首先是在/etc/ppp/peers下建立一个连接脚本,比如叫ztc,内容如下:
-----------/etc/ppp/peers/ztc-------------------
pty "pptp lns_bj.vip.edu.cn --nolaunchpppd"
name
remotename ztc
file /etc/ppp/options.pptp
ipparam ztc
----------------------------------------------
第一行是说把与直通车之间的pptp连接作为pppd的子进程(或者伪终端),这样,当pppd在后台运行时,应用程序产生的IP数据包先被pppd用ppp协议封装,注意这里ip源地址是local peer地址(58.207.XXX.XXX),然后该包被子进程pptp用pptp协议封装成TCP数据包后用eth0发送出去,这里外层包的源地址即eth0的ip地址(59.66.132.XXX),目的地址为直通车pptp服务器的地址(lns_bj.vip.edu.cn),包到达服务器后,服务器用他的pppt进程抽取出内层IP数据包,然后根据目的地址进行转发.逆向过程与此类似.
第二行是你直通车用户名,第三行是该ppp连接的名称,可随意指定.第四行运行自带的用于vpn的默认配置脚本,最后一行是将该ztc脚本作为参数传给/etc/ppp/ip-up脚本.ip-up在于直通车成功建立连接后运行,相应地,断开时会运行ip-down.
接下来修改 /etc/ppp/options.pptp,将mppe required,stateless注释掉就可以了,直通车不对ppp包加密.我的经验是尽量多注释,以保留最少的条目为原则.现在我的options.pptp里只有lock,noauth,nobsdcomp,nodeflate这几条.
然后修改或新建/etc/ppp/chap-secrets存放你的密码:
----------------------------------------------
# Secrets for authentication using CHAP
# client server secret IP addresses
ztc *
----------------------------------------------
这里server名必须与ztc脚本中的remotename相同.到这里vpn就配置好了,下面用pon连接:
>sudo pon ztc debug dump logfd 2 nodetach
ztc参数指定了配置脚本,debug用于观察协商过程,logfd 2使debug信息输出到控制台,nodetach让pppd像tunet那样在前台运行. dump输出你在ztc和options.pptp中的具体配置内容,回车后应会有如下输出:
----------------------------------------------
pppd options in effect:
debug # (from command line)
nodetach # (from command line)
logfd 2 # (from command line)
dump # (from command line)
noauth # (from /etc/ppp/options.pptp)
name *** # (from /etc/ppp/peers/ztc)
remotename ztc # (from /etc/ppp/peers/ztc)
# (from /etc/ppp/options.pptp)
# (from /etc/ppp/options.pptp)
pty pptp lns_bj.vip.edu.cn --nolaunchpppd # (from /etc/ppp/peers/ztc)
crtscts # (from /etc/ppp/options)
# (from /etc/ppp/options)
asyncmap 0 # (from /etc/ppp/options)
lcp-echo-failure 4 # (from /etc/ppp/options)
lcp-echo-interval 30 # (from /etc/ppp/options)
hide-password # (from /etc/ppp/options)
ipparam ztc# (from /etc/ppp/peers/ztc)
proxyarp # (from /etc/ppp/options)
nobsdcomp # (from /etc/ppp/options.pptp)
nodeflate # (from /etc/ppp/options.pptp)
noipx # (from /etc/ppp/options)
using channel 9
Using interface ppp0
Connect: ppp0 <--> /dev/pts/4
sent [LCP ConfReq id=0x1 ]
rcvd [LCP ConfReq id=0x1 ]
sent [LCP ConfAck id=0x1 ]
rcvd [LCP ConfAck id=0x1 ]
sent [LCP EchoReq id=0x0 magic=0x6400380b]
rcvd [CHAP Challenge id=0xf5 , name = "pptpd"]
sent [CHAP Response id=0xf5 <4223f091a3casdewrg810abd1e3b3b5e3f94b7cc1a0e538f357ee1fa45b866a630a04e87>,name = ***]
rcvd [LCP EchoRep id=0x0 magic=0x7fa9ac2c]
rcvd [CHAP Success id=0xf5 "S=0E7BFEBE3C66665792219C0ABF01469E16B808F3"]
CHAP authentication succeeded
sent [IPCP ConfReq id=0x1 ]
rcvd [CCP ConfReq id=0x1 ]
sent [CCP ConfReq id=0x1]
sent [CCP ConfRej id=0x1 ]
rcvd [IPCP ConfReq id=0x1 ]
sent [IPCP ConfAck id=0x1 ]
rcvd [IPCP ConfRej id=0x1 ]
sent [IPCP ConfReq id=0x2 ]
rcvd [CCP ConfAck id=0x1]
rcvd [CCP ConfReq id=0x2]
sent [CCP ConfAck id=0x2]
rcvd [IPCP ConfNak id=0x2 ]
sent [IPCP ConfReq id=0x3 ]
rcvd [IPCP ConfAck id=0x3 ]
Cannot determine ethernet address for proxy ARP
local IP address 58.207.136.150
remote IP address 58.207.255.18
Script /etc/ppp/ip-up started (pid 3116)
Script /etc/ppp/ip-up finished (pid 3116), status = 0x0
----------------------------------------------
local IP和remote IP在每次连接时可能会不一样.
