ubuntu 16.04 build pptpd V** server

This article is automatically synchronized by Tencent Cloud + Community, the original address https://stackoverflow.club/article/pptpd-V**-on-ubuntu/

background#

Normal people’s Internet access starts by spending money on broadband, not normal people. For example, programmers’ Internet access starts from self-reliance.

• Our intranet machines are often unable to access the Internet, and there is no help from the IT department, so we have to install a V** and forward the traffic to the machines that can access the Internet;
• The server on the intranet does not want to be exposed on the public network, such as the company's oa system, what about people who are on business trips? Build a V** server to meet the needs of Go home and see anytime, anywhere.

Claim#

V** servers are usually built on Linux systems, and Ubuntu 16.04 is recommended.

step#

Install PPTPD Service##

sudo apt-get update
sudo apt-get install pptpd

Configure pptpd.conf

sudo vim /etc/pptpd.conf
# Ensure the configuration of the following options
option /etc/ppp/pptpd-option                    #Specify the location of the PPP options file
debug                                           #Enable debug mode
localip 192.168.0.1                             #V**Virtual IP of the server
remoteip 192.168.0.200-238,192.168.0.245        #Assigned to V**Virtual IP of the client

Configure PPP

sudo vim /etc/ppp/pptpd-options
# Ensure the configuration of the following options
name pptpd                      #pptpd service name
refuse-pap                      #Reject the pap authentication mode
refuse-chap                     #Reject chap authentication mode
refuse-mschap                   #Reject mschap authentication mode
require-mschap-v2               #Allow mschap-v2 authentication mode
require-mppe-128                #Allow mppe 128-bit encryption authentication mode
ms-dns 8.8.8.8                  #Use Google DNS
ms-dns 8.8.4.4                  #Use Google DNS
proxyarp                        #arp proxy
debug                           #Debug mode
dump                            #Print out all configuration information when the service starts
lock                            #Lock TTY device
nobsdcomp                       #Disable BSD compression mode
logfile /var/log/pptpd.log      #Output log file location

Add user##

sudo vim /etc/ppp/chap-secrets
# Format: ip address assigned by username, service type, password
test    *1234*
# First*The representative service can be PPTPD or L2TPD, the second*Represents random allocation of ip

Restart PPTPD service##

sudo service pptpd restart

Configure network and routing rules to forward ipv4

sudo sed -i 's/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=1/g'/etc/sysctl.conf
sudo sysctl -p

Set up iptables NAT forwarding

# Note that wlp4s0b1 represents your external network card, please use ifconfig to view or consult the network administrator
sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/24-o wlp4s0b1 -j MASQUERADE

Configure MTU to forward large data packets and increase network speed

sudo iptables -I FORWARD -s 192.168.0.0/24-p tcp --syn -i ppp+-j TCPMSS --set-mss 1300

• Note: After actual measurement, after configuring iptables NAT forwarding, the mobile phone can access the Internet, but the computer cannot. After configuring the MTU, both computers and mobile phones can access the Internet. *

My test conditions:

• Mobile phone: nubia z9 max (NX512J), Android 5.1.1, QQ browser
• Computer: Lenovo Xiaoxinrui 7000, win10, chrome browser client host configuration:

Set V** according to the normal process, and fill in the campus network address where the service host is located for the server address.

TroubleShooting：

If the V** connection is wrong, it may be a firewall problem, turn off the firewall

sudo ufw disable

You can refer to [Official pptp description] (http://pptpclient.sourceforge.net/howto-diagnosis.phtml#eap_response) to troubleshoot the problem.

Or refer to [here] (https://www.polarxiong.com/archives/ubuntu-ufw-V**-can-not-connect-internet.html) to allow port 1723 and other ports that may need to be opened.