- sudo apt-get install pptpd
- In /etc/pptpd.conf, uncomment the two lines starting with "localip" and "remoteip" respectively, e.g.
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
When a VPN connection is established, the system will create a virtual network interface. Its IP address will be one of those specified by "remoteip", and its gateway will be "localip". - Add accounts in /etc/ppp/chap-secrets, e.g.
# client server secret IP addresses
jingyue pptpd password * - Run "/etc/init.d/pptpd restart" to restart the VPN server and apply the changes.
- Now we should be able to connect to the VPN server via a VPN client using the above account. After the connection is established, we should be able to ping the server using "ping 192.168.0.1". However, we need more steps to share the server's internet connection.
- Enable IP forwarding: Uncomment the line "net.ipv4.ip_forwarding=1" in /etc/sysctl.conf.
- Configure IP tables: e.g.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1460
The first line setups the NAT using IP masquerading, so that a client connecting to our server is able to go beyond the intra network. The second line sets the maximum segment size (MSS) of TCP SYN packets that the firewall sees. If the client is behind a firewall that blocks ICMP fragmentation packets, without doing this may cause some weird problems such as being able to view small webpages but not large ones. See this for more details. - Restart the server.
Run the VPN client (Mac OS 10.6):
- System Preferences => Network.
- Create a new connection. Choose VPN as the interface, and PPTP as the VPN type.
- Enter the server's IP address and the account.
- Click "Authentication Settings" to enter the password.
- Click "Advanced" and select "Send all traffic over VPN connection".
- Once connected, we should be able to connect to the internet using the VPN connection.
No comments:
Post a Comment