Overview of VPN
- virtual Private Network (VPN)
to establish a dedicated private network over a public network, encrypting communications
across multi-subsidiary for the company to establish a connection
after the connection is completed, a subsidiary of the various regions can be the same as a local area network communications
in the enterprise there are a wide range of network applications
mainstream vpn technology (GRE PPTP LCTP + IPSEC SSL)
gre vpn template
lsmod #激活vpn 在linux 内核里是支持VPN技术的但是默认是没有激活的所以是所有我们需要先激活用命令 lsmod 命令激活。
lsmod | grep ip_gre #查看gre模块 用lsmod 加模块名
modprobe ip_gre #启动gre模块 用modprobe 加模块名。
##所有文件扩展名都是 .ko. 的扩展名 如果想看有多少模块可以用find查找。
##想激活模块就把模块扩展名去掉用modprode 就可以了
##所有模块都在 /lib/modules/3.10.0-862.el7.x86_64/kernel/ 目录下。
modinfo gre ip_gre #modinfo 加模块名是用来查看模块详细信息的。
ip tunnel add "隧道名" mode "隧道模式" remote "对方ip地址" local 本机ip地址 # ip tunnel add创建隧道(隧道名称为tun0),ip tunnel help可以查看帮助 mode 设置隧道使用gre模式 local 后面跟本机的IP地址,remote后面是与其他主机建立隧道的对方IP地址。
ip link show #查看隧道状态如果是down状态就要up 一下激活隧道命令如下。
ip link set 隧道名 up #用这一条命令激活隧道网卡。
ip addr add "自己的ip" peer "对方的ip" #给隧道配上自己的私网ip。
pptpd template vpn
This template Linux is not going to go elsewhere to find.
You must modify the configuration files after they had found a good package.
/etc/pptpd.conf # pptpd This is the main configuration file, you can view it with rpm -qc pptpd what configuration file.
## pieces into the last row of the configuration asked directly jump to file G
## written localip "Native ip" change one line in a write remoteip - like a "tunnel to use the network segment ip address pool" This DHCP same effect, automatically assigned ip.
/etc/ppp/options.pptpd # This configuration can ask members to modify this require_mppe-128 has its own configuration file find the line is the same as it would not have changed a word is used 128-bit encryption there is a ms-dns 8.8.8.8 this depends on your own configuration file has its own look.
/ etc / ppp / chap-secrets # this is to modify account profiles
User Name Server Password client ip
## where the name of the server and the client ip we can by * So long as the account name and password of a can connect the specify the server ip and then just a mistake on Rom.
After it is finished to restart the service service name pptpd.