在window下可以很轻松的使用vpn拨号连接,那是因为window xp等已经内置了pptp协议而且内置了客户端,可在linux下,却是没有那么轻松,因为linux下的pptp客户端:pptp-linux有些限制和要求的,以下就我一整天折腾的过程或者算是些许经验在此分享。
- 首先要去pptp-linux的官方网站去溜达一下,以好补充一下基本知识,这点需要注意的是pptp 客户端要求内核至少应该是2.6.15(我的是2.6.18),这点我觉得大部分的系统应该满足了 :) ,而且官方文档就linux的各个分支都有详细的文档,我用的是debian,当然是Debian的文档了。
- 接下来就是下载客户端软件了,debian的可以下载其deb版本,不过我觉得好像有点问题,至少在我的系统上好像是有点问题,因此我直接CVS从官方check out了,其编译也很简单:make 一下,一般也就直接生成了pptp执行程序。
- pptp客户端安装好以后,接下来就是繁琐的配置了,不过你可以用pptpconfig或者web-admin等图形化来处理,看个人的喜好了,就我而言,比较喜欢搞清楚内部是怎么回事,因此是手工了。最后是一些相关配置,根据实际情况可以自行修改。
- 启动:sudo pon test
- 停止:sudo poff
某些情况克嫩还要自己手动修改路由,可以用route add/del 命令,详细请参考man。
有点要注意:pptp需要iproute的package,debian用户可以google或者apt-get iproute自行安装。
/etc/ppp/chap-secrets
- sudo cat chap-secrets
- # Secrets for authentication using CHAP
- # client server secret IP addresses
-
- username PPTP password *
/etc/ppp/options.pptp
- cat options.pptp
- ###############################################################################
- # $Id: options.pptp,v 1.1 2005/02/18 01:40:23 quozl Exp $
- #
- # Sample PPTP PPP options file /etc/ppp/options.pptp
- # Options used by PPP when a connection is made by a PPTP client.
- # This file can be referred to by an /etc/ppp/peers file for the tunnel.
- # Changes are effective on the next connection. See "man pppd".
- #
- # You are expected to change this file to suit your system. As
- # packaged, it requires PPP 2.4.2 or later from http:
- # and the kernel MPPE module available from the CVS repository also on
- # http:
- ###############################################################################
-
- # Lock the port
- lock
-
- # Authentication
- # We don't need the tunnel server to authenticate itself
- noauth
-
- # We won't do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
- #refuse-eap
- #refuse-chap
- #refuse-mschap
-
- # Compression
- # Turn off compression protocols we know won't be used
- nobsdcomp
- nodeflate
-
- # Encryption
- # (There have been multiple versions of PPP with encryption support,
- # choose with of the following sections you will use. Note that MPPE
- # requires the use of MSCHAP-V2 during authentication)
-
- # http:
- # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
- # {{{
- # Require MPPE 128-bit encryption
- require-mppe-128
- # }}}
-
- # http:
- # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
- # {{{
- # Require MPPE 128-bit encryption
- #mppe required,stateless
- # }}}
/etc/ppp/peers/test
- cat test
- pty "/home/agile/oss/pptp-linux/pptp hostname --nolaunchpppd"
- name username
- remotename PPTP
- require-mppe-128
- defaultroute
- file /etc/ppp/options.pptp
- ipparam test