Overview
This article describes how to configure VPN in the Ubuntu system of ECS.
Detail
You can configure a VPN on the server or the VPN client in the Ubuntu system of the ECS instance.
Note: The configurations and descriptions provided in this article are for reference only. Alibaba Cloud is not responsible for such configurations and the problems arising therefrom.
Server Configuration
- Log on to the server and run the following command to install pptpd:
sudo apt-get install pptpd
- Run the following command to edit the configuration file:
sudo vi /etc/pptpd.conf
- Add the following content to the "TAG: localip" field, and then save and exit.
localip 192.168.0.1 remoteip 192.168.0.234-238,192.168.0.245
- Run the following command to edit the file:
sudo vi /etc/ppp/pptpd-options
- Delete before the "# ms-dns" field # Number, and modify the "DNS server" field into the following, then save and exit.
DNS server: 223.5.5.5
- In the /etc/ppp/chap-secrets file, add the account, server name, password, and IP limit.
- Edit the /etc/sysctl.conf file. Delete the icon in front of the# net.ipv4.ip_forward=1 field.# Number, then save and exit.
- Run the following command to load system parameters:
sudo sysctl-p
Note: If "net.ipv4.ip_forward = 1" is displayed after running, the modification takes effect.
- Run the following commands in sequence to create a NAT by using iptables:
sudo apt-get install iptables
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADENote: eth0 indicates network interface controller and can be viewed through the ifconfig command.
- Edit the "/etc/network/interfaces" file and add it to the "eth0/eth1.." Add the following content under the field.
pre-up iptables-restore < /etc/iptables-rules
- Run the following command to restart pptpd for the configuration to take effect:
sudo /etc/init.d/pptpd restart
VPN client configuration
- Run the following command to view the local public IP address:
curl http://members.3322.org/dyndns/getip
The following command output is returned. - Run the following command to install the pptp client.
sudo apt-get install pptp-linux
The following command output is returned. - Run the following command to initialize a VPN connection channel named test:
sudo pptpsetup --create test --server 58.xx.xx.178 --username xxx--password xxx--encrypt --start
- Run the following command to delete the default route:
sudo ip route del default
Note: If you delete the account, it will not be able to log on remotely through the management terminal.
- Run the following command to add a default route pointing to the ppp0 device:
sudo ip route add default dev ppp0
- Run the following command to check whether the IP address has been changed to that of the VPN server:
curl http://members.3322.org/dyndns/getip
- Run the following command to disable VPN:
sudo poff test
If a similar output is displayed, the information of the device is not found. - Run the following command to enable VPN:
sudo pon test
In the following command output, view the device information, which is the details of the ppp0 device. - Run the following command to delete the default route:
sudo ip route del default
- Run the following command to configure the default route so that you can connect to the ECS gateway through the local network.
sudo ip route add default via [$IP]
Note:[$IP] is the gateway of the ECS instance.
Application scope
- ECS