Привожу здесь реальный лог начальной настройки VPN с поддержкой аутентификации MS CHAP V2 на моем сервере. В качестве сервера выступает свежеустановленная Slackware 12.0. Устанавливаем свежие версии PPTPD в качестве сервера и PPTP в качестве клиента. Информации в сети по поводу настройки VPN много, поэтому привожу лог без комментариев.
root@slack12:~# cat /etc/rc.d/rc.modules|grep ppp /sbin/modprobe ppp_generic /sbin/modprobe ppp_async /sbin/modprobe ppp_synctty /sbin/modprobe ppp_deflate /sbin/modprobe ppp_mppe root@slack12:~# cd /usr/src/ root@slack12:/usr/src# wget http://ovh.dl.sourceforge.net/sourceforge/pptpclient /pptp-1.7.1.tar.gz --02:59:10-- http://ovh.dl.sourceforge.net/sourceforge/pptpclient/pptp-1.7.1.tar.gz => `pptp-1.7.1.tar.gz' Resolving ovh.dl.sourceforge.net... 213.186.33.91 Connecting to ovh.dl.sourceforge.net|213.186.33.91|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 229,024 (224K) [application/x-gzip] 100%[====================================>] 229,024 231.61K/s 02:59:12 (230.85 KB/s) - `pptp-1.7.1.tar.gz' saved [229024/229024] root@slack12:/usr/src# tar xzf pptp-1.7.1.tar.gz root@slack12:/usr/src# cd pptp-1.7.1 root@slack12:/usr/src/pptp-1.7.1# make root@slack12:/usr/src/pptp-1.7.1# make install root@slack12:/usr/src/pptp-1.7.1# cd .. root@slack12:/usr/src# wget http://puzzle.dl.sourceforge.net/sourceforge/poptop/ pptpd-1.3.0.tar.gz --03:11:43-- http://puzzle.dl.sourceforge.net/sourceforge/poptop/pptpd-1.3.0.tar.gz => `pptpd-1.3.0.tar.gz' Resolving puzzle.dl.sourceforge.net... 195.141.111.5 Connecting to puzzle.dl.sourceforge.net|195.141.111.5|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 204,099 (199K) [application/x-gzip] 100%[====================================>] 204,099 36.44K/s ETA 00:00 03:11:52 (23.35 KB/s) - `pptpd-1.3.0.tar.gz' saved [204099/204099] root@slack12:/usr/src# tar xzf pptpd-1.3.0.tar.gz root@slack12:/usr/src# cd pptpd-1.3.0 root@slack12:/usr/src/pptpd-1.3.0# ./configure --prefix=/usr root@slack12:/usr/src/pptpd-1.3.0# make root@slack12:/usr/src/pptpd-1.3.0# make install root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/pptpd.conf root@slack12:/usr/src/pptpd-1.3.0# cat /etc/pptpd.conf ############################################################################### # $Id: pptpd.conf,v 1.8 2004/04/28 11:36:07 quozl Exp $ # # Sample Poptop configuration file /etc/pptpd.conf # # Changes are effective when pptpd is restarted. ############################################################################### option /etc/ppp/options.pptpd #debug localip 10.0.0.1 remoteip 10.0.0.234-238 root@slack12:/usr/src/pptpd-1.3.0# cp samples/options.pptpd /etc/ppp/ root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/ppp/options.pptpd root@slack12:/usr/src/pptpd-1.3.0# cat /etc/ppp/options.pptpd ############################################################################### # $Id: options.pptpd,v 1.9 2005/08/02 11:33:32 quozl Exp $ # # Sample Poptop PPP options file /etc/ppp/options.pptpd # Options used by PPP when a connection arrives from a client. # This file is pointed to by /etc/pptpd.conf option keyword. # Changes are effective on the next connection. See "man pppd". # # You are expected to change this file to suit your system. As # packaged, it requires PPP 2.4.2 and the kernel MPPE module. ############################################################################### name pptpd #refuse-pap #refuse-chap #refuse-mschap #require-mschap-v2 #require-mppe-128 #-chap #-chapms #+chapms-v2 #mppe-40# enable either 40-bit or 128-bit, not both #mppe-128 #mppe-stateless ms-dns 192.168.0.111 proxyarp debug lock nobsdcomp #novj #novjccomp #nodeflate #nodefaultroute root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/ppp/chap-secrets root@slack12:/usr/src/pptpd-1.3.0# cat /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses gena1 * pass1 * gena2 * pass2 * root@slack12:/usr/src/pptpd-1.3.0# pptpd root@slack12:/usr/src/pptpd-1.3.0# ps ax|grep pptpd 5137 ? Ss 0:00 pptpd root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/rc.d/rc.ip_forward root@slack12:/usr/src/pptpd-1.3.0# cat /etc/rc.d/rc.ip_forward #!