重庆思庄Oracle、Redhat认证学习论坛

标题: Linux搭建VPN服务器 [打印本页]

作者: 5dm    时间: 2013-3-11 22:51
标题: Linux搭建VPN服务器

1.准备安装包

[root@localhost Desktop]# ls
dkms-2.0.17.5-1.noarch.rpm ppp-2.4.5-15.0.rhel5.i386.rpm
kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm pptpd-1.3.4-1.rhel5.1.i386.rpm
这是本次试验所用到的pptp相关的软件包
接下来安装

[root@localhost Desktop]# rpm -ivh dkms-2.0.17.5-1.noarch.rpm

warning: dkms-2.0.17.5-1.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 862acc42

Preparing...########################################### [100%]

1:dkms########################################### [100%]

安装dkms成功

[root@localhost Desktop]# rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

warning: kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 862acc42

error: Failed dependencies:

gcc is needed by kernel_ppp_mppe-1.0.2-3dkms.noarch

安装kernel_ppp_mppe提示有依赖gcc软件包,所以要先解决依赖问题

[root@localhost CentOS]# rpm -ivh gcc-4.1.2-48.el5.i386.rpm glibc-devel-2.5-49.i386.rpm libgomp-4.4.0-6.el5.i386.rpm glibc-headers-2.5-49.i386.rpm kernel-headers-2.6.18-194.el5.i386.rpm

warning: gcc-4.1.2-48.el5.i386.rpm: Header V3 DSA signature: NOKEY, key ID e8562897

Preparing... ########################################### [100%]

1:libgomp########################################### [ 20%]

2:kernel-headers########################################### [ 40%]

3:glibc-headers########################################### [ 60%]

4:glibc-devel########################################### [ 80%]

5:gcc########################################### [100%]

[root@localhost CentOS]#
安装gcc需要5个软件包,安装完毕,接下来再次安装kernel_ppp_mppe

[root@localhost Desktop]# rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

warning: kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm: Header V3 DSA signature: NOKEY, key ID 862acc42

Preparing...########################################### [100%]

1:kernel_ppp_mppe########################################### [100%]

Creating symlink /var/lib/dkms/kernel_ppp_mppe/1.0.2/source ->

/usr/src/kernel_ppp_mppe-1.0.2

DKMS: add Completed.

Module build for the currently running kernel was skipped

since the kernel source for this kernel does not seem to be

installed.
[root@localhost Desktop]#
安装完毕
接下来安装ppp和pptpd服务包

[root@localhost Desktop]# rpm -ivh ppp-2.4.5-15.0.rhel5.i386.rpm

warning: ppp-2.4.5-15.0.rhel5.i386.rpm: Header V3 DSA signature: NOKEY, key ID b56a8bac

Preparing...########################################### [100%]

file /usr/sbin/chat from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

file /usr/sbin/pppd from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

file /usr/sbin/pppdump from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

file /usr/sbin/pppoe-discovery from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

file /usr/sbin/pppstats from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

file /usr/share/man/man8/chat.8.gz from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

file /usr/share/man/man8/pppd.8.gz from install of ppp-2.4.5-15.0.rhel5.i386 conflicts with file from package ppp-2.4.4-2.el5.i386

[root@localhost Desktop]# rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

warning: pptpd-1.3.4-1.rhel5.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 862acc42

Preparing...########################################### [100%]

1:pptpd########################################### [100%]

[root@localhost Desktop]#
安装成功。到此,所需要的软件包已经安装完毕

2.下面开始修改配置文件

[root@localhost Desktop]# vi /etc/pptpd.conf
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
修改为
localip 172.16.4.6
remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
Localip 后面要改为你服务的ip
Remoteip后面改为你分配给vpn用户的ip段
使用命令开启服务
[root@localhost Desktop]# service pptpd start
Starting pptpd: [确定]
[root@localhost Desktop]#
关闭命令:service pptpd stop
这时你编辑vpn用户的密码资料等都是实时生效的。
给服务器添加用户
[root@localhost Desktop]# vim /etc/ppp/chap-secrets
在最下面插入新行
写法:
用户名服务名密码ip
例如:
wuli pptpd testpasswd 192.168.0.234
此时用户就可以登录vpn服务器了,分配的ip地址只有192.168.0.234这一个,也就是说只能一个人同时使用。
如果想多人同时使用,,可以将192.168.0.234改为*
这样就不限制这个帐户的使用人数了(同时登录的人数还取决于pptpd服务器的设置,默认40个)
现在vpn可以连接了
连接之后如果需要用户上网,还需要设置NAT,ip转发
在linux服务器上使用iptables,如下:
iptables -t nat -F

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to 172.16.4.6

上面的192.168.0.0替换成你要分配给用户的vpn内网ip段,
172.16.4.6替换为你的vpn服务器ip(与pptpd.conf的localip一样)
3.测试
找一台xp来作为客户端,添加一个连接

作者: he88777    时间: 2013-3-19 10:32
好帖子。顶~~~~~~
作者: he88777    时间: 2013-3-19 11:03
不过5.5以后,可以不用安装dkms和ppp了,建议要先查询PPP软件包支不支持.




欢迎光临 重庆思庄Oracle、Redhat认证学习论坛 (http://bbs.cqsztech.com/) Powered by Discuz! X3.2