How To Setup Your Own VPN With PPTP on DigitalOcean[转]

转载自:https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp

Intro

One of the commonly asked questions from our users is how to add another IP address to their server. You can assign your own private IP address to your droplet by creating a VPN tunnel. Whether you want to build your own Virtual Private Network (VPN), or assign an SSL certificate to that IP address, you have several options. From all of the possible options, the most optimal ones are between PPTP and OpenVPN. A Point-To-Point Tunneling Protocol (PPTP) allows you to implement your own VPN very quickly, and is compatible with most mobile devices. Even though PPTP is less secure than OpenVPN, it is also faster and uses less CPU resources.

Step 1 - PPTP Installation

You will have to select one server to be responsible for handling out IPs to others and authenticating all of your servers into your VPN. This will become your PPTP Server.

On CentOS 6 x64:

rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install pptpd

On Ubuntu 12.10 x64:

apt-get install pptpd

Now you should edit /etc/pptpd.conf and add the following lines:

localip 10.0.0.1
remoteip 10.0.0.100-200

Where localip is IP address of your server and remoteip are IPs that will be assigned to clients that connect to it.

Next, you should setup authentication for PPTP by adding users and passwords. Simply add them to /etc/ppp/chap-secrets :

Where client is the username, server is type of service – pptpd for our example, secret is the password, and IP addresses specifies which IP address may authenticate. By setting ‘*’ in IP addresses field, you specify that you would accept username/password pair for any IP.

Step 2 - Add DNS servers to /etc/ppp/pptpd-options

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now you can start PPTP daemon:

service pptpd restart

Verify that it is running and accepting connections:

Step 3 - Setup Forwarding

It is important to enable IP forwarding on your PPTP server. This will allow you to forward packets between public IP and private IPs that you setup with PPTP. Simply edit /etc/sysctl.conf and add the following line if it doesn’t exist there already:

net.ipv4.ip_forward = 1

To make changes active, run sysctl -p

Step 4 - Create a NAT rule for iptables

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

If you would also like your PPTP clients to talk to each other, add the following iptables rules:

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT

Now your PPTP server also acts as a router.

If you would like to restrict which servers can connect to your droplets, you can setup an iptables rule that restricts TCP connects to port 1723.

Step 5 - Setup Clients

On your client servers, install PPTP client:

yum -y install pptp

Step 6 - Add necessary Kernel module

modprobe ppp_mppe

Create a new file /etc/ppp/peers/pptpserver and add the following lines, replacing name and password with your own values:

pty "pptp 198.211.104.17 --nolaunchpppd"
name box1
password 24oiunOi24
remotename PPTP
require-mppe-128

Where 198.211.104.17 is the public IP address of our PPTP server, with username ‘box1’ and password ‘24oiunOi24’ that we specified /etc/ppp/chap-secrets file on our PPTP server.

Now we can ‘call’ this PPTP server, since this is a point-to-point protocol. Whichever name you gave your peers file in/etc/ppp/peers/ should be used in this next line. Since we called our file pptpserver:

pppd call pptpserver

You should see successful connection from PPTP server logs:

On your PPTP client, setup routing to your private network via ppp0 interface:

ip route add 10.0.0.0/8 dev ppp0

Your interface ppp0 should come up on PPTP client server, and can be checked by running ifconfig

Now you can ping your PPTP server and any other clients that are connected to this network:

We can add our second PPTP client to this network:

yum -y install pptp
modprobe ppp_mppe

Add to /etc/ppp/peers/pptpserver (replacing with your own name and password values):

pty "pptp 198.211.104.17 --nolaunchpppd"
name box2
password 239Aok24ma
remotename PPTP
require-mppe-128

Now run on your second client the following:

pppd call pptpserver
ip route add 10.0.0.0/8 dev ppp0

You can also ping the first client, as packets would go through the PPTP server and be routed using the iptables rules we’ve placed earlier:

This setup allows you to create your own virtual private network:

If you wanted to have all of your devices communicating securely on one network, this is a quick way of implementing it.

You can use it with Nginx, Squid, MySQL, and any other application you can think of.

Since traffic is 128-bit encrypted, it is less CPU-intensive than OpenVPN, and still provides an added level of security to your traffic.

