1. Устанавливаем pptp-1.7.0 #
http://10.1.32.6/doc/pptp_linux/pptp-1.7.0.tar.gz
2. Создаем каталог /etc/ppp/peers #пустой
3. Забираем скрипт pptp-command #
http://10.1.32.6/doc/pptp_linux/pptp-command
и кладем его в /usr/sbin, делаем его исполняемым, владелец - root, права все-таки лучше 744
(т.е. для других - только чтение)
4. Проверяем содержание файла /etc/ppp/options
# /etc/ppp/options
#
lock
noauth
defaultroute
usepeerdns
5. Проверяем содержание /etc/ppp/options.pptp
# Lock the port
#
lock
#
# We don't need the tunnel server to authenticate itself
#
noauth
#
# Turn off transmission protocols we know won't be used
#
nobsdcomp
nodeflate
#
# We want MPPE
# (option naming specific to ppp 2.4.0 with unofficial patch)
#
#mppe-40
#mppe-128
#mppe-stateless
# needed for W2K3 anyway
#refuse-eap
#
# We want a sane mtu/mru
#
#mtu 1000
#mru 1000
#
# Time this thing out of it goes poof
#
#lcp-echo-failure 10
#lcp-echo-interval 10
6. Запускаем pptp-command setup и настраиваем туннель:
root@segmenta:~# pptp-command setup
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 2 #ввести
1.) List CHAP secrets
2.) Add a New CHAP secret
3.) Delete a CHAP secret
4.) Quit
?: 2 #ввести
Add a NEW PAP secret.
NOTE: Any backslashes (\) must be doubled (\\).
Local Name:
This is the 'local' identifier for PAP authentication.
NOTE: If the server is a Windows NT machine, the local name
should be your Windows NT username including domain.
For example:
domain\\username
Local Name: <ваш логин>
Remote Name:
This is the 'remote' identifier for PAP authentication.
In most cases, this can be left as the default. It must be
set if you have multiple PAP secrets with the same local name
and different passwords. Just press ENTER to keep the default.
Remote Name [PPTP]:<enter>
Password:
This is the password or PAP secret for the account specified. The
password will not be echoed.
Password:<ваш пароль>
Adding secret <ваш логин> PPTP *****
1.) List CHAP secrets
2.) Add a New CHAP secret
3.) Delete a CHAP secret
4.) Quit
?: 4 #ввести
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 4 #ввести
Add a NEW PPTP Tunnel.
1.) Other
Which configuration would you like to use?: 1 #ввести
Tunnel Name: <имя туннеля> #Произвольное (yнапример netline)
Server IP: <IP vpn - сервера> # (10.1.1.10)
What route(s) would you like to add when the tunnel comes up?
This is usually a route to your internal network behind the PPTP server.
You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file
TUNNEL_DEV is replaced by the device of the tunnel interface.
DEF_GW is replaced by the existing default gateway.
The syntax to use is the same as the route(Cool command.
Enter a blank line to stop.
route:<enter>
Local Name and Remote Name should match a configured CHAP or PAP secret.
Local Name is probably your NT domain\username.
NOTE: Any backslashes (\) must be doubled (\\).
Local Name: <ваш логин>
Remote Name [PPTP]:<enter>
Adding <имя туннеля> - <IP vpn - сервера> - <ваш логин> - PPTP
Added tunnel <имя туннеля>
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 8 #ввести
root@segmenta:~# route add -host <IP vpn-сервера> gw <IP внутренней сети> #Добавляем маршрут до vpn - сервера
root@segmenta:~# route del default #Удаляем дефолтный маршрут
root@segmenta:~# pptp-command start <имя туннеля> #Запускаем туннель
All routes added.
Tunnel <имя туннеля> is active on ppp0. IP Address: <ваш IP - адрес> #Соединение установлено
root@segmenta:~# pptp-command stop #Останавливаем туннель
Sending HUP signal to PPTP processes...
root@segmenta:~# route add default gw <IP внутренней сети> #Поднимаем сеть
root@segmenta:~#
PS 1. Сеть поднять можно и перезапуском /etc/rc.d/rc.inet1
2. Чтобы не париться, можно наборы команд на запуск и останов туннеля сделать в виде скриптов
3. Работает во всех дистрах
Вот и все!