在VPS上搭建PPTP VPN和L2TP/IPSec VPN教程(附免费一月VPN帐号)
How To Set Up A VPN In A VPS
Want to set up a VPN yourself instead to use others’? This post will show you a very simple way to do that, and what you need is a computer and a VPS.
The following steps are based on the Terminal application of Mac, for Linux, the steps will be nearly the same, and for Windows, you need to install the Putty tool to run those commands. Here we go:
1. Buy a VPS
To start off, you need to buy an Xen (not OpenVZ) VPS, and choose to install a Ubuntu operating system.
By the way, during the buying process, you need to enter a domain, which can be any one if you just need to set up a VPN in the VPS.
P.S.:
The prices of VPS machines are not cheap (usually over $5 per month), you can search Google and find a suitable one.
2. Connect to your VPS
Run your Terminal, and enter the following command:
ssh root@xxx.xxx.xxx.xxx
Just replace “xxx.xxx.xxx.xxx” with your VPS’ IP, such as “178.18.17.212”.
Then you will see the following message:
Are you sure you want to continue connecting (yes/no)?
Enter “yes” and press the “Return” key, then, enter your password and press the “Return” key.
P.S.:
If you’ve rebuilt your VPS, you may meet the following error:
Host key verification failed.
In that case, enter the following command at first:
ssh-keygen -R xxx.xxx.xxx.xxx
Remember to replace “xxx.xxx.xxx.xxx” with your VPS’ IP address.
3. Install PPTPD
Copy and paste the following command:
apt-get install pptpd
Then you will see the following message:
Do you want to continue [Y/n]?
Press the “Y” key and then the “Return” key.
4. Edit the VPN interface IP addresses
Copy and paste the following command:
nano /etc/pptpd.conf
Press the “Return” key, scroll down the cursor with the Down arrow key to the end and find the following codes:
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
Put the cursor after the 2 “#” symbols and press the “Delete” key to remove them.
Press the “Control” & “X” keys, and press the “Y” key, then press the “Return” key to save your revision.
P.S.:
By the way, you can also use the “Vi” command instead of “Nano”, but more difficult.
5. Edit DNS addresses
Copy and paste the following command:
nano /etc/ppp/pptpd-options
Press the “Return” key and scroll down the cursor with the Down arrow key to the following codes:
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
Change the above codes to the following ones:
ms-dns 8.8.8.8
ms-dns 8.8.4.4
(Tips: You can also copy the above codes and paste it under the original ones.)
After that, press the “Control” & “X” key, and press the “Y” key, then press the “Enter” key to save your revision.
P.S.:
The above are Google’s Public DNS IP addresses, you can also replace them with OpenDNS: 208.67.222.222 & 208.67.220.220.
6. Add VPN accounts
Copy and paste the following command:
nano /etc/ppp/chap-secrets
Press the “Return” key and enter the following information:
username pptpd password *
For example:
freenuts pptpd 123456 *
(P.S.: You need to press the Tab key to make a pace among each value.)
After that, press the “Control” & “X” keys, and press the “Y” key, then press the “Return” key to save your revision.
7. Forward IPv4
Copy and paste the following command:
nano /etc/sysctl.conf
Press the “Return” key and then press the Down arrow key to move the cursor to the following line:
#net.ipv4.ip_forward=1
Move the cursor to the end of the “#” symbol and remove it with the “Delete” key.
Press the “Control” & “X” keys, and press the “Y” key, then press the “Enter” key to save your revision.
8. Apply the forward
Your forward change won’t be active immediately, and you need to apply it with the following commend:
sysctl -p
If everything is correct, then you can see the following result:
net.ipv4.ip_forward = 1
9. Allow the routing
Copy and paste the following command:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
Press the “Return” key.
10. Restart PPTPD
Copy and paste the following command:
/etc/init.d/pptpd restart
Press the “Return”key, then you can use your VPN with the username and password you’ve set before.
P.S.:
It may be not available for you to connect to a PPTP VPN in Mac Air OS X 10.6 due to an unknown bug.
