FreeBSD PPTP客户端:安装和创建VPN
时间:2020-01-09 10:40:17 来源:igfitidea点击:
如何在FreeBSD台式机/笔记本电脑或服务器操作系统下配置和设置PPTP VPN客户端?
点对点隧道协议(PPTP)是一种用于实现虚拟专用网的方法。
PPTP使用TCP上的控制通道和GRE隧道来封装PPP数据包。
FreeBSD带有PPTP客户端,用于与NT服务器建立VPN链接。
FreeBSD使用pptp-linux PPTP客户端。
它可以与NT服务器建立PPP连接,并通过Internet上的PPTP链接建立隧道。
实际上,它使客户端计算机的行为就像与服务器在同一LAN上一样。
警告:已知PPTP是错误的协议。
由于固有的风险,该协议的设计者Microsoft建议不要使用它。
无论如何,由于易用性,很多人都使用PPTP,但这并不意味着它的危害性较小。
我建议改用OpenVPN(基于SSL)或IPSec。
安装pptp-linux客户端
执行以下命令以更新端口树:
# portsnap fetch update
安装客户端,运行:
# cd /usr/ports/net/pptpclient # make install clean
输出示例:
==- Extracting for pptpclient-1.7.2_5
- SHA256 Checksum mismatch for pptp-1.7.2.tar.gz.
==- Refetch for 1 more times files: pptp-1.7.2.tar.gz
- pptp-1.7.2.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
- Attempting to fetch http://heanet.dl.sourceforge.net/project/pptpclient/pptp/pptp-1.7.2/pptp-1.7.2.tar.gz
pptp-1.7.2.tar.gz 100% of 79 kB 49 kBps
- SHA256 Checksum OK for pptp-1.7.2.tar.gz.
==- pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found
==- Patching for pptpclient-1.7.2_5
==- pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found
==- Applying FreeBSD patches for pptpclient-1.7.2_5
==- pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found
==- Configuring for pptpclient-1.7.2_5
==- Building for pptpclient-1.7.2_5
echo "/* text added by Makefile target config.h */" > config.h
echo "#define PPTP_LINUX_VERSION \"1.7.2\"" >> config.h
echo "#define PPPD_BINARY \"/usr/sbin/ppp\"" >> config.h
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_gre.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c ppp_fcs.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_ctrl.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c dirutil.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c vector.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c inststr.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c util.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c version.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c test.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_quirks.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c orckit_quirks.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pqueue.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_callmgr.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c routing.c
gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_compat.c
gcc -o pptp pptp.o pptp_gre.o ppp_fcs.o pptp_ctrl.o dirutil.o vector.o inststr.o util.o version.o test.o pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o routing.o pptp_compat.o -lutil
pod2man pptpsetup > pptpsetup.8
==- Installing for pptpclient-1.7.2_5
==- pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found
==- Generating temporary packing list
==- Checking if net/pptpclient already installed
install -s -o root -g wheel -m 555 /usr/ports/net/pptpclient/work/pptp-1.7.2/pptp /usr/local/sbin
/bin/mkdir -p /usr/local/share/examples/pptpclient
install -o root -g wheel -m 444 /usr/ports/net/pptpclient/files/README /usr/local/share/examples/pptpclient
install -o root -g wheel -m 444 /usr/ports/net/pptpclient/files/ppp.conf /usr/local/share/examples/pptpclient
install -o root -g wheel -m 444 /usr/ports/net/pptpclient/work/pptp-1.7.2/pptp.8 /usr/local/man/man8
==- Compressing manual pages for pptpclient-1.7.2_5
==- Registering installation for pptpclient-1.7.2_5
==- SECURITY REPORT:
This port has installed the following files which may act as network
servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/pptp
If there are vulnerabilities in these programs there may be a security
risk to the system. FreeBSD makes no guarantee about the security of
ports included in the Ports Collection. Please type 'make deinstall'
to deinstall the port if this is a concern.
For more information, and contact details about the security
status of this software, see the following webpage:
http://pptpclient.sourceforge.net/
==- Cleaning for pptpclient-1.7.2_5
配置VPN客户端
在此示例中,使用IP服务器IP 192.54.1.2连接到机房。
首先,备份原始的/etc/ppp/ppp.conf文件,执行:
# mv /etc/ppp/ppp.conf /etc/ppp/ppp.conf.factory
编辑/etc/ppp/ppp.conf,执行:
# vi /etc/ppp/ppp.conf
追加以下配置:
DataCenter: set authname Hyman set authkey FooBar set timeout 0 set ifaddr 0 0 add 10.0.0.0/8 hisaddr alias enable yes disable ipv6cp
保存并关闭文件。
其中:
- DataCenter:要使用的PPP标签。连接到服务器时,需要将此标签传递给pptp命令。
- set authname Hyman您在服务器上的帐户名。
- set authkey FooBar您在服务器上的密码。
- 添加10.0.0.0/8 hisaddr设置路由。在此示例中,使用hisaddr路由10.0.0.0/8流量(此地址由远程服务器分配,您将使用它来路由流量)。
如何使用pptp vpn连接到办公室?
