Привожу здесь реальный лог начальной настройки VPN с поддержкой аутентификации MS CHAP V2 на моем сервере. В качестве сервера выступает свежеустановленная Slackware 12.0. Устанавливаем свежие версии PPTPD в качестве сервера и PPTP в качестве клиента. Информации в сети по поводу настройки VPN много, поэтому привожу лог без комментариев.
root@slack12:~# cat /etc/rc.d/rc.modules|grep ppp
/sbin/modprobe ppp_generic
/sbin/modprobe ppp_async
/sbin/modprobe ppp_synctty
/sbin/modprobe ppp_deflate
/sbin/modprobe ppp_mppe
root@slack12:~# cd /usr/src/
root@slack12:/usr/src# wget http://ovh.dl.sourceforge.net/sourceforge/pptpclient
/pptp-1.7.1.tar.gz
--02:59:10-- http://ovh.dl.sourceforge.net/sourceforge/pptpclient/pptp-1.7.1.tar.gz
=> `pptp-1.7.1.tar.gz'
Resolving ovh.dl.sourceforge.net... 213.186.33.91
Connecting to ovh.dl.sourceforge.net|213.186.33.91|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 229,024 (224K) [application/x-gzip]
100%[====================================>] 229,024 231.61K/s
02:59:12 (230.85 KB/s) - `pptp-1.7.1.tar.gz' saved [229024/229024]
root@slack12:/usr/src# tar xzf pptp-1.7.1.tar.gz
root@slack12:/usr/src# cd pptp-1.7.1
root@slack12:/usr/src/pptp-1.7.1# make
root@slack12:/usr/src/pptp-1.7.1# make install
root@slack12:/usr/src/pptp-1.7.1# cd ..
root@slack12:/usr/src# wget http://puzzle.dl.sourceforge.net/sourceforge/poptop/
pptpd-1.3.0.tar.gz
--03:11:43-- http://puzzle.dl.sourceforge.net/sourceforge/poptop/pptpd-1.3.0.tar.gz
=> `pptpd-1.3.0.tar.gz'
Resolving puzzle.dl.sourceforge.net... 195.141.111.5
Connecting to puzzle.dl.sourceforge.net|195.141.111.5|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 204,099 (199K) [application/x-gzip]
100%[====================================>] 204,099 36.44K/s ETA 00:00
03:11:52 (23.35 KB/s) - `pptpd-1.3.0.tar.gz' saved [204099/204099]
root@slack12:/usr/src# tar xzf pptpd-1.3.0.tar.gz
root@slack12:/usr/src# cd pptpd-1.3.0
root@slack12:/usr/src/pptpd-1.3.0# ./configure --prefix=/usr
root@slack12:/usr/src/pptpd-1.3.0# make
root@slack12:/usr/src/pptpd-1.3.0# make install
root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/pptpd.conf
root@slack12:/usr/src/pptpd-1.3.0# cat /etc/pptpd.conf
###############################################################################
# $Id: pptpd.conf,v 1.8 2004/04/28 11:36:07 quozl Exp $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################
option /etc/ppp/options.pptpd
#debug
localip 10.0.0.1
remoteip 10.0.0.234-238
root@slack12:/usr/src/pptpd-1.3.0# cp samples/options.pptpd /etc/ppp/
root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/ppp/options.pptpd
root@slack12:/usr/src/pptpd-1.3.0# cat /etc/ppp/options.pptpd
###############################################################################
# $Id: options.pptpd,v 1.9 2005/08/02 11:33:32 quozl Exp $
#
# Sample Poptop PPP options file /etc/ppp/options.pptpd
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection. See "man pppd".
#
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################
name pptpd
#refuse-pap
#refuse-chap
#refuse-mschap
#require-mschap-v2
#require-mppe-128
#-chap
#-chapms
#+chapms-v2
#mppe-40# enable either 40-bit or 128-bit, not both
#mppe-128
#mppe-stateless
ms-dns 192.168.0.111
proxyarp
debug
lock
nobsdcomp
#novj
#novjccomp
#nodeflate
#nodefaultroute
root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/ppp/chap-secrets
root@slack12:/usr/src/pptpd-1.3.0# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
gena1 * pass1 *
gena2 * pass2 *
root@slack12:/usr/src/pptpd-1.3.0# pptpd
root@slack12:/usr/src/pptpd-1.3.0# ps ax|grep pptpd
5137 ? Ss 0:00 pptpd
root@slack12:/usr/src/pptpd-1.3.0# mcedit /etc/rc.d/rc.ip_forward
root@slack12:/usr/src/pptpd-1.3.0# cat /etc/rc.d/rc.ip_forward
#!/bin/sh
# /etc/rc.d/rc.ip_forward: start/stop IP packet forwarding
#
# Start IP packet forwarding:
ip_forward_start() {
if [ -f /proc/sys/net/ipv4/ip_forward ]; then
echo "Activating IPv4 packet forwarding."
