ubuntu config vpn(pptp) by hand
时间:2009-08-25 来源:jinl
Configuration, by hand
obtain from your PPTP Server administrator:
the IP address or host name of the server ($SERVER),
the name you wish to use to refer to the tunnel ($TUNNEL),
the authentication domain name ($DOMAIN),
the username you are to use ($USERNAME),
the password you are to use ($PASSWORD),
whether encryption is required.
In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.
create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:
lock noauth nobsdcomp nodeflate
create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:
$DOMAIN\\$USERNAME PPTP $PASSWORD *
Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.
Note: if the passwords contain any special characters, quote them. See man pppd for more details.
create a /etc/ppp/peers/$TUNNEL file:
pty "pptp $SERVER --nolaunchpppd"
name $DOMAIN\\$USERNAME
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam $TUNNEL
Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.
start the tunnel using the pon command:
pon $TUNNEL
to further diagnose a failure, add options to the command:
pon $TUNNEL debug dump logfd 2 nodetach
Note: we have further information on enabling debug mode, and on diagnosing problems.
stop the tunnel using the poff command:
poff $TUNNEL
to script the tunnel connection so that something is done as soon as the tunnel is up, use either ip-up.d scripts or the updetach keyword.
see the Routing HOWTO for examples of ip-up.d scripting that adds routes or iptables rules.
using updetach will cause pppd to fork, detach, and exit with success once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail:
pon provider updetach && pon $TUNNEL updetach && fetchmail
Note: the double ampersand && means that the commands following it will only be executed if the command to the left of it was successful. If the tunnel fails to connect, the fetchmail will not happen.
to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.
to have the tunnel started on system boot:
for Debian Sarge and later, edit the /etc/network/interfaces file, and add this section:
auto tunnel
iface tunnel inet ppp
provider $TUNNEL
for Debian Woody, edit the /etc/ppp/no_ppp_on_boot file, remove the first line comment, and change the word provider to the name of your tunnel, so that it looks like this:
#!/bin/sh
...
$PPPD call $TUNNEL
(The line ... means the other lines in the file, it doesn't mean a line with three dots.)
Then rename the no_ppp_on_boot file and make it executable:
# mv /etc/ppp/no_ppp_on_boot /etc/ppp/ppp_on_boot
# chmod +x /etc/ppp/ppp_on_boot
Every time your computer starts, the tunnel will be started automatically.
obtain from your PPTP Server administrator:
the IP address or host name of the server ($SERVER),
the name you wish to use to refer to the tunnel ($TUNNEL),
the authentication domain name ($DOMAIN),
the username you are to use ($USERNAME),
the password you are to use ($PASSWORD),
whether encryption is required.
In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.
create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:
lock noauth nobsdcomp nodeflate
create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:
$DOMAIN\\$USERNAME PPTP $PASSWORD *
Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.
Note: if the passwords contain any special characters, quote them. See man pppd for more details.
create a /etc/ppp/peers/$TUNNEL file:
pty "pptp $SERVER --nolaunchpppd"
name $DOMAIN\\$USERNAME
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam $TUNNEL
Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.
start the tunnel using the pon command:
pon $TUNNEL
to further diagnose a failure, add options to the command:
pon $TUNNEL debug dump logfd 2 nodetach
Note: we have further information on enabling debug mode, and on diagnosing problems.
stop the tunnel using the poff command:
poff $TUNNEL
to script the tunnel connection so that something is done as soon as the tunnel is up, use either ip-up.d scripts or the updetach keyword.
see the Routing HOWTO for examples of ip-up.d scripting that adds routes or iptables rules.
using updetach will cause pppd to fork, detach, and exit with success once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail:
pon provider updetach && pon $TUNNEL updetach && fetchmail
Note: the double ampersand && means that the commands following it will only be executed if the command to the left of it was successful. If the tunnel fails to connect, the fetchmail will not happen.
to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.
to have the tunnel started on system boot:
for Debian Sarge and later, edit the /etc/network/interfaces file, and add this section:
auto tunnel
iface tunnel inet ppp
provider $TUNNEL
for Debian Woody, edit the /etc/ppp/no_ppp_on_boot file, remove the first line comment, and change the word provider to the name of your tunnel, so that it looks like this:
#!/bin/sh
...
$PPPD call $TUNNEL
(The line ... means the other lines in the file, it doesn't mean a line with three dots.)
Then rename the no_ppp_on_boot file and make it executable:
# mv /etc/ppp/no_ppp_on_boot /etc/ppp/ppp_on_boot
# chmod +x /etc/ppp/ppp_on_boot
Every time your computer starts, the tunnel will be started automatically.
相关阅读 更多 +
排行榜 更多 +
