Steps:
1. The first step is to install PPTP to provide VPN service.
sudo apt-get install pptpd
If there is a problem, such as the prompt cannot be found, apt-get update should be enough, and then try again The installation will be completed automatically.
2. After installation, we need to configure it so that it can be used.
sudo vi /etc/pptpd.conf
Uncomment the following 2 lines and modify it to the vpn network segment set by yourself:
localip 219.224.167.201
remoteip 192.168.150.234-238
are the IPs used by the host and the client after connecting through the VPN, which can be modified by yourself. Note that this IP will also be used below.
3. Then we need to assign an account to ourselves.
sudo vi /etc/ppp/chap-secrets
This is a user list file, add an account in the following format
"username" pptpd "password" *
username is your username, password is your password, enclosed in quotation marks, and the last * sign means that you are allowed to connect to the service from any IP
4. At this point, the service is ready. If you sudo service pptpd restart, you should be able to connect to the VPN, but after connecting, you will find that you can't access the external network. If you need to connect to the internal network VPN, you don't need to. this step. He needs to be able to access the Internet. First,
sudo vi /etc/ppp/pptpd-options
find ms-dns, uncomment it, and change it to your favorite DNS such as 8.8.8.8, 8.8.4.4
5. Then we have to enable kernel IP forwarding
sudo vi /etc/sysctl.conf
Uncomment the line net.ipv4.ip_forward=1, and then execute
sudo sysctl -p
to make the modified file configuration take effect immediately.
6. Then we need to install iptables to implement the requested NAT forwarding
sudo apt-get install iptables
Then enable NAT forwarding.
sudo iptables -F
sudo iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o eth0 -j MASQUERADE
sudo iptables -t nat -A POSTROUTING -s 192.168.150.0/24 -o br0 -j MASQUERADE (if there is a virtual bridge br0)
192.168.150.0/24 is the IP segment you set above, let this segment forward, note that eth0 is the network card you connect to the external network, not necessarily 0 or 1 or depending on which network card your machine is connected to. network. In this way, things from the external network are requested by NAT. If you don't know which network card of your machine is connected to the external network, ifconfig can see which network card is the external network IP.
7. Finally, we need to restart the service for the configuration to take effect.
sudo service pptpd restart
Now you can connect to the VPN to get the address of the intranet 150 network segment.
Check if anyone is connected to the vpn:
# netstat -anpt|grep pptpd
or
# ifconfig can also see that there are ppp0/ppp1, etc.
This article is similar, except that the routing rules are stored and the network card is set to load https://linux.cn/article-3376-1.html