vpn 설치

1. pptpd 설치

rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
yum -y --enablerepo=poptop-stable install pptpd

2. 설정

# vi pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 27.125.0.1
remoteip 172.16.1.100-200,172.16.2.100-200
 

# vi options.pptpd
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
ms-dns 168.126.63.1
ms-dns 168.126.63.2
proxyarp
debug
lock
nobsdcomp
novj
novjccomp
nologfd

# vi chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
vpn1            pptpd   123123                  172.16.1.100
vpn2            pptpd   123123                  172.16.1.101

# vi ip-up.local
ifconfig $1 mtu 1476

# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type any -j ACCEPT
-A INPUT -p 50 -j ACCEPT
-A INPUT -p 51 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 2223 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1194 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -o eth0 -j ACCEPT
-A FORWARD -o eth1 -j ACCEPT
COMMIT
*nat
:POSTROUTING ACCEPT
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT

# /etc/rc.d/init.d/iptables restart
# /etc/rc.d/init.d/pptpd start

3. 윈도우 클라이언트 설정

네트워크 연결 -> 새로만들기 -> 회사네트워크에 연결 -> 가상사설망연결 -> 연결이름 -> VPN서버선택에 서버IP 입력 -> 사용자이름과 암호 입력 -> 속성 -> 보안탭 -> 데이터암호화필요 체크해제 ->네트워크탭 -> TCP/IP 속성 -> 부여받은계정에 대한 IP , DNS서버 입력 -> 확인


4. 테스트

접속하는 서버 log에 로컬PC의 IP가 아닌 vpn 서버의 IP가 기록된다.
즉, proxy와 같은 행동을 취한다.

# tail -f /var/log/lighttpd/access.log

27.125.205.1 idcjp.jp - [26/Mar/2012:18:41:55 +0900] "GET /main_flash/main_flash.swf HTTP/1.1" 200 551927 "http://idcjp.jp/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0)"

[root@hosting ~]# w
 18:49:49 up 4 days,  3:24,  1 user,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/1    27.125.205.1     18:33    0.00s  0.01s  0.00s w