57)  23.827 ms 124.65.194.82 (124.65.194.82)  24.041 ms 219.158.21.57 (219.158.21.57)  27.289 ms

 9  124.65.194.82 (124.65.194.82)  27.393 ms  27.290 ms 124.65.56.182 (124.65.56.182)  15.798 ms

10  * * 61.148.6.18 (61.148.6.18)  23.067 ms

11  61.148.60.134 (61.148.60.134)  19.297 ms  56.031 ms  18.564 ms

12  103.255.142.7 (103.255.142.7)  23.481 ms  25.628 ms 104.44.212.21 (104.44.212.21)  18.434 ms

13  * * 104.44.212.20 (104.44.212.20)  26.012 ms

14  * * *

15  * * *

16  * * *^C

root@slave1:~#

 

檢視第一跳，localhost (192.168.0.1)，已經透過VPN實現路由。

停止VPN

poff myvpn

重置路由

ip route add default via 10.3.105.254

 

操作記錄如下：

root@slave1:~# poff myvpn

root@slave1:~# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000

    link/ether 08:00:27:84:53:65 brd ff:ff:ff:ff:ff:ff

    inet 10.3.105.140/24 brd 10.3.105.255 scope global eth0

       valid_lft forever preferred_lft forever

    inet6 fe80::a00:27ff:fe84:5365/64 scope link

       valid_lft forever preferred_lft forever

root@slave1:~# ip route

10.3.105.0/24 dev eth0  proto kernel  scope link  src 10.3.105.140

10.3.105.4 dev eth0  scope link  src 10.3.105.140

169.254.0.0/16 dev eth0  scope link  metric 1000

root@slave1:~#

root@slave1:~# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

10.3.105.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

10.3.105.4      0.0.0.0         255.255.255.255 UH    0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0

root@slave1:~#

root@slave1:~#

root@slave1:~# traceroute

: Name or service not known

Cannot handle "host" cmdline arg `' on position 1 (argc 1)

root@slave1:~# ip route add default via 10.3.105.254

root@slave1:~# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         10.3.105.254    0.0.0.0         UG    0      0        0 eth0

10.3.105.0      0.0.0.0         255.255.255.0   U     0      0        0 eth0

10.3.105.4      0.0.0.0         255.255.255.255 UH    0      0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 eth0

root@slave1:~# traceroute

traceroute to (202.89.233.101), 30 hops max, 60 byte packets

 1  bogon (10.3.105.254)  1.442 ms  1.925 ms  2.116 ms

 2  bogon (10.2.0.1)  3.311 ms  4.933 ms  3.587 ms

 3  hn.kd.ny.adsl (218.29.137.73)  8.442 ms  8.362 ms  8.263 ms

 4  pc85.zz.ha.cn (61.168.8.85)  5.363 ms  5.172 ms  4.808 ms

 5  pc73.zz.ha.cn (61.168.195.73)  12.884 ms^C

root@slave1:~#

root@slave1:~# ping

PING cn.a-0001.a-msedge.net (202.89.233.101) 56(84) bytes of data.

64 bytes from 202.89.233.101: icmp_seq=1 ttl=114 time=24.8 ms

^C

--- cn.a-0001.a-msedge.net ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 24.844/24.844/24.844/0.000 ms

root@slave1:~#

root@slave1:~#

 

第三部分 windows7客戶端驗證

這樣的結果是所有流量，都走VPN了。

如果要區分內外網，需要參考《chnroutes使用方法.pdf》

 

Windows

1. 下載 chnroutes.py

2. 從終端進入下載目錄, 執行python chnroutes.py -p win, 執行之後會生成vpnup.bat和vpndown.bat兩個檔案.

由於windows上的pptp不支援撥號指令碼, 所以也只能在進行撥號之前手動執行vpnup.bat檔案以設定路由表. 而在斷開

vpn之後, 如果你覺得有必要, 可以執行vpndown.bat把這些路由資訊給清理掉.

如果機器上沒有安裝python, 可以直接從下載頁面上下載已經預生成的bat檔案.