Introduction to the configuration method of VPN server under Linux operating system

Virtual Private Network (VPN)

The virtual private network is connected to the local network in different geographical locations by means of the public network internet. The access between the networks is like local access. Since the VPN encrypts the data during the process of transmitting data, although the data is transmitted on the public network, the security is still high. In recent years, hardware devices with VPN functions are still very popular, and some firewall vendors still use its VPN function as a selling point. Here we are not concerned about hardware VPN, only talk about VPN under Linux.

1. Install VPN package

Requires dkms-2.0.10-2.fc5.noarch.rpm, kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm, Ppp-2.4.3-9.2.i586.rpm and pptpd-1.3.1-0.i386.rpm these rpm packages. Then execute the command # rpm –ivh dkms-2.0.10-2.fc5.noarch.rpm respectively; rpm –ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm ; rpm –ivh ppp-2.4.3-9.2.i586. Rpm ; rpm –ivh pptpd-1.3.1-0.i386.rpm Complete the installation.

2, configure VPN service

There are two files to be modified: the main configuration file /etc/pptpd.conf and the VPN user account file /etc/ppp/chap -sescrets. The main configuration file needs to set the local address of the VPN server and the address segment assigned to the client, so you only need to manually append the localip and remoteip lines in the main configuration file to complete the configuration task. The account file saves the authentication information required for the VPN client to dial in. The format is:

User name service password is assigned to the user's password

where username, password, IP address assigned to the user To be enclosed in double quotes, the "service" is generally pptpd. As a reference, an example of pptpd.conf and chap-secrets is given below:

# more /etc/pptpd.conf

localip 192.168.1.254(server ip)

remoteip 192.168.1.230-240 (address pool assigned to the client)

# more /etc/ppp/chap-screts

"guoxing" (username) pptpd " Guoxing" (password) "*" (take ip from address pool)

"public" pptpd "wgzx" "192.168.1.202" (you can specify the ip assigned to the client)

3, client configuration

Use windows network connection wizard, just select "connect to private network (V) via ineternet", you can configure it step by step. Note: The IP address of the VPN server should be filled in with the global unique unicast address, which is the address of the eth0 of the gateway server.

4. Enable VPN service

Before enabling VPN, confirm that the kernel's IP forwarding function is enabled, then execute the command # service pptpd start to enable VPN to wait for remote user access. .

ps: At the beginning, I downloaded the four software packages needed to download vpn from the Internet. I downloaded it in the open source community, but I couldn’t get it, it felt strange, and I got it from another channel. These four software packages are found to be much larger than the files provided by the open source community, and finally installed, so don't be superstitious. In addition, the address of the VPN server set in it is a local address, which is equivalent to the address of eth0, and is connected to the internal network. When connecting as a client, you need to enter the address of the vpn server eth1 (must be globally unique). The server linux server also implements packet forwarding.