差分

この文書の現在のバージョンと選択したバージョンの差分を表示します。

--- mae3xx_tips:setup_pptp_server:start [2014/09/05 11:57]
admin
+++ mae3xx_tips:setup_pptp_server:start [2014/09/05 13:17] (現在)
admin
@@ ライン 1: / ライン 1: @@
+====== PPTP でお手軽に VPN (サーバ編) ======
+PPTP でクライアント側は動作しましたので、サーバとしても設定してみます。\\
+iPhone からも簡単にセキュアな接続ができるようになり、使い道があるかもしれません。
+参考:
+  * [[http://imoz.jp/note/vpn.html|いもす研 - VPN (PPTP) サーバの構築 (Ubuntu 14.04)]]
+  * [[http://qiita.com/Amothic/items/b253bbea78e669a14bac|Qiita - Ubuntu 14.04でpptpサーバの構築]]
+こんな情報もありました。
+  * [[http://d.hatena.ne.jp/yukimi0721/20121128/1354117329|OpenVPN使おう：DocomoのSPモードだとPPTPでVPNできないじゃん - You give me all I need.]]
+そんな場合は、OpenVPN を使う必要があります。
+\\
+===== 設定 =====
+==== pptpd パッケージの導入 ====
+ファームウェア v2.1.10β2 から、pptpd パッケージを追加しました。\\
+それ以前のバージョンの場合、apt-get により pptpd パッケージを導入します。
+<code>
+user1@plum:~$ sudo apt-get install pptpd
+</code>
+\\
+==== pptpd の設定 ====
+設定する項目としては、下記となります。
+^  File  ^  項目名  ^  内容  ^  設定例  ^  備考  |
+|/etc/pptpd.conf|localip|ローカル側 IP アドレス|  192.168.100.1  |eth0 / eth1 とバッティングしないアドレスを指定します|
+|:::|remoteip|リモート側 IP アドレス|  192.168.100.101-199  |  〃  |
+|/etc/ppp/pptpd-options|ms-dns|PPTP client に通知する DNS アドレス|  192.168.100.1  |dnsmasq を動かしているため、自分自身のアドレス|
+|:::|mtu|MTU|  1400  |切断されてしまう場合、調整(([[http://www.dbc-works.org/feedback/blog/1271505317.html|モバイルWiMAX接続経由でPPTP接続をする際の注意点 - 気まぐれメモランダム でたらめフィードバック]]))|
+|:::|mru|MRU|  1400  |  〃  |
+|/etc/ppp/chap-secrets|client/server/secret/address|ユーザ / パスワード|username pptpd password *|ユーザ数分設定します|
+\\
+=== /etc/pptpd.conf の設定 ===
+PPTP のローカル側、リモート側に割り当てる IP アドレスを設定します。
+<file conf pptpd.conf>
+###############################################################################
+# $Id$
+#
+# Sample Poptop configuration file /etc/pptpd.conf
+#
+# Changes are effective when pptpd is restarted.
+###############################################################################
+# TAG: ppp
+#	Path to the pppd program, default '/usr/sbin/pppd' on Linux
+#
+#ppp /usr/sbin/pppd
+# TAG: option
+#	Specifies the location of the PPP options file.
+#	By default PPP looks in '/etc/ppp/options'
+#
+option /etc/ppp/pptpd-options
+# TAG: debug
+#	Turns on (more) debugging to syslog
+#
+#debug
+# TAG: stimeout
+#	Specifies timeout (in seconds) on starting ctrl connection
+#
+# stimeout 10
+# TAG: noipparam
+#       Suppress the passing of the client's IP address to PPP, which is
+#       done by default otherwise.
+#
+#noipparam
+# TAG: logwtmp
+#	Use wtmp(5) to record client connections and disconnections.
+#
+logwtmp
+# TAG: bcrelay <if>
+#	Turns on broadcast relay to clients from interface <if>
+#
+#bcrelay eth1
+# TAG: delegate
+#	Delegates the allocation of client IP addresses to pppd.
+#
+#       Without this option, which is the default, pptpd manages the list of
+#       IP addresses for clients and passes the next free address to pppd.
+#       With this option, pptpd does not pass an address, and so pppd may use
+#       radius or chap-secrets to allocate an address.
+#
+#delegate
+# TAG: connections
+#       Limits the number of client connections that may be accepted.
+#
+#       If pptpd is allocating IP addresses (e.g. delegate is not
+#       used) then the number of connections is also limited by the
+#       remoteip option.  The default is 100.
+#connections 100
+# TAG: localip
+# TAG: remoteip
+#	Specifies the local and remote IP address ranges.
+#
+#	These options are ignored if delegate option is set.
+#
+#       Any addresses work as long as the local machine takes care of the
+#       routing.  But if you want to use MS-Windows networking, you should
+#       use IP addresses out of the LAN address space and use the proxyarp
+#       option in the pppd options file, or run bcrelay.
+#
+#	You can specify single IP addresses seperated by commas or you can
+#	specify ranges, or both. For example:
+#
+#		192.168.0.234,192.168.0.245-249,192.168.0.254
+#
+#	IMPORTANT RESTRICTIONS:
+#
+#	1. No spaces are permitted between commas or within addresses.
+#
+#	2. If you give more IP addresses than the value of connections,
+#	   it will start at the beginning of the list and go until it
+#	   gets connections IPs.  Others will be ignored.
+#
+#	3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
+#	   you must type 234-238 if you mean this.
+#
+#	4. If you give a single localIP, that's ok - all local IPs will
+#	   be set to the given one. You MUST still give at least one remote
+#	   IP for each simultaneous client.
+#
+# (Recommended)
+#localip 192.168.0.1
+#remoteip 192.168.0.234-238,192.168.0.245
+# or
+#localip 192.168.0.234-238,192.168.0.245
+#remoteip 192.168.1.234-238,192.168.1.245
+localip 192.168.100.1
