云服务器 ECS Linux Ubuntu 服务器 VPN 配置示例

  • A+
所属分类:Linux
高性能企业级服务器首台5折

本文概要说明 Ubuntu 系统下的 VPN 配置示例。

说明:本文相关配置和说明仅用于示例和操作指引,阿里云不对相关操作结果及由此产生的问题负责。

服务端配置


  1. 登录服务器,安装 pptpd:
  1. 1
    <span class="pln">sudo apt</span><span class="pun">-</span><span class="kwd"><span class="hljs-builtin-name">get</span></span><span class="pln"> install pptpd</span>
  1. 修改配置文件:

1) /etc/pptpd.conf

  1. 1
    <span class="pln"><span class="hljs-meta">$</span><span class="bash"> sudo vi </span></span><span class="pun"><span class="bash">/</span></span><span class="pln"><span class="bash">etc</span></span><span class="pun"><span class="bash">/</span></span><span class="pln"><span class="bash">pptpd</span></span><span class="pun"><span class="bash">.</span></span><span class="pln"><span class="bash">conf</span></span>
  2. 1
     
  3. 1
    <span class="com"><span class="hljs-meta">#</span><span class="bash"> 在 TAG: localip 后面添加如下内容</span></span>
  4. 1
    <span class="pln">localip </span><span class="lit"><span class="hljs-number">192.168</span></span><span class="pun"><span class="hljs-number">.</span></span><span class="lit"><span class="hljs-number">0</span><span class="hljs-number">.1</span></span><span class="pln"> remoteip </span><span class="lit"><span class="hljs-number">192.168</span></span><span class="pun"><span class="hljs-number">.</span></span><span class="lit"><span class="hljs-number">0</span><span class="hljs-number">.234</span></span><span class="pun"><span class="hljs-number">-</span></span><span class="lit"><span class="hljs-number">238</span></span><span class="pun">,</span><span class="lit"><span class="hljs-number">192.168</span></span><span class="pun"><span class="hljs-number">.</span></span><span class="lit"><span class="hljs-number">0</span><span class="hljs-number">.245</span></span>

2)  /etc/ppp/pptpd-options

  1. 1
    <span class="pln">sudo <span class="hljs-keyword">vi</span> </span><span class="pun">/</span><span class="pln">etc</span><span class="pun">/</span><span class="pln">ppp</span><span class="pun">/</span><span class="pln">pptpd</span><span class="pun">-</span><span class="pln"><span class="hljs-keyword">options</span></span>
  2. 1
    <span class="com"># 删除 #ms-dns 前面的#号</span>
  3. 1
    <span class="com"># 修改<span class="hljs-selector-tag">DNS</span> <span class="hljs-selector-tag">server</span>: 223<span class="hljs-selector-class">.5</span><span class="hljs-selector-class">.5</span><span class="hljs-selector-class">.5</span></span>

3)  在 /etc/ppp/chap-secrets 中,添加账号、服务器名、密码和IP限制。比如: user pptpd userpasswd *

4)  /etc/sysctl.conf

  1. 1
    <span class="pun">删除</span> <span class="com"><span class="hljs-selector-id">#net</span><span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.ip_forward</span>=<span class="hljs-number">1</span> 前的#号,开启ipv4 forward</span>
  2. 1
     
  3. 1
    <span class="pln">sudo sysctl </span><span class="pun">–</span><span class="pln"><span class="hljs-selector-tag">p</span> </span>
  4. 1
    <span class="com">#若运行后显示 net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.ip_forward</span> = <span class="hljs-number">1</span>,表示修改生效了。</span>

5) 使用 iptables 建立一个 NAT:

  1. 1
    <span class="pln">sudo apt</span><span class="pun">-</span><span class="kwd"><span class="hljs-builtin-name">get</span></span><span class="pln"> install iptables </span>
  2. 1
    <span class="pln">iptables </span><span class="pun">-</span><span class="pln">t<span class="hljs-built_in"> nat </span></span><span class="pun">-</span><span class="pln">A POSTROUTING </span><span class="pun">-</span><span class="pln">s </span><span class="lit">192.168</span><span class="pun">.</span><span class="lit">0.0</span><span class="pun">/</span><span class="lit">24</span> <span class="pun">-</span><span class="pln">o eth0 </span><span class="pun">-</span><span class="pln">j MASQUERADE</span>
  3. 1
    <span class="com"><span class="hljs-meta">#</span><span class="bash"> eth0 代表网卡,可以通过命令 ifconfig 查看</span></span>