/bin/sh # /etc/rc.d/rc.ip_forward: start/stop IP packet forwarding # # Start IP packet forwarding: ip_forward_start() { if [ -f /proc/sys/net/ipv4/ip_forward ]; then echo "Activating IPv4 packet forwarding." echo 1 > /proc/sys/net/ipv4/ip_forward fi iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE } # Stop IP packet forwarding: ip_forward_stop() { if [ -f /proc/sys/net/ipv4/ip_forward ]; then echo "Disabling IPv4 packet forwarding." echo 0 > /proc/sys/net/ipv4/ip_forward fi } # Restart IP packet forwarding: ip_forward_restart() { ip_forward_stop sleep 1 ip_forward_start } case "$1" in 'start') ip_forward_start ;; 'stop') ip_forward_stop ;; 'restart') ip_forward_restart ;; *) echo "usage $0 start|stop|restart" esac root@slack12:/usr/src/pptpd-1.3.0# chmod +x /etc/rc.d/rc.ip_forward root@slack12:/usr/src/pptpd-1.3.0# /etc/rc.d/rc.ip_forward start Activating IPv4 packet forwarding. root@slack12:/usr/src/pptpd-1.3.0# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:43:DF:91 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe43:df91/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:490 errors:0 dropped:0 overruns:0 frame:0 TX packets:804 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:61786 (60.3 KiB) TX bytes:299601 (292.5 KiB) Interrupt:17 Base address:0x1400 eth1 Link encap:Ethernet HWaddr 00:0C:29:43:DF:9B inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe43:df9b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:468 (468.0 b) Interrupt:18 Base address:0x1480 eth2 Link encap:Ethernet HWaddr 00:0C:29:43:DF:A5 inet addr:192.168.159.130 Bcast:192.168.159.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe43:dfa5/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4733 errors:0 dropped:0 overruns:0 frame:0 TX packets:6159 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1137516 (1.0 MiB) TX bytes:627140 (612.4 KiB) Interrupt:19 Base address:0x1800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) root@slack12:/usr/src/pptpd-1.3.0# nmap localhost Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-07 03:54 MSD Interesting ports on slack12.regimov.net (127.0.0.1): Not shown: 1693 closed ports PORT STATE SERVICE 22/tcp open ssh 37/tcp open time 113/tcp open auth 1723/tcp open pptp Nmap finished: 1 IP address (1 host up) scanned in 0.225 seconds root@slack12:/usr/src/pptpd-1.3.0# cd root@slack12:~# mkdir /etc/ppp/peers root@slack12:~# mcedit /etc/ppp/peers/sl root@slack12:~# cat /etc/ppp/peers/sl name gena1 remotename pptpd debug lock deflate 0 #defaultroute file /etc/ppp/options.pptp pty "/usr/sbin/pptp localhost --nolaunchpppd" root@slack12:~# mcedit /etc/ppp/options.pptp root@slack12:~# cat /etc/ppp/options.pptp ############################################################################### # $Id: options.pptp,v 1.2 2005/08/20 13:16:38 quozl Exp $ # # Sample PPTP PPP options file /etc/ppp/options.pptp # Options used by PPP when a connection is made by a PPTP client. # This file can be referred to by an /etc/ppp/peers file for the tunnel. # Changes are effective on the next connection. See "man pppd". # # You are expected to change this file to suit your system. As # packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/ # and the kernel MPPE module available from the CVS repository also on # http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe. ############################################################################### lock noauth #refuse-eap #refuse-chap #refuse-mschap nobsdcomp nodeflate #require-mppe-128 #mppe required,stateless root@slack12:~# pppd call sl root@slack12:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:0C:29:43:DF:91 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:16 Base address:0x1400 eth1 Link encap:Ethernet HWaddr 00:0C:29:43:DF:9B inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Interrupt:17 Base address:0x1480 eth2 Link encap:Ethernet HWaddr 00:0C:29:43:DF:A5 inet addr:192.168.159.130 Bcast:192.168.159.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fe43:dfa5/64 Scope:Link UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1 RX packets:7321 errors:0 dropped:0 overruns:0 frame:0 TX packets:9061 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:746985 (729.4 KiB) TX bytes:1475606 (1.4 MiB) Interrupt:18 Base address:0x1800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:126 errors:0 dropped:0 overruns:0 frame:0 TX packets:126 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:8988 (8.7 KiB) TX bytes:8988 (8.7 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:10.0.0.234 P-t-P:10.0.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:62 (62.0 b) TX bytes:68 (68.0 b) ppp1 Link encap:Point-to-Point Protocol inet addr:10.0.0.1 P-t-P:10.0.0.234 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:68 (68.0 b) TX bytes:62 (62.0 b) root@slack12:~# halt