您必须以root用户身份运行该程序。
使用以下命令:
# pptp 192.54.1.2 DataCenter
输出示例:
/bin/ip: not found /bin/ip: not found
请忽略/bin/ip not found错误。
要终止VPN连接,请按^ C。
如何确认VPN已启动并正在运行?
执行以下命令(打开一个新终端):
# ifconfig tun0
输出示例:
tun0: flags=8051 metric 0 mtu 1498 options=80000 inet 10.1.3.62 --> 10.0.31.18 netmask 0xffffffff nd6 options=21 Opened by PID 36259
其中:
- 10.1.3.62您的IP地址。
- 10.0.31.18 VPN服务器网关。
- 0xffffffff网络掩码。
如何查看当前的FreeBSD内核路由表?
执行以下命令:
# netstat -r
或者
# netstat -r -f inet
输出示例:
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.2 UGS 0 1930 bge0 10.0.0.0 10.0.31.18 UGS 0 0 tun0 10.0.31.18 link#8 UHS 0 0 tun0 10.1.3.89 link#8 UHS 0 0 lo0 localhost link#7 UH 0 2308 lo0 192.168.1.0 link#3 U 0 962 bge0 fwks01.theitroad.ne link#3 UHS 0 0 lo0
如何测试VPN连接?
使用ping和traceroute命令:
$ ping -c3 10.37.34.2
输出示例:
PING 10.37.34.2 (10.37.34.2): 56 data bytes 64 bytes from 10.37.34.2: icmp_seq=0 ttl=61 time=330.681 ms 64 bytes from 10.37.34.2: icmp_seq=1 ttl=61 time=329.039 ms 64 bytes from 10.37.34.2: icmp_seq=2 ttl=61 time=329.592 ms --- 10.37.34.2 ping statistics -- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 329.039/329.771/330.681/0.682 ms
要打印路由数据包到网络主机:
$ tracroute 10.37.34.2
如何查看VPN连接日志?
执行以下命令:
# tail -f /var/log/ppp.log # grep something /var/log/ppp.log
输出示例(成功连接的日志):
Jul 16 04:01:43 fwks01 ppp[37612]: Phase: Using interface: tun0 Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: Created in closed state Jul 16 04:01:43 fwks01 ppp[37612]: Warning: The alias command is deprecated Jul 16 04:01:43 fwks01 ppp[37612]: Phase: PPP Started (direct mode). Jul 16 04:01:43 fwks01 ppp[37612]: Phase: bundle: Establish Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: closed -> opening Jul 16 04:01:43 fwks01 ppp[37612]: Alert: deflink: Can't create /var/run/pts/3.if: No such file or directory Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: Connected! Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: opening -> carrier Jul 16 04:01:44 fwks01 ppp[37612]: Phase: deflink: /dev/pts/3: CD detected Jul 16 04:01:44 fwks01 ppp[37612]: Phase: deflink: carrier -> lcp Jul 16 04:01:45 fwks01 ppp[37612]: Phase: bundle: Authenticate Jul 16 04:01:45 fwks01 ppp[37612]: Phase: deflink: his = CHAP 0x81, mine = none Jul 16 04:01:45 fwks01 ppp[37612]: Phase: Chap Input: CHALLENGE (16 bytes) Jul 16 04:01:45 fwks01 ppp[37612]: Phase: Chap Output: RESPONSE (Hyman) Jul 16 04:01:45 fwks01 ppp[37612]: Phase: Chap Input: SUCCESS (S=DC9CCD2E06D333C502626C4BAXXXYYYZZZYYY) Jul 16 04:01:45 fwks01 ppp[37612]: Phase: deflink: lcp -> open Jul 16 04:01:45 fwks01 ppp[37612]: Phase: bundle: Network
如何在后台启动pptp vpn连接?
如下启动它:
# pptp 38.96.196.94 DAL 2>/dev/null &
或使用nohup命令,该命令允许运行pptp,从shell注销后,该pptp可以在后台继续运行:
# nohup pptp 38.96.196.94 DAL 2>/dev/null &
要杀死它,请执行:
# kill -TERM `cat /var/run/tun0.pid`
或者
# kill -TERM $(cat /var/run/tun0.pid)
关于mpd的注意事项
Mpd是基于Netgraph(4)的FreeBSD多链接PPP协议的实现。
它的设计既快速又灵活。
它在用户域中处理配置和协商,同时严格在内核中路由所有数据包。
您可以将mpd用于相同的目的。