此时查看接口会发现多了一个ppp0:
----------------------------------------------
>ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:E4:C0:C4:F4
inet addr:59.66.132.118 Bcast:59.66.255.255 Mask:255.255.0.0
inet6 addr: fe80::20a:e4ff:fec0:c4f4/64 Scope:Link
UP BROADCAST RUNNING ALLMULTI MULTICAST MTU:1500 Metric:1
RX packets:50735 errors:1 dropped:0 overruns:0 frame:0
TX packets:5897 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5212480 (4.9 MiB) TX bytes:694373 (678.0 KiB)
Interrupt:169
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:187 errors:0 dropped:0 overruns:0 frame:0
TX packets:187 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:18740 (18.3 KiB) TX bytes:18740 (18.3 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:58.207.184.166 P-t-P:58.207.254.18 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:1178 (1.1 KiB) TX bytes:66 (66.0 b)
----------------------------------------------
到这里就已成功建立连接,但别急着连国外网.由于路由表的default路由仍是59.66.132.1,数据包并不走ppp0这条路.下面修改路由表.此时路由表大概是这样:
>route -e
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
58.207.255.18 * 255.255.255.255 UH 0 0 0 ppp0
59.66.0.0 * 255.255.0.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 eth0
----------------------------------------------
我们要改default路由为ppp0.由于ppp0是虚接口,所以必须保证从你的机器到服务器的网路畅通,因此改变默认路由前一定要维护tunet服务器(166.111.8.10)和pptp服务器的原路由.
>sudo route add -net 59.66.0.0 netmask 255.255.0.0 dev eth0
>sudo route add -net 166.111.0.0 netmask 255.255.0.0 dev eth0
>sudo route add -net 58.207.0.0 netmask 255.255.0.0 dev eth0
>sudo route add default dev ppp0
----------------------------------------------
现在路由表变为这样
>route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
58.207.255.18 * 255.255.255.255 UH 0 0 0 ppp0
166.111.0.0 * 255.255.0.0 U 0 0 0 eth0
59.66.0.0 * 255.255.0.0 U 0 0 0 eth0
58.207.0.0 * 255.255.0.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 eth0
default * 0.0.0.0 U 0 0 0 ppp0
-----------------------------------------------------------
由于新加入的default起作用,现在除了59.66.*.*和166.111.*.*的数据包都会走ppp0了.断开连接Ctrl-c就行了,当然还得把路由表恢复原状,为省事,可将路由设置和恢复命令分别写到ip-up和ip-down中.这样就不必每次连接都手动配置路由表了,这是我/etc/ppp/ip-up末尾几句:
-------------------------------------------------------------
#add for ztc
route add -net 59.66.0.0 netmask 255.255.0.0 dev eth0
route add -net 166.111.0.0 netmask 255.255.0.0 dev eth0
route add -net 58.207.0.0 netmask 255.255.0.0 dev eth0
route add default dev ${PPP_IFACE}
-------------------------------------------------------------
/etc/ppp/ip-down 末尾的几句:
#add for ztc
route del default ${PPP_IFACE}
route del -net 59.66.0.0 netmask 255.255.0.0 eth0
route del -net 166.111.0.0 netmask 255.255.0.0 eth0
route del -net 58.207.0.0 netmask 255.255.0.0 eth0
-------------------------------------------------------------
最后可以写将sudo pon vip debug dump logfd 2 nodetach写成shell script,就可以像tunet那样用了.如, ztc.sh里写一行
sudo pon vip debug dump logfd 2 nodetach
再改权限
>sudo chmod a+x ztc.sh
>sudo chown root:root ztc.sh
>sudo chmod +s ztc.sh
以后运行ztc.sh就连上直通车了.