Skip to content

Instantly share code, notes, and snippets.

@plusor
Created July 29, 2013 14:26

Revisions

  1. ddl1st created this gist Jul 29, 2013.
    224 changes: 224 additions & 0 deletions ubuntu配置PPTP.md
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,224 @@
    Starting PPTP Daemon: /etc/pptpd.conf: No such file or directory

    ```shell
    sudo apt-get purge pptpd
    sudo apt-get install pptpd
    ```


    * vi /etc/rc.local

    ```shell
    iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE
    iptables -A FORWARD -p tcp --syn -s 192.168.1.0/24 -j TCPMSS --set-mss 1356
    echo 1 > /proc/sys/net/ipv4/ip_forward
    exit 0
    ```


    cat /etc/pptpd.conf
    -----------------------------------

    ```shell
    ###############################################################################
    # $Id$
    #
    # Sample Poptop configuration file /etc/pptpd.conf
    #
    # Changes are effective when pptpd is restarted.
    ###############################################################################

    # TAG: ppp
    # Path to the pppd program, default '/usr/sbin/pppd' on Linux
    #
    #ppp /usr/sbin/pppd

    # TAG: option
    # Specifies the location of the PPP options file.
    # By default PPP looks in '/etc/ppp/options'
    #
    option /etc/ppp/pptpd-options

    # TAG: debug
    # Turns on (more) debugging to syslog
    #
    #debug

    # TAG: stimeout
    # Specifies timeout (in seconds) on starting ctrl connection
    #
    # stimeout 10

    # TAG: noipparam
    # Suppress the passing of the client's IP address to PPP, which is
    # done by default otherwise.
    #
    #noipparam

    # TAG: logwtmp
    # Use wtmp(5) to record client connections and disconnections.
    #
    logwtmp

    # TAG: bcrelay <if>
    # Turns on broadcast relay to clients from interface <if>
    #
    #bcrelay eth1

    # TAG: localip
    # TAG: remoteip
    # Specifies the local and remote IP address ranges.
    #
    # Any addresses work as long as the local machine takes care of the
    # routing. But if you want to use MS-Windows networking, you should
    # use IP addresses out of the LAN address space and use the proxyarp
    # option in the pppd options file, or run bcrelay.
    #
    # You can specify single IP addresses seperated by commas or you can
    # specify ranges, or both. For example:
    #
    # 192.168.0.234,192.168.0.245-249,192.168.0.254
    #
    # IMPORTANT RESTRICTIONS:
    #
    # 1. No spaces are permitted between commas or within addresses.
    #
    # 2. If you give more IP addresses than MAX_CONNECTIONS, it will
    # start at the beginning of the list and go until it gets
    # MAX_CONNECTIONS IPs. Others will be ignored.
    #
    # 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
    # you must type 234-238 if you mean this.
    #
    # 4. If you give a single localIP, that's ok - all local IPs will
    # be set to the given one. You MUST still give at least one remote
    # IP for each simultaneous client.
    #
    # (Recommended)
    localip 192.168.1.1
    remoteip 192.168.1.234-238,192.168.1.245
    # or
    #localip 192.168.0.234-238,192.168.0.245
    #remoteip 192.168.1.234-238,192.168.1.245
    ```

    root@localhost:/home/ddl1st# cat /etc/ppp/pptpd-options
    -----------------------------------

    ```shell

    ###############################################################################
    # $Id$
    #
    # Sample Poptop PPP options file /etc/ppp/pptpd-options
    # Options used by PPP when a connection arrives from a client.
    # This file is pointed to by /etc/pptpd.conf option keyword.
    # Changes are effective on the next connection. See "man pppd".
    #
    # You are expected to change this file to suit your system. As
    # packaged, it requires PPP 2.4.2 and the kernel MPPE module.
    ###############################################################################


    # Authentication

    # Name of the local system for authentication purposes
    # (must match the second field in /etc/ppp/chap-secrets entries)
    name pptpd

    # Optional: domain name to use for authentication
    # domain mydomain.net

    # Strip the domain prefix from the username before authentication.
    # (applies if you use pppd with chapms-strip-domain patch)
    #chapms-strip-domain


    # Encryption
    # Debian: on systems with a kernel built with the package
    # kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
    # {{{
    refuse-pap
    refuse-chap
    refuse-mschap
    # Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
    # Challenge Handshake Authentication Protocol, Version 2] authentication.
    require-mschap-v2
    # Require MPPE 128-bit encryption
    # (note that MPPE requires the use of MSCHAP-V2 during authentication)
    require-mppe-128
    # }}}




    # Network and Routing

    # If pppd is acting as a server for Microsoft Windows clients, this
    # option allows pppd to supply one or two DNS (Domain Name Server)
    # addresses to the clients. The first instance of this option
    # specifies the primary DNS address; the second instance (if given)
    # specifies the secondary DNS address.
    # Attention! This information may not be taken into account by a Windows
    # client. See KB311218 in Microsoft's knowledge base for more information.
    #ms-dns 10.0.0.1
    #ms-dns 10.0.0.2
    ms-dns 8.8.8.8
    ms-dns 8.8.4.4

    # If pppd is acting as a server for Microsoft Windows or "Samba"
    # clients, this option allows pppd to supply one or two WINS (Windows
    # Internet Name Services) server addresses to the clients. The first
    # instance of this option specifies the primary WINS address; the
    # second instance (if given) specifies the secondary WINS address.
    #ms-wins 10.0.0.3
    #ms-wins 10.0.0.4

    # Add an entry to this system's ARP [Address Resolution Protocol]
    # table with the IP address of the peer and the Ethernet address of this
    # system. This will have the effect of making the peer appear to other
    # systems to be on the local ethernet.
    # (you do not need this if your PPTP server is responsible for routing
    # packets to the clients -- James Cameron)
    proxyarp

    # Debian: do not replace the default route
    nodefaultroute


    # Logging

    # Enable connection debugging facilities.
    # (see your syslog configuration for where pppd sends to)
    #debug

    # Print out all the option values which have been set.
    # (often requested by mailing list to verify options)
    #dump


    # Miscellaneous

    # Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
    # access.
    lock

    # Disable BSD-Compress compression
    nobsdcomp
    logfile /var/log/pptpd.log
    ```

    root@localhost:/home/ddl1st# cat /etc/ppp/chap-secrets
    -----------------------------------

    ```shell
    ient server secret IP addresses
    username * password *
    ```


    如果能连上但不能上网可以手动执行下

    ```shell
    source /etc/rc.local
    ```