Bonus:
The following is a PPTP VPN account created in a 2Host VPS according to the above 10 steps:
Server Address: 178.18.17.212
Account Name: freenuts
Password: 123456
The above VPN will be free and available for a month, and you can check out this post for how to use it in your computer and mobile phone.
来源:http://freenuts.com/how-to-set-up-a-vpn-in-a-vps/
==============================================================================
How To Set Up A L2TP/IPSec VPN In A VPS
As mentioned before, PPTP VPN may be not workable for Mac OS X, at least mine, so that I have to use L2TP/IPSec (L2TP over IPSec) VPN.
This post will show you how to set up a L2TP/IPSec VPN in a VPS, and what you need are a VPS and a computer. Same as the PPTP tutorial, the following steps are based on the Terminal application of Mac, for Linux, the steps will be nearly the same, and for Windows, you need to install Putty first.
By the way, make sure you are using Ubuntu 11.04, since the lower versions (at least Ubuntu 10.04 LTS Lucid 64Bit) may be not workable. Here we go:
I. Connect to your VPS
Run your Terminal, and enter the following command:
ssh root@xxx.xxx.xxx.xxx
Just replace “xxx.xxx.xxx.xxx” with your VPS’ IP, such as “178.18.17.30”.
Then you will see the following message:
Are you sure you want to continue connecting (yes/no)?
Enter “yes” and press the “Return” key, then, enter your password and press the “Return” key.
P.S.:
If you’ve rebuilt your VPS, you may meet the following error:
Host key verification failed.
In that case, enter the following command at first:
ssh-keygen -R xxx.xxx.xxx.xxx
Remember to replace “xxx.xxx.xxx.xxx” with your VPS’ IP address.
II. Install OpenSwan
Although you can enter the command “aptitude install openswan” to install OpenSwan directly, it was not workable during my test in two different VPS, so you’d better get OpenSwan from its official website and install.
1. Enter the following command:
aptitude install build-essential
Press the “Return” key, then enter “y” and press the “Return” key again.
2. Enter the following command:
aptitude install libgmp3-dev gawk flex bison
Press the “Return” key, then enter “y” and press the “Return” key again.
3. Enter the following command:
wget http://www.openswan.org/download/openswan-2.6.35.tar.gz
Press the “Return” key.
4. Enter the following command:
tar xzvf openswan-2.6.35.tar.gz
Press the “Return” key.
5. Enter the following command:
cd openswan-2.6.35
Press the “Return” key.
6. Enter the following command:
make programs
Press the “Return” key.
7. Enter the following command:
make install
Press the “Return” key.
P.S.:
a. 2.6.35 is the latest version now, and you can check the OpenSwan website to see if there is a new version later, if yes, you can use it instead of this one.
b. When it says “Enter” something, you can always copy and paste it.
III. Edit IPSec
While OpenSwan is used for IPSec, IPSec is used for L2TP.
1. Enter the following command:
vi /etc/ipsec.conf
Press the “Return” key,enter “dG” to delete all the existing contents, and press the “i” key, then copy and paste the following ones:
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
oe=off
protostack=netkey
conn %default
forceencaps=yes
conn L2TP-PSK-NAT
rightsubnet=vhost:%priv
also=L2TP-PSK-noNAT
conn L2TP-PSK-noNAT
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
ikelifetime=8h
keylife=1h
type=transport
left=YOUR.VPS.IP.ADDRESS
leftprotoport=17/1701
right=%any
rightprotoport=17/%any
Remember to change YOUR.VPS.IP.ADDRESS to your VPS’ IP address, such as 178.18.17.30 for this post. To do so, press the “ESC” key to quit the insert mode, move the cursor to the “Y” letter, press the “i” key, enter your IP address, then press the “ESC” key, and move the cursor over the “YOUR.VPS.IP.ADDRESS” characters to delete them one by one by pressing the “x” key. Or you can edit the contents with Notepad or Stickies and paste them into your Terminal without any edition later.
After that, enter “:wq”, then press the “Return” key to save.