+remoteip 192.168.100.101-199
+</file>
+\\
+=== /etc/ppp/pptpd-options の設定 ===
+PPTP client に通知する DNS アドレス、MTU/MRU を設定します。
+<file conf pptpd-options>
+###############################################################################
+# $Id$
+#
+# Sample Poptop PPP options file /etc/ppp/pptpd-options
+# Options used by PPP when a connection arrives from a client.
+# This file is pointed to by /etc/pptpd.conf option keyword.
+# Changes are effective on the next connection.  See "man pppd".
+#
+# You are expected to change this file to suit your system.  As
+# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
+###############################################################################
+# Authentication
+# Name of the local system for authentication purposes
+# (must match the second field in /etc/ppp/chap-secrets entries)
+name pptpd
+# Optional: domain name to use for authentication
+# domain mydomain.net
+# Strip the domain prefix from the username before authentication.
+# (applies if you use pppd with chapms-strip-domain patch)
+#chapms-strip-domain
+# Encryption
+# (There have been multiple versions of PPP with encryption support,
+# choose with of the following sections you will use.)
+# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o
+# {{{
+refuse-pap
+refuse-chap
+refuse-mschap
+# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
+# Challenge Handshake Authentication Protocol, Version 2] authentication.
+require-mschap-v2
+# Require MPPE 128-bit encryption
+# (note that MPPE requires the use of MSCHAP-V2 during authentication)
+require-mppe-128
+# }}}
+# Network and Routing
+# If pppd is acting as a server for Microsoft Windows clients, this
+# option allows pppd to supply one or two DNS (Domain Name Server)
+# addresses to the clients.  The first instance of this option
+# specifies the primary DNS address; the second instance (if given)
+# specifies the secondary DNS address.
+# Attention! This information may not be taken into account by a Windows
+# client. See KB311218 in Microsoft's knowledge base for more information.
+#ms-dns 10.0.0.1
+#ms-dns 10.0.0.2
+ms-dns 192.168.100.1
+# If pppd is acting as a server for Microsoft Windows or "Samba"
+# clients, this option allows pppd to supply one or two WINS (Windows
+# Internet Name Services) server addresses to the clients.  The first
+# instance of this option specifies the primary WINS address; the
+# second instance (if given) specifies the secondary WINS address.
+#ms-wins 10.0.0.3
+#ms-wins 10.0.0.4
+# Add an entry to this system's ARP [Address Resolution Protocol]
+# table with the IP address of the peer and the Ethernet address of this
+# system.  This will have the effect of making the peer appear to other
+# systems to be on the local ethernet.
+# (you do not need this if your PPTP server is responsible for routing
+# packets to the clients -- James Cameron)
+proxyarp
+# Normally pptpd passes the IP address to pppd, but if pptpd has been
+# given the delegate option in pptpd.conf or the --delegate command line
+# option, then pppd will use chap-secrets or radius to allocate the
+# client IP address.  The default local IP address used at the server
+# end is often the same as the address of the server.  To override this,
+# specify the local IP address here.
+# (you must not use this unless you have used the delegate option)
+#10.8.0.100
+# Debian: do not replace the default route
+nodefaultroute
+# Logging
+# Enable connection debugging facilities.
+# (see your syslog configuration for where pppd sends to)
+#debug
+# Print out all the option values which have been set.
+# (often requested by mailing list to verify options)
+#dump
+# Miscellaneous
+# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
+# access.
+lock
+# Disable BSD-Compress compression
+nobsdcomp
+# Disable Van Jacobson compression
+# (needed on some networks with Windows 9x/ME/XP clients, see posting to
+# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,
+# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )
+novj
+novjccomp
+# turn off logging to stderr, since this may be redirected to pptpd,
+# which may trigger a loopback
+nologfd
+# put plugins here
+# (putting them higher up may cause them to sent messages to the pty)
+mtu 1400
+mru 1400
+</file>
+\\
+=== /etc/ppp/chap-secrets の設定 ===
+Client 用のアカウント・パスワードを設定します。
+<file conf chap-secrets>
+# Secrets for authentication using CHAP
+# client	server	secret			IP addresses
+"mopera"	*	"mopera"
+username pptpd password *
+</file>
+\\
+==== Firewall の設定 ====
+\\
+===== pptpd の起動 =====
+\\
+===== 接続確認 =====
+\\

MA-X/MA-S/MA-E/IP-K Developers' WiKi

ユーザ用ツール

サイト用ツール

差分

ページ用ツール