Озаботился вопросом "Объединение сетей LAN в LAN"
Составляю HOWTO
Схема сети
VPN server$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 5.0.6 (lenny)
Release: 5.0.6
Codename: lenny
$ uname -a
Linux debian-srv.hnet.loc 2.6.26-2-686 #1 SMP Thu Sep 16 19:35:51 UTC 2010 i686 GNU/Linux
$ su -c "aptitude update ; aptitude install pptpd -y"
$ su -c "mv /etc/pptpd.conf /etc/pptpd.conf.bak -v"
$ su -c "nano /etc/pptpd.conf"
option /etc/ppp/pptpd-options-vpn
logwtmp
localip 172.31.253.254
remoteip 172.31.253.253
$ su -c "nano /etc/ppp/pptpd-options-vpn"
name PPTPD
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
$ su -c "nano /etc/ppp/chap-secrets"
# Secrets for authentication using CHAP
# client server secret IP addresses
"vpnuser" PPTPD "passw0rd" 172.31.253.253
$ su -c "/etc/init.d/pptpd restart"
$ su -c "netstat -lpant|grep pptpd"
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3790/pptpd
$ su -c "nano /etc/ppp/ip-down.d/vpndown"
#!/bin/sh
#route del -net 192.168.1.0/24 gw 172.31.253.254
$ su -c "nano /etc/ppp/ip-up.d/vpnup"
#!/bin/sh
route del -net 192.168.1.0/24
route add -net 192.168.1.0/24 gw 172.31.253.254
/sbin/iptables -D INPUT -p gre -j ACCEPT
/sbin/iptables -D OUTPUT -p gre -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -D INPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -D FORWARD -m conntrack --ctstate NEW -i ppp+ -j ACCEPT -v
/sbin/iptables -A INPUT -p gre -j ACCEPT
/sbin/iptables -A OUTPUT -p gre -m state --state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A FORWARD -m conntrack --ctstate NEW -i ppp+ -j ACCEPT -v
$ su -c "chmod +x /etc/ppp/ip-down.d/vpndown /etc/ppp/ip-up.d/vpnup -v"
pptp client$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.4 LTS
Release: 8.04
Codename: hardy
$ sudo aptitude update ; sudo aptitude install pptp-linux -y
$ sudo nano /etc/ppp/peers/vpn
pty "pptp 20.10.5.38 --nolaunchpppd"
remotename PPTP
file /etc/ppp/options.pptp.vpn
ipparam vpn
$ sudo nano /etc/ppp/options.pptp.vpn
lock
noauth
refuse-eap
refuse-chap
refuse-mschap
require-mppe-128
user vpnuser
mtu 1452
mru 1452
noipdefault
persist
maxfail 0
unit 999
$ sudo nano cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
"vpnuser" PPTP "passw0rd" "*"
$ sudo nano /etc/ppp/ip-down.d/vpndown
#!/bin/sh
route del -net 172.16.1.0/24 dev ppp999
$ sudo nano /etc/ppp/ip-up.d/vpnup
#!/bin/sh
route add -net 172.16.1.0/24 dev ppp999
$ sudo chmod +x /etc/ppp/ip-down.d/vpndown /etc/ppp/ip-up.d/vpnup -v
$ sudo nano /etc/network/interfaces
auto lo
iface lo inet loopback
#auto eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 30.20.5.75
netmask 255.255.255.0
gateway 192.168.5.1
auto eth1
iface eth1 inet static
address 192.168.1.1
netmask 255.255.255.0
post-up /etc/fw
#auto eth1:0
#iface eth1:0 inet static
#address 10.100.200.1
#netmask 255.255.255.0
auto vpn
iface vpn inet ppp
provider vpn
Пользователь решил продолжить мысль 26 Октября 2010, 13:48:13:
Пробую реализовать подобную схему на openvpn
Пользователь решил продолжить мысль 26 Октября 2010, 13:59:53:
C openvpn пока так
openvpn server
$ /usr/sbin/openvpn --version
OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Sep 18 2008
Developed by James Yonan
Copyright (C) 2002-2008 Telethra, Inc. <sales@openvpn.net>
$ su -c "grep -v "^#" /etc/openvpn/server.conf | sed -e '/^$/d'"|grep -v "^;"
dev tun
ifconfig 172.17.1.1 172.17.1.2
route 192.168.1.0 255.255.255.0
secret /etc/openvpn/s.key
port 1194
user nobody
group nogroup
comp-lzo
persist-tun
persist-key
verb 5
log /var/log/openvpn.log
$ /usr/sbin/openvpn --genkey --secret s.key
$ su -c "mv s.key /etc/openvpn -v"
$ su -c "scp -P 22 -v /etc/openvpn/s.key adm@192.168.5.75:/home/adm"
openvpn client
$ /usr/sbin/openvpn --version
OpenVPN 2.1_rc7 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] built on May 8 2009
Developed by James Yonan
Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
$ sudo mv -v /home/adm/s.key /etc/openvpn/s.key
$ sudo su -c "grep -v "^#" /etc/openvpn/client.conf | sed -e '/^$/d'"|grep -v "^;"
dev tun
remote 192.168.5.38
ifconfig 172.17.1.2 172.17.1.1
route 172.16.1.0 255.255.255.0
port 1194
comp-lzo
persist-tun
persist-key
verb 5
log /var/log/openvpn.log
secret /etc/openvpn/s.key
на виртуальных машинах работает