P.S.:
You need to press the “i” key before you insert anything, and press the “ESC” key to quit the insert mode, or there will be something wrong.
2. Enter the following command:
vi /etc/ipsec.secrets
Press the “Return” key, and press the “i” key, then enter the following content:
YOUR.VPS.IP.ADDRESS %any: PSK “YourSharedSecret”
For example:
178.18.17.30 %any: PSK “123456abcdef”
(Tips: You need to press the Tab key to make a pace among each value.)
Then press the “ESC” key, enter “:wq”, and press the “Return” key to save.
3. Enter the following commands one by one:
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
Remember to press the “Return” key after every command.
4. Enter the following command:
service ipsec restart
And then press the “Return” key.
P.S.:
Enter “ipsec verify”, press the “Return” key, if everything is right, then you will see the results as the following image:
If not, double check the above steps, especially the “ipsec.conf” settings.
IV. Install L2TP
Based on IPSec, L2TP is used for VPN.
1. Enter the following command:
cd ..
Press the “Return” key and go back to the root.
2. Enter the following command:
aptitude install xl2tpd
Press the “Return” key, enter “y” and press the “Return” key again.
3. Enter the following command:
vi /etc/xl2tpd/xl2tpd.conf
And enter “dG” to delete all the existing contents, then press the “i” key, and paste the following contents:
[global]
; listen-addr = 192.168.1.98[lns default]
ip range = 10.1.1.2-10.1.1.255
local ip = 10.1.1.1
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options.xl2tpd
length bit = yes
Then press the “ESC” key, enter “:wq”, and press the “Return” key to save.
V. Set up xl2tpd
Supposed that your VPS has PPP support already, if not, enter “aptitude install ppp” before the following steps:
1. Enter the following command:
vi /etc/ppp/options.xl2tpd
Press the “Return” key, and press the “i” key, then paste the following codes:
require-mschap-v2
ms-dns 8.8.8.8
ms-dns 8.8.4.4
asyncmap 0
auth
crtscts
lock
hide-password
modem
debug
name l2tpd
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
Then press the “ESC” key, enter “:wq”, and press the “Return” key to save it.
P.S.:
You can also replace 8.8.8.8 & 8.8.4.4 with 208.67.222.222 & 208.67.220.220.
2. Enter the following command:
vi /etc/ppp/chap-secrets
Press the “Return” key, then press the “i” key to enter the following contents:
username l2tpd password *
For example:
freenuts l2tpd 123456 *
Again, remember to use the “tab” key for a space, and enter “:wq” to save it.
3. Enter the following command:
service xl2tpd restart
Press the “Return” key.
VI. IP forward
This step will let your VPN connect with the whole internet world:
1. Enter the following command:
vi /etc/sysctl.conf
Press the “Return” key, find the line of “#net.ipv4.ip_forward=1” and remove the “#” by pressing the “x”, then press “ESC”, enter “:wq” to save it.
2. Enter the following command:
sysctl -p
Press the “Return” key, then you will only see “net.ipv4.ip_forward=1” as the result if everything is right.
3. Enter the following command:
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
Now, you can connect your L2TP/IPSec VPN and use it to get access to any blocked sites, but if you reboot your VPS, your forwarding settings will be gone, to avoid this, you can enter the following command:
vi /etc/rc.local
Press the “Return” key and paste the following contents before the “exit 0” line:
for each in /proc/sys/net/ipv4/conf/*
do
echo 0 > $each/accept_redirects
echo 0 > $each/send_redirects
done
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j MASQUERADE
/etc/init.d/ipsec restart
Save it, then you are done.
Bonus:
The following is a L2TP/IPSec VPN account created in a 2Host VPS according to the above tutorials:
Server Address: 178.18.17.30
Account Name: freenuts
Password: 123456
Shared Secret: 123456abcdef
The above VPN will be free and available for a month, and you can check out this post for how to use it in your computer and mobile phone.
来源:http://freenuts.com/how-to-set-up-a-l2tpipsec-vpn-in-a-vps/
英文文章看起来就是有难度