• 欢迎访问金笔头博客,这是一个菜鸟(伪)程序员的自留地,欢迎访问我的github:点击进入

Ubuntu搭建VPN服务器(PPTP)

Ubuntu eason 3559次浏览 2个评论 扫描二维码
#1.从github上下载shell脚本
root@wys:~# cd /tmp
root@wys:/tmp# wget https://raw.github.com/viljoviitanen/setup-simple-pptp-vpn/master/setup.sh

#2.执行
root@wys:/tmp# sudo sh setup.sh 

#3.设置密码               
root@wys:/tmp# vi /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *

#4.重启vpn服务
root@wys:/tmp# service pptpd restart
 * Restarting PoPToP Point to Point Tunneling Server pptpd

#5.到了第4步应该能连接上VPN了,如果无法访问外网,执行下面的命令添加NAT规则 
root@wys:/tmp# iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source 服务器IP地址
  
#6.重启服务
root@wys:/tmp# service pptpd restart
 * Restarting PoPToP Point to Point Tunneling Server pptpd                                                                                        [ OK ] 
root@wys:/tmp# 

#7.检验一下。

Ubuntu搭建VPN服务器(PPTP)

Ubuntu搭建VPN服务器(PPTP)

Ubuntu搭建VPN服务器(PPTP)

#8.关于VPN连接工具参考【vpn连接工具

———————————————–不怎么华丽的分割线————————————
我们来看看setup.sh的具体内容,如有需要可以自己修改里面的参数,比如分配给客户端的IP地址范围,DNS等等。

#!/bin/sh
#    Setup Simple PPTP VPN server for Ubuntu and Debian
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License along
#    with this program; if not, write to the Free Software Foundation, Inc.,
#    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
#    2013-11-06: initial version. Tested with Amazon EC2 Ubuntu 12.04 and 
#                Digital Ocean Debian 7.0 and Ubuntu 12.04 images.
#    2014-03-23: Added apt-get update.
#    2014-09-18: Add help, allow custom username and password, thanks to dileep-p
#    2015-01-25: Change external ip provider, thanks to theroyalstudent

printhelp() {

echo "
Usage: sh setup.sh [OPTION]
If you are using custom password , Make sure its more than 8 characters. Otherwise it will generate random password for you. 
If you trying set password only. It will generate Default user with Random password. 
example: sudo bash setup.sh -u vpn -p mypass
Use without parameter [ sudo bash setup.sh ] to use default username and Random password
  -u,    --username             Enter the Username
  -p,    --password             Enter the Password
"
}

while [ "$1" != "" ]; do
  case "$1" in
    -u    | --username )             NAME=$2; shift 2 ;;
    -p    | --password )             PASS=$2; shift 2 ;;
    -h    | --help )            echo "$(printhelp)"; exit; shift; break ;;
  esac
done

if [ `id -u` -ne 0 ] 
then
  echo "Need root, try with sudo"
  exit 0
fi

apt-get update

apt-get -y install pptpd || {
  echo "Could not install pptpd" 
  exit 1
}

#ubuntu has exit 0 at the end of the file.
sed -i '/^exit 0/d' /etc/rc.local

cat >> /etc/rc.local << END
echo 1 > /proc/sys/net/ipv4/ip_forward
#control channel
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
#gre tunnel protocol
iptables -I INPUT  --protocol 47 -j ACCEPT

iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -o eth0 -j MASQUERADE

#supposedly makes the vpn work better
iptables -I FORWARD -s 192.168.2.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356

END
sh /etc/rc.local

#no liI10oO chars in password

LEN=$(echo ${#PASS})

if [ -z "$PASS" ] || [ $LEN -lt 8 ] || [ -z "$NAME"]
then
   P1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   PASS="$P1-$P2-$P3"
fi

if [ -z "$NAME" ]
then
   NAME="vpn"
fi

cat >/etc/ppp/chap-secrets <<END
# Secrets for authentication using CHAP
# client server secret IP addresses
$NAME pptpd $PASS *
END
cat >/etc/pptpd.conf <<END
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.2.1
remoteip 192.168.2.10-100
END
cat >/etc/ppp/options.pptpd <<END
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
lock
nobsdcomp 
novj
novjccomp
nologfd
END

apt-get -y install wget || {
  echo "Could not install wget, required to retrieve your IP address." 
  exit 1
}

#find out external ip 
IP=`wget -q -O - http://api.ipify.org`

if [ "x$IP" = "x" ]
then
  echo "============================================================"
  echo "  !!!  COULD NOT DETECT SERVER EXTERNAL IP ADDRESS  !!!"
else
  echo "============================================================"
  echo "Detected your server external ip address: $IP"
fi
echo   ""
echo   "VPN username = $NAME   password = $PASS"
echo   "============================================================"
sleep 2

service pptpd restart

exit 0

金笔头博客, 版权所有丨如未注明 , 均为原创, 转载请注明Ubuntu搭建VPN服务器(PPTP)
喜欢 (0)
发表我的评论
取消评论

表情 贴图 加粗 删除线 居中 斜体 签到

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
(2)个小伙伴在吐槽
  1. Hey, thanks for the article. Awesome.
    emo sluts2016-02-03 10:52 Reply 未知操作系统 | Firefox 3.8
  2. Muchos Gracias for your article.Really thank you! Much obliged.
    big tits videos2016-01-02 05:06 Reply 未知操作系统 | 未知浏览器