时间: 2024-11-08 19:05:05

How To Setup Your Own VPN With PPTP on DigitalOcean[转]的相关文章

Centos 7搭建VPN(PPTP)服务器方法

在中国大陆封闭的互联网环境下,VPN这东西是必不可少的 免费VPN很多,可是,既不稳定又不安全,速度还慢,如果你有一台海外的VPS或服务器 自己搭建一个VPN是最好的选择 下面介绍Centos 7搭建VPN(PPTP)服务器方法 注意:本教程只适用于Centos 7 检查是否支持 若你使用XEN架构的VPS,下面的步骤不用执行 检测PPP是否开启: 1 cat /dev/ppp 开启成功的标志:cat: /dev/ppp: No such file or directory 或者 cat: /d

windows 2008 VPN(PPTP/L2TP)搭建

PPTP和L2TP只差一步配置,现在苹果已经不支持PPTP,所以只能使用L2TP连接.废话不多说,下面开始搭建: 1.PPTP VPN 配置 新安装好的OS,进入系统,首先添加角色 勾选添加网络策略和访问服务 如图勾选需要的角色服务 安装完成后,依次点击开始-管理工具-路由与远程访问工具 如图在服务器上右键,选择"配置并启动路由和远程访问服务" 因为是单网卡机器,所以选择自定义配置 选择VPN访问和NAT. 向导安装完成之后,配置添加VPN连接客户机所用的地址池. 此处也可以配置dhc

ubuntu10.4 server 配置VPN 安装pptp无法连接外网解决(转)

链接:http://www.ppkj.net/2011/04/30/ubuntu10-4-server-%E5%AE%89%E8%A3%85pptp%E6%97%A0%E6%B3%95%E8%BF%9E%E6%8E%A5%E5%A4%96%E7%BD%91%E8%A7%A3%E5%86%B3.html PPTP是一个比较简单的VPN构建方式,但是很难找到比较全的说明文档.因此,记录一篇说明文档,详细记录架设VPN服务器以及总结一些其他比较容易遇到的问题. 安装PPTP基本上安装pptp是比较简单

简单的Linux VPN软件PPTP的安装

安装ppp和iptables yum install -y ppp iptables 安装pptp yum install pptpd -y 备份默认配置文件 cp /etc/ppp/options.pptp /etc/ppp/options.pptpdbak 修改pptp的选项配置文件 vi /etc/ppp/options.pptp 其中应包括如下信息 name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 requ

VPN协议PPTP、L2TP、OpenVPN

一.PPTP.L2TP.OpenVPN三种隧道协议的概念 1.PPTP(Point to Point Tunneling Protocol,点对点隧道协议)默认端口号:1723 PPTP,即PPTF协议.该协议是在PPP协议的基础上开发的一种新的增强型安全协议,支持多协议虚拟专用网(VPN),可以通过密码身份验证协 议(PAP).可扩展身份验证协议(EAP)等方法增强安全性.可以使远程用户通过拨入ISP.通过直接连接Internet或其他网络安全地访问企业 网. 点对点隧道协议(PPTP)是一种

tp-link ER6520G的IPSec VPN和PPTP VPN的搭建

需求背景:上海分公司通过IPSec VPN与苏州总部的内网互联,移动办公人言通过PPTP VPN与苏州总部互联,苏州总部和上海分公司都只有1个公网IP地址. IPSec VPN的设置如下 TP-LINK 6520G的设置,首先搭建IKE安全提议 然后搭建IKE安全策略,由于涉及到IPSec VPN的穿透,所以必须使用野蛮模式,本地ID类型和对端ID类型必须使用NAME,另外需要设定预共享秘钥 搭建IPSec安全提议,安全协议必须使用ESP 本地子网范围指的是6520G这台路由器所在局域网的子网范

Ubuntu自动搭建VPN Server - PPTP的Shell脚本

#!/bin/bash if [ "$UID" != "0" ]; then echo "please use sudo to run $0" exit 1 fi if [ "$#" != "5" ]; then echo "Usage: (5 parameters)" echo " $0 localip remoteip username password networkSe

vpn之pptp服务器实现远程访问

之前介绍过通过openvpn实现远程接入到公司内网,但是openvpn服务器配置比较麻烦而且还需要安装客户端软件,而pptp配置简单,并且客户端直接新建vpn连接即可,用起来较之方便很多. 下面就来介绍下吧: 公司公网ip:222.12.45.11 (假设) pptp服务器:192.168.3.16 pptp部署前所需要了解: 1.dkms:可以维护内核外的驱动程序,动态加载和卸载所需模块 2.kernel_ppp_mppe:pptp与mppe技术提供了用以对保密数据进行封装与加密的vpn服务器

Mac OS 中设置VPN(pptp连接方式)

第一步:点击系统设置(如图) 第二步:点击网络,进入网络设置(如图) 第三步:点击+号-创建新服务,创建新的VPN网络连接(如图) 第四步:接口-中选-VPN, VPN类型-中选-PPTP,服务名称-中选-VPN,然后点击-创建(如图) 第五步服务器地址填入:服务器ip地址(服务器ip地址请登陆会员中心查看) 账户名称填入:你在官网注册充值的用户名,然后点击-鉴定设置(如图) 第六步:密码-你在官网注册充值的用户名登录密码,然后点击-确定(如图) 第七步:点击上图-高级按钮,对VPN的使用方式进