操作系统版本:centos6.8
1.安装软件
[root@webserver ~]# yum install ppp pptp pptp-setup
2.注册ppp_mppe kernel module
[root@webserver ~]# modprobe ppp_mppe
3.创建VPN连接
自定义连接名:vpn
PPTP Server:pptp.xmu.edu.cn
用户名:mylink
密码:123456
[root@webserver ~]# pptpsetup --create vpn --server pptp.xmu.edu.cn --username mylink --password 123456
4.配置VPN开启关闭脚本
cp /usr/share/doc/ppp-2.4.5/scripts/pon /usr/sbin/
cp /usr/share/doc/ppp-2.4.5/scripts/poff /usr/sbin/
chmod +x /usr/sbin/pon
chmod +x /usr/sbin/poff
5.开启VPN连接
[root@webserver ~]# pon vpn
6.验证连接是否成功
[root@webserver ~]# ip a | grep ppp
如果上面命令没有任何返回,则说明连接失败了,可以查看/var/log/message文件查询错误原因
[root@webserver ~]# tailf /var/log/messages
(1)服务端不支持MPPE
若报错信息为:
[root@webserver ~]# MPPE required but peer negotiation failed
说明服务端不支持MPPE加密,pptpsetup时不需要使用—encrypt选项。可以修改/etc/ppp/peers/vpn文件,注释掉
[root@webserver ~]# #require-mppe-128
(2)客户端不支持MPPE
若报错信息为:
[root@webserver ~]# LCP terminated by peer (MPPE required but peer refused)
说明服务端要求MPPE加密,但是客户端不支持,pptpsetup时漏掉了–encrypt选项。修改/etc/ppp/peers/vpn文件添加一行
[root@webserver ~]# require-mppe-128
然后重启VPN连接
[root@webserver ~]# poff vpn
[root@webserver ~]# pon vpn
(3) 服务端支持不加密的PPP验证(使用CHAP验证不成功)
报错信息如下:MPPE required, but MS-CHAP[v2] auth not performed.
此时可以将 /etc/ppp/chap-secrets内容拷贝到/etc/ppp/pap-secrets中,然后删除/etc/ppp/chap-secrets的配置内容。
去掉/etc/ppp/peers/vpn中的require-mppe-128 (不进行加密)
然后重启VPN连接
[root@webserver ~]# poff vpn
[root@webserver ~]# pon vpn
此时观察日志:
Nov 18 09:45:56 Jhxt001 pppd[5122]: Using interface ppp0
Nov 18 09:45:56 Jhxt001 pppd[5122]: Connect: ppp0 <--> /dev/pts/4
Nov 18 09:45:56 Jhxt001 pptp[5123]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Nov 18 09:45:56 Jhxt001 pptp[5133]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Nov 18 09:45:56 Jhxt001 pptp[5133]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Nov 18 09:45:56 Jhxt001 pptp[5133]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Nov 18 09:45:57 Jhxt001 pptp[5133]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Nov 18 09:45:57 Jhxt001 pptp[5133]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Nov 18 09:45:57 Jhxt001 pptp[5133]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 64256).
Nov 18 09:45:57 Jhxt001 pppd[5122]: PAP authentication succeeded
Nov 18 09:45:57 Jhxt001 pptp[5123]: anon log[decaps_gre:pptp_gre.c:414]: buffering packet 6 (expecting 5, lost or reordered)
Nov 18 09:45:57 Jhxt001 pppd[5122]: local IP address 172.18.16.70
Nov 18 09:45:57 Jhxt001 pppd[5122]: remote IP address 172.18.16.1
发现已经使用PPP成功连接
7.配置默认路由,让全部流量都通过VPN
连接成功后,查看路由
[root@webserver ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
123.456.78.90 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.0.0 0.0.0.0 255.255.0.0 U 1 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
会发现多了一个虚拟网口ppp0,然后再添加一个默认路由
[root@webserver ~]# route add -net 0.0.0.0 dev ppp0
重启VPN
8.测试
可以ping通百度,成功!
[root@webserver ~]# ping www.baidu.com -c 3
PING www.baidu.com (216.58.221.132) 56(84) bytes of data.
64 bytes from hkg07s02-in-f4.1e100.net (216.58.221.132): icmp_seq=1 ttl=54 time=155 ms
64 bytes from hkg07s02-in-f4.1e100.net (216.58.221.132): icmp_seq=2 ttl=54 time=164 ms
64 bytes from hkg07s02-in-f4.1e100.net (216.58.221.132): icmp_seq=3 ttl=54 time=174 ms
--- www.baidu.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2177ms
rtt min/avg/max/mdev = 155.234/164.742/174.020/7.671 ms
留言