echo 1 > /proc/sys/net/ipv4/ip_forward
fi
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE
}
# Stop IP packet forwarding:
ip_forward_stop() {
if [ -f /proc/sys/net/ipv4/ip_forward ]; then
echo "Disabling IPv4 packet forwarding."
echo 0 > /proc/sys/net/ipv4/ip_forward
fi
}
# Restart IP packet forwarding:
ip_forward_restart() {
ip_forward_stop
sleep 1
ip_forward_start
}
case "$1" in
'start')
ip_forward_start
;;
'stop')
ip_forward_stop
;;
'restart')
ip_forward_restart
;;
*)
echo "usage $0 start|stop|restart"
esac
root@slack12:/usr/src/pptpd-1.3.0# chmod +x /etc/rc.d/rc.ip_forward
root@slack12:/usr/src/pptpd-1.3.0# /etc/rc.d/rc.ip_forward start
Activating IPv4 packet forwarding.
root@slack12:/usr/src/pptpd-1.3.0# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:43:DF:91
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:df91/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:490 errors:0 dropped:0 overruns:0 frame:0
TX packets:804 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:61786 (60.3 KiB) TX bytes:299601 (292.5 KiB)
Interrupt:17 Base address:0x1400
eth1 Link encap:Ethernet HWaddr 00:0C:29:43:DF:9B
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:df9b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:468 (468.0 b)
Interrupt:18 Base address:0x1480
eth2 Link encap:Ethernet HWaddr 00:0C:29:43:DF:A5
inet addr:192.168.159.130 Bcast:192.168.159.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:dfa5/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4733 errors:0 dropped:0 overruns:0 frame:0
TX packets:6159 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1137516 (1.0 MiB) TX bytes:627140 (612.4 KiB)
Interrupt:19 Base address:0x1800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
root@slack12:/usr/src/pptpd-1.3.0# nmap localhost
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-07 03:54 MSD
Interesting ports on slack12.regimov.net (127.0.0.1):
Not shown: 1693 closed ports
PORT STATE SERVICE
22/tcp open ssh
37/tcp open time
113/tcp open auth
1723/tcp open pptp
Nmap finished: 1 IP address (1 host up) scanned in 0.225 seconds
root@slack12:/usr/src/pptpd-1.3.0# cd
root@slack12:~# mkdir /etc/ppp/peers
root@slack12:~# mcedit /etc/ppp/peers/sl
root@slack12:~# cat /etc/ppp/peers/sl
name gena1
remotename pptpd
debug
lock
deflate 0
#defaultroute
file /etc/ppp/options.pptp
pty "/usr/sbin/pptp localhost --nolaunchpppd"
root@slack12:~# mcedit /etc/ppp/options.pptp
root@slack12:~# cat /etc/ppp/options.pptp
###############################################################################
# $Id: options.pptp,v 1.2 2005/08/20 13:16:38 quozl Exp $
#
# Sample PPTP PPP options file /etc/ppp/options.pptp
# Options used by PPP when a connection is made by a PPTP client.
# This file can be referred to by an /etc/ppp/peers file for the tunnel.
# Changes are effective on the next connection. See "man pppd".
#
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/
# and the kernel MPPE module available from the CVS repository also on
# http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.
###############################################################################
lock
noauth
#refuse-eap
#refuse-chap
#refuse-mschap
nobsdcomp
nodeflate
#require-mppe-128
#mppe required,stateless
root@slack12:~# pppd call sl
root@slack12:~# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:43:DF:91
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:16 Base address:0x1400
eth1 Link encap:Ethernet HWaddr 00:0C:29:43:DF:9B
inet addr:192.168.2.1 Bcast:192.168.2.255 Mask:255.255.255.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:17 Base address:0x1480
eth2 Link encap:Ethernet HWaddr 00:0C:29:43:DF:A5
inet addr:192.168.159.130 Bcast:192.168.159.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:dfa5/64 Scope:Link
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7321 errors:0 dropped:0 overruns:0 frame:0
TX packets:9061 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:746985 (729.4 KiB) TX bytes:1475606 (1.4 MiB)
Interrupt:18 Base address:0x1800
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:126 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:8988 (8.7 KiB) TX bytes:8988 (8.7 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.0.0.234 P-t-P:10.0.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:62 (62.0 b) TX bytes:68 (68.0 b)
ppp1 Link encap:Point-to-Point Protocol
inet addr:10.0.0.1 P-t-P:10.0.0.234 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:68 (68.0 b) TX bytes:62 (62.0 b)
root@slack12:~# halt
