All Products
Search

This Product

    :How to configure VPN in the Ubuntu system of an ECS instance

    Document Center

    :How to configure VPN in the Ubuntu system of an ECS instance

    Last Updated:Dec 28, 2020

    Overview

    This article describes how to configure VPN in the Ubuntu system of ECS.

     

    Detail

    You can configure a VPN on the server or the VPN client in the Ubuntu system of the ECS instance.

    Note: The configurations and descriptions provided in this article are for reference only. Alibaba Cloud is not responsible for such configurations and the problems arising therefrom.

     

    Server Configuration

    1. Log on to the server and run the following command to install pptpd: 
      sudo apt-get install pptpd
    2. Run the following command to edit the configuration file: 
      sudo vi /etc/pptpd.conf
    3. Add the following content to the "TAG: localip" field, and then save and exit. 
      localip 192.168.0.1 remoteip 192.168.0.234-238,192.168.0.245
    4. Run the following command to edit the file: 
      sudo vi /etc/ppp/pptpd-options
    5. Delete before the "# ms-dns" field # Number, and modify the "DNS server" field into the following, then save and exit. 
      DNS server: 223.5.5.5
    6. In the /etc/ppp/chap-secrets file, add the account, server name, password, and IP limit.
    7. Edit the /etc/sysctl.conf file. Delete the icon in front of the# net.ipv4.ip_forward=1 field.# Number, then save and exit.
    8. Run the following command to load system parameters: 
      sudo sysctl-p
      Note: If "net.ipv4.ip_forward = 1" is displayed after running, the modification takes effect.
    9. Run the following commands in sequence to create a NAT by using iptables: 
      sudo apt-get install iptables 
      iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
      Note: eth0 indicates network interface controller and can be viewed through the ifconfig command.
    10. Edit the "/etc/network/interfaces" file and add it to the "eth0/eth1.." Add the following content under the field. 
      pre-up iptables-restore < /etc/iptables-rules
    11. Run the following command to restart pptpd for the configuration to take effect:
      sudo /etc/init.d/pptpd restart

     

    VPN client configuration

    1. Run the following command to view the local public IP address: 
      curl http://members.3322.org/dyndns/getip
      The following command output is returned.


    2. Run the following command to install the pptp client.
       
      sudo apt-get install pptp-linux
      The following command output is returned.

    3. Run the following command to initialize a VPN connection channel named test: 
      sudo pptpsetup --create test --server 58.xx.xx.178 --username xxx--password xxx--encrypt --start
    4. Run the following command to delete the default route: 
      sudo ip route del default
      Note: If you delete the account, it will not be able to log on remotely through the management terminal.
    5. Run the following command to add a default route pointing to the ppp0 device:
      sudo ip route add default dev ppp0

    6. Run the following command to check whether the IP address has been changed to that of the VPN server: 
      curl http://members.3322.org/dyndns/getip
    7. Run the following command to disable VPN: 
      sudo poff test
      If a similar output is displayed, the information of the device is not found.

    8. Run the following command to enable VPN: 
      sudo pon test
      In the following command output, view the device information, which is the details of the ppp0 device.

    9. Run the following command to delete the default route: 
      sudo ip route del default
    10. Run the following command to configure the default route so that you can connect to the ECS gateway through the local network.
      sudo ip route add default via [$IP]
      Note:[$IP] is the gateway of the ECS instance.

     

    Application scope

    • ECS