文档章节

[翻译中] 树莓派搭建VPN服务器

八宝粥
 八宝粥
发布于 2013/07/02 21:04
字数 1284
阅读 4344
收藏 6

树莓派在长期开启情况下依旧保持低功耗. 我们可以将其设置为一台VPN服务器, 通过它上网. 下面将会一步一步的介绍如何配置及连接. 

设置VPN服务器 (树莓派)

首先, 我们需要一个支持MPPE的内核. I have tested this guide with Occidentalis v0.1  by Adafruit and with  Raspbmc RC4 . 运行下列命令测试你安装的系统内核是否支持MPPE:

sudo modprobe ppp-compress-18

如果不出现任何错误, 代表这个内核没问题. 顺便说一下, 你可以通过SSH或者VNC来远程操作树莓派. 

接下来安装PPTP服务. 我用的是基于debian的发行版, 所以我执行以下命令来安装:

sudo apt-get install pptpd


下面要修改'etc/pptpd.conf'文件, 如果你用了X, 就可以用图形界面本文编辑器. 要不然就在命令行下用VI. 本文是针对初学者的教程, 我不会详述如何使用VI. 如果你在用LXDE, 打开一个 root 终端然后执行

leafpad /etc/pptpd.conf

If you prefer working in the terminal use the following. This is what I will use for the remainder of the tutorial, but you can use whatever text editor you like.

sudo vi /etc/pptpd.conf

At the end of the file, add (or uncomment if it already exists) the following lines

localip 192.168.0.1
remoteip 192.168.1.234-238,192.168.1.245

Be sure to replace this information with what you actually need. LocalIP is the internal IP of your raspberry pi, and the Remote IP range are the addresses that will be handed out to clients. 

Now, edit the ‘/etc/ppp/pptpd-options’ file.

sudo vi /etc/ppp/pptpd-options

Append the following directives to the end of the file:

ms-dns 192.168.1.1
nobsdcomp
noipx
mtu 1490
mru 1490

Where the IP used for the ms-dns directive is the DNS server for the local network to which your client will be connecting (quite possibly the IP address of your router). 

Next, edit the ‘/etc/ppp/chap-secrets’ files. This is where you will place your credentials for logging into the VPN server.

sudo vi /etc/ppp/chap-secrets

Add your authentication credentials in the following form:

username[TAB]*[TAB]password[TAB]*

You should probably use a very strong password for authentication.

Restart the PPTP daemon by executing the following command:

sudo service pptpd restart


Now, enable forwarding if you wish to have access to your entire home network while away. Edit the ‘sysctl’ file.

sudo vi /etc/sysctl.conf

Find “net.ipv4.ip_forward=1" and uncomment it (or change =0 to =1) to enable forwarding. Now, execute the following command to apply changes:

sudo sysctl -p


We’re all set on the server side. Everything should persist upon restart, so no worries there. Now, let’s configure our router.

设置路由器

We must forward TCP port 1723 on the router to the IP Address of the Raspberry Pi. You can visit  Port Forward  for step-by-step instructions for setting this up with your particular router. While you’re at it, you may want to set up a static IP address for your Raspberry Pi’s MAC address in your router’s DHCP configuration settings. This way, your local IP address (the one to which you’re forwarding the port) doesn’t change. 

动态DNS (树莓派)

You may be wondering how you’re going to connect to this thing? Your public IP address is probably not static. We’ll set up dynamic DNS on our Pi, so we can refer to our VPN server by hostname. First, go to  dnsdynamic.org  and register. Validate your email address, and add a domain. Go ahead and save the new domain with the IP address that appears by default. This tutorial will use ‘[domain].dnsdynamic.com’ so when you see this notation, just replace it with the domain you’ve selected. 

Now, we’re back on our raspberry pi. Open a root terminal and type

sudo apt-get install ddclient

An installation dialogue should appear.

  • When asked to select a Dynamic DNS service provider, choose “Other."

  • It should ask for the name of the service provider. Enter “www.dnsdynamic.org"

  • On the next screen, select the “dyndns2" protocol.

  • Now, enter the username (email address) and password you used when you registered at dnsdynamic.org

  • It, now, asks which network interface to use. If you are using the ethernet port on your Pi, enter “eth0". If you have setup a usb wifi interface adapter, you may enter “wlan0"

  • Next, enter the domain you registered: "[domain].dnsdynamic.com"


Now, wait for the installation to complete. If you’re behind a router, ddclient will incorrectly associate your internal IP address with your dynamic DNS domain. You can verify this by going to  dnsdynamic.org , log in, click manage, and edit your existing domain. Let’s fix that.
Edit ‘ddclient.conf’

sudo vi /etc/ddclient.conf

  • Find the line “use=if, if=eth0" and comment it (add a # in front).

  • Add the line “use=web, web=checkip.dyndns.org"

  • Save and quit


Restart ddclient

sudo service ddclient restart

Now, when you go to  dnsdynamic.org  and go to manage and edit your existing domain, you should see your public IP address, now.

We’re all finished on the server side. Now, let’s configure our clients. 

Windows 7连接设置

  • In the Network and Sharing Center, set up a new connection.

  • Connect to workplace

  • Use my Internet Connection (VPN)

  • Internet Address: "[domain].dnsdynamic.com"

  • Destionation Name: “Raspberry Pi" (or whatever you want to call your VPN server)

  • Enter Username and Password (from chap-secrets file on raspberry pi!)

  • If the connection fails, set up this connection anyway and proceed to next step

  • Back in Network and Sharing Center, click Change Adapter Settings

  • Find connection we just created, right click, Properties

  • Security tab: Set type to “PPTP"

  • Advanced tab: Click IP4V, Click Properties

  • In the new window, click Advanced

  • Here you have two options:

    • If you wish to access resources or services on your home network, but wish to connect to the internet on your existing connection, then uncheck “Use default gateway on remote network." This will establish a split-tunnel connection.

    • If you wish to pass all traffic through the VPN, leave the box checked. Your browsing may be slower, but your traffic will appear from your home IP address.

  • Ok. You should now be able to connect


Android连接设置

Your instructions may differ slightly depending on android version.

  • Go to Settings

  • Under Wireless & Networks, select More…

  • Select VPN

  • Name: “Raspberry Pi" (or whatever you want to call your VPN server)

  • Type: PPTP

  • Server Address: "[domain].dnsdynamic.com"

  • Select Connection you just created

  • Enter Username and Password (from chap-secrets file on server!)

  • You should now be connected to your VPN server.

最后

搞定收工! 我们已经在树莓派上搭好了一个VPN服务器. 不过要注意PPTP的安全性不如openVPN, 但是在树莓派上配置使用却要简单许多 :)

© 著作权归作者所有

八宝粥
粉丝 50
博文 24
码字总数 35970
作品 0
程序员
私信 提问
加载中

评论(1)

滴滴丶哔哔
滴滴丶哔哔
博主成功过没有?用的是哪个版本的PI
吃『派』那些事儿——阿里云 IoT 树莓派实战集锦

树莓派是什么? 各位物联网的极客们对树莓派(Raspberry Pi)肯定不会陌生,它是一台只有信用卡大小的基于ARM的微型电脑,官方系统基于 Debian 。由于其出色的传感器兼容性以及相对低廉的价格...

cxlwill
02/14
0
0
将树莓派 3B+ 变为 PriTunl VPN

PriTunl 是一种 VPN 解决方案,适用于希望私密的访问其网络的小型企业和个人。 PriTunl 是一款出色的 VPN 终端解决方案,非常适合希望以简单快捷的方式私密的访问网络的小型企业和个人。它是...

作者: Stephen Bancroft
01/30
0
0
树莓派在办公室的 11 种用法

我知道你在想什么:树莓派只能用在修修补补、原型设计和个人爱好中。它实际不能用在业务中。 毫无疑问,这台电脑的处理能力相对较低、易损坏的 SD 卡、缺乏电池备份以及支持的 DIY 性质,这意...

作者: James Mawson
2018/12/23
0
0
树莓派自建 NAS 云盘之——云盘构建

用自行托管的树莓派 NAS 云盘来保护数据的安全! 在前面两篇文章中,我们讨论了用树莓派搭建一个 NAS 云盘所需要的一些 软硬件环境及其操作步骤。我们还制定了适当的 备份策略 来保护 NAS 上...

作者: Manuel Dewald
2018/10/17
0
0
用树莓派构建你自己的微型服务器,可以外网访

第一,你得有一个路由器,否则下面的内容都无法实现了。 第二,你得申请一个免费的动态域名解析,由于我用的是TP-LINK的路由器,只支持花生壳,所以我申请了花生壳的动态域名解析。 申请花生...

maweitao
2014/07/25
23.4K
4

没有更多内容

加载失败,请刷新页面

加载更多

领域驱动中的“贫血症和失忆症”

贫血症严重危害着人类健康,并且伴随有危险的副作用。当贫血领域对象被首次提出来时,它并不是一个博得赞美的词汇,它描述的是一个缺少内在行为领域对象。奇怪的是,人们对于贫血领域对象的态...

还仙
9分钟前
2
0
条码打印软件中标签预览正常打印无反应怎么解决

在使用条码打印软件制作标签时,有客户反馈,标签打印预览正常的,但是打印无反应,咨询是怎么回事?今天针对这个情况,可以参考以下方法进行解决。 一、预览正常情况下,打印没反应 (1)在条码...

中琅软件
19分钟前
2
0
判断字符串的时候

判断字符串的时候一定把常量房前边, //报警程度 String leve = vo.getDeviceAlertDeal().getWarnLevel(); if(("0").equals(leve)) { row.add("无报警"); }else if(("1").equals(leve)) { ro......

简小姐
20分钟前
3
0
Linux maven3.6.2 install

PS:安装 maven 之前请先安装 jdk 1.安装 wget 命令(安装过就不用了) yum -y install wget 2.寻找需要的 maven 版本 https://maven.apache.org/download.cgi 3.进入 /var/local 文件夹 cd...

东方神祇
22分钟前
2
0
Tomcat源码分析二:先看看Tomcat的整体架构

Tomcat源码分析二:先看看Tomcat的整体架构 Tomcat架构图 我们先来看一张比较经典的Tomcat架构图: 从这张图中,我们可以看出Tomcat中含有Server、Service、Connector、Container等组件,接下...

flygrk
25分钟前
3
0

没有更多内容

加载失败,请刷新页面

加载更多

返回顶部
顶部