在FreeBSD上用mpd5构建 PPTP VPN Server

原创
2013/06/21 14:39
阅读数 3.5K

    帮一个朋友公司维护服务器,很变态,他们的服务器放在某国企自建机房,设定了仅允许通过朋友公司路由器固定IP地址才能连接访问,远程管理维护极不方便。正好平时为了测试和内部版本管理方便,在他们公司内部搭建了一台服务器,就用这个来做个跳板吧。

服务器安装的是FreeBSD 9.1  64位版,安装过程就不赘述了,直接进主题:

1、更新ports

#portsnap fetch update

2、安装MPD5

#cd /usr/ports/net/mpd5

#make install clean

3、配置

#cp /usr/local/etc/mpd5/mpd.conf.sample mpd.conf

#ee /usr/local/etc/mpd5/mpd.conf

修改 startup: default: pptp_server: 这三块

部分粘贴如下,修改见备注

startup:
        # configure mpd users
        set user shuqi888 loveosc ### 设置 mpd 的访问帐号及密码,通过 telnet 或 web 访问时需要此帐号,此例中管理员名shuqi888,密码loveosc
        #set user foo1 bar1
        # configure the console
        set console self 127.0.0.1 5005
        set console open
        # configure the web server
        set web self 0.0.0.0 5006
        set web open
# Default configuration is "dialup"

default:
        #load dialup   注释掉dialup
        load pptp_server ### 更改默认调用 pptp_server 模块
pptp_server:
#
# Mpd as a PPTP server compatible with Microsoft Dial-Up Networking clients.
#
# Suppose you have a private Office LAN numbered 192.168.1.0/24 and the
# machine running mpd is at 192.168.1.1, and also has an externally visible
# IP address of 1.2.3.4.
#
# We want to allow a client to connect to 1.2.3.4 from out on the Internet
# via PPTP.  We will assign that client the address 192.168.1.50 and proxy-ARP
# for that address, so the virtual PPP link will be numbered 192.168.1.1 local
# and 192.168.1.50 remote.  From the client machine's perspective, it will
# appear as if it is actually on the 192.168.1.0/24 network, even though in
# reality it is somewhere far away out on the Internet.
#
# Our DNS server is at 192.168.1.3 and our NBNS (WINS server) is at 192.168.1.4.
# If you don't have an NBNS server, leave that line out.
#

# Define dynamic IP address pool.
        set ippool add pool1 192.168.1.50 192.168.1.99 ##这里可以设定拨入后的私有IP

# Create clonable bundle template named B
        create bundle template B
        set iface enable proxy-arp
        set iface idle 1800
        set iface enable tcpmssfix
        set ipcp yes vjcomp
# Specify IP address pool for dynamic assigment.
        set ipcp ranges 192.168.1.1/32 ippool pool1
        set ipcp dns 8.8.8.8  ### 设置 dns,我喜欢谷歌的
        #set ipcp nbns 192.168.1.4 ###如果你用不到 wins 的话,可以注释掉这块,
# The five lines below enable Microsoft Point-to-Point encryption
# (MPPE) using the ng_mppc(8) netgraph node type.
        set bundle enable compression
        set ccp yes mppc
        set mppc yes e40
        set mppc yes e128
        set mppc yes stateless
# Create clonable link template named L
        create link template L pptp
# Set bundle template to use
        set link action bundle B
# Multilink adds some overhead, but gives full 1500 MTU.
        set link enable multilink
        set link yes acfcomp protocomp
        set link no pap chap eap
        set link enable chap
        
# We can use use RADIUS authentication/accounting by including
# another config section with label 'radius'.
#       load radius
        set link keep-alive 10 60
# We reducing link mtu to avoid GRE packet fragmentation.
        set link mtu 1460
# Configure PPTP
        set pptp self 192.168.1.201 ###设置 pptp 的监听 ip 地址,也就是你的网卡的 真实IP 地址,这里一定要注意,如果是通过路由器端口映射出去的主机,这里不能填路由器地址,而应该是网卡上配置的真实IP地址。
# Allow to accept calls
        set link enable incoming

保存退出。

4、设定及启动

#ee /etc/rc.conf

加入

mpd_enable="YES"
启动mpd5

#/usr/local/etc/rc.d/mpd5 start

添加VPN帐号

#ee /usr/local/etc/mpd5/mpd.secret

输入用户名和密码,一行一个,如

vpnuser1    password001

启用包转发(不做这一步,虽然可以连上VPN,但只能访问内网,无法访问外网)

#sysctl net.inet.ip.forwarding=1

至此安装配置完成,可以在Windows中新建一个VPN连接了。

通过web访问可以看到当前拨入连接的状态


展开阅读全文
加载中
点击加入讨论🔥(1) 发布并加入讨论🔥
1 评论
5 收藏
0
分享
返回顶部
顶部