6)  /etc/network/interfaces

  1. 1
    <span class="com"># 在eth0/eth1.. 下面加入如下内容</span>
  2. 1
    <span class="pln">pre</span><span class="pun">-</span><span class="pln">up iptables</span><span class="pun">-</span><span class="pln"><span class="hljs-keyword">restore</span> </span><span class="pun">&lt;</span> <span class="str">/etc/</span><span class="pln">iptables</span><span class="pun">-</span><span class="pln"><span class="hljs-keyword">rules</span></span>
  1. 重启 pptpd 使配置生效
  1. 1
    <span class="pln">sudo </span><span class="pun"><span class="hljs-regexp">/</span></span><span class="pln"><span class="hljs-regexp">etc</span></span><span class="pun"><span class="hljs-regexp">/</span></span><span class="pln"><span class="hljs-regexp">i</span>nit</span><span class="pun">.</span><span class="pln">d</span><span class="pun"><span class="hljs-regexp">/</span></span><span class="pln"><span class="hljs-regexp">pptpd restart</span></span>

VPN 客户端配置


1. 查看本地外网 IP 地址

  1. 1
    <span class="pln">curl http</span><span class="pun">:</span><span class="com"><span class="hljs-regexp">//m</span>embers.<span class="hljs-number">3322</span>.org<span class="hljs-regexp">/dyndns/g</span>etip</span>

QQ截图20150702212812.png

2. 安装 pptp 客户端软件

QQ截图20150702212838.png

3. 初始化一个 VPN 连接通道:

  1. 1
    <span class="pln"><span class="hljs-comment">sudo</span> <span class="hljs-comment">pptpsetup</span> </span><span class="pun"><span class="hljs-literal">-</span><span class="hljs-literal">-</span></span><span class="pln"><span class="hljs-comment">create</span> <span class="hljs-comment">test</span> </span><span class="pun"><span class="hljs-literal">-</span><span class="hljs-literal">-</span></span><span class="pln"><span class="hljs-comment">server</span> </span><span class="lit"><span class="hljs-comment">58</span><span class="hljs-string">.</span><span class="hljs-comment">xx</span></span><span class="pun"><span class="hljs-string">.</span></span><span class="pln"><span class="hljs-comment">xx</span></span><span class="pun"><span class="hljs-string">.</span></span><span class="lit"><span class="hljs-comment">178</span></span> <span class="pun"><span class="hljs-literal">-</span><span class="hljs-literal">-</span></span><span class="pln"><span class="hljs-comment">username</span> <span class="hljs-comment">xxx</span></span><span class="pun"><span class="hljs-literal">-</span><span class="hljs-literal">-</span></span><span class="pln"><span class="hljs-comment">password</span> <span class="hljs-comment">xxx</span></span><span class="pun"><span class="hljs-literal">-</span><span class="hljs-literal">-</span></span><span class="pln"><span class="hljs-comment">encrypt</span> </span><span class="pun"><span class="hljs-literal">-</span><span class="hljs-literal">-</span></span><span class="pln"><span class="hljs-comment">start</span></span>

该命令将创建一个名为 test 的 VPN 通道。

QQ截图20150702215914.png

4. 修改路由为 vpn 路由

  1. 1
    <span class="pln">sudo<span class="hljs-built_in"> ip route </span></span><span class="kwd">del</span> <span class="kwd"><span class="hljs-built_in">default</span></span>
  2. 1
    <span class="com"><span class="hljs-meta">#</span><span class="bash"> 删除默认路由(删除后会无法远程需要通过管理终端登陆)</span></span>

QQ截图20150702220800.png

  1. 添加默认路由指向 ppp0:
  1. 1
    <span class="pln">sudo<span class="hljs-built_in"> ip route </span><span class="hljs-builtin-name">add</span> </span><span class="kwd"><span class="hljs-built_in">default</span></span><span class="pln"> dev ppp0</span>

QQ截图20150702220746.png

  1. 测试出口的 IP 地址,已经变成 vpn 服务器的 IP 地址:

QQ截图20150702220901.png

  1. 开启和关闭 VPN

使用命令关闭:

  1. 1
    <span class="pln">sudo poff <span class="hljs-built_in">test</span></span>

使用 ifconfig ppp0 查看设备信息为 not found 。

QQ截图20150702221940.png

使用命令开启:

  1. 1
    <span class="pln">sudo pon <span class="hljs-built_in">test</span></span>

使用 ifconfig ppp0 查看设备信息为 ppp0 设备的详细信息。

QQ截图20150702221914.png

8. 修改路由为本地路由:

注:如果不修改无法正常上网。

  1. 1
    <span class="pln">sudo<span class="hljs-built_in"> ip route </span></span><span class="kwd">del</span> <span class="kwd"><span class="hljs-built_in">default</span></span>
  2. 1
    <span class="com"><span class="hljs-meta">#</span><span class="bash"> 删除默认路由</span></span>

QQ截图20150702220800.png

添加 ECS 网关为默认路由,即可通过本地网络实现 VPN 联网。

QQ截图20150702223845.png

 

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: