在redhat4 sp3上配置pptp服务器
在redhat4 sp3上配置pptp服务器
在redhat4 sp3上配置pptp服务器(本文主要是下面参考网址的内容,比着做了一遍,放这里作为一个记录,并不是发表什么文章)
参考:http://poptop.sourceforge.net/dox/redhat-howto.phtml
http://www.pconline.com.cn/pcedu ... /0509/697099_1.html
1、确认核心版本
#uname -r
2.6.9-34.EL
版本低于2.6.15需要打补丁
从http://sourceforge.net/project/showfiles.php?group_id=44827
上下载dkms-2.0.10-1.noarch.rpm
kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm 安装内核MPPE(Microsoft Point to Point Encryption,微软点对点加密)
pptpd-1.3.3-1.rhel4.i386.rpm
ppp-2.4.3-5.rhel4.i386.rpm 安装PPP(Point-to-Point Protocol,点到点协议)
pptp-1.7.0-1.i386.rpm
安装它们
用以下命令检查内核MPPE补丁是否安装成功:
#modprobe ppp-compress-18
用以下命令检查PPP是否支持MPPE:
#strings '/usr/sbin/pppd' |grep -i mppe | wc --lines
如果以上命令输出为“0”则表示不支持;输出为“30”或更大的数字就表示支持。
修改配置文件
1.修改modules.conf文件
编辑/etc/modules.conf配置文件,加入如下内容:
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias net-pf-47 ip_gre
2.修改pptpd.conf文件
编辑/etc/pptpd.conf配置文件,添加如下内容,确定本地VPN服务器的IP地址和客户端登录后分配的IP地址范围。
ppp /usr/sbin/pppd
debug
option /etc/ppp/options.pptpd
localip 192.168.0.254 #本地VPN服务器的IP
remoteip 192.168.0.1-253 #客户端被分配的IP范围
3.修改options.pptpd文件
编辑/etc/ppp/options.pptpd配置文件,替换成如下内容:
auth
lock
debug
proxyarp
lock
name rh9vpn #VPN服务器的名字
multilink
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
refuse-mschap-v2
require-mppe
ms-wins 192.168.1.2 #把想要在网络邻居中看到的机器的IP填写到这里
ms-dns 192.168.1.2 #DNS服务器地址
dump
logfile /var/log/pptpd.log #日志存放的路径
4.修改chap-secrets文件
编辑/etc/ppp/chap-secrets配置文件,添加如下内容:
# client server secret IP addresses
"abc1" * "test" *
上面第二行代码的四项内容分别对应第一行中的四项。“abc1”是Client端的VPN用户名;“server”对应的是VPN服务器的名字,该名字必须和/etc/ppp/options.pptpd文件中指明的一样,或者设置成“*”号来表示自动识别服务器;“secret”对应的是登录密码;“IP addresses”对应的是可以拨入的客户端IP地址,如果不需要做特别限制,可以将其设置为“*”号。
5.设置IP伪装转发
只有设置了IP伪装转发,通过VPN连接上来的远程计算机才能互相ping通,实现像局域网那样的共享。用下面的命令进行设置:
#echo 1 > /proc/sys/net/ipv4/ip_forward
可以将这条命令放到文件/etc/rc.d/rc.local里面,以实现每次开机时自动运行该命令。
6.打开防火墙端口
将Linux服务器的1723端口和47端口打开,并打开GRE协议。
#/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#/sbin/iptables -A INPUT -p gre -j ACCEPT
到这里Linux服务器的设置就完成了,下面将利用Windows客户端进行测试。
如果要求外网机器通过vpn连接其它网段的机器,还要用iptable做NAT转发
在实际应用中,我的防火墙是这样设置的:
#!/bin/sh
# load any special modules
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# delete any existing chains
iptables -F
iptables -F -t nat
iptables -X
iptables -Z
# turn on ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 192.168.1.2#(VPN服务器本机地址)
奇怪的是,我把上面红色的两句注释掉,仍然能正常拔号,不知道是怎么回事?
[ 本帖最后由 hsyll 于 2006-9-29 15:18 编辑 ]
在redhat4 sp3上配置pptp服务器(本文主要是下面参考网址的内容,比着做了一遍,放这里作为一个记录,并不是发表什么文章)
参考:http://poptop.sourceforge.net/dox/redhat-howto.phtml
http://www.pconline.com.cn/pcedu ... /0509/697099_1.html
1、确认核心版本
#uname -r
2.6.9-34.EL
版本低于2.6.15需要打补丁
从http://sourceforge.net/project/showfiles.php?group_id=44827
上下载dkms-2.0.10-1.noarch.rpm
kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm 安装内核MPPE(Microsoft Point to Point Encryption,微软点对点加密)
pptpd-1.3.3-1.rhel4.i386.rpm
ppp-2.4.3-5.rhel4.i386.rpm 安装PPP(Point-to-Point Protocol,点到点协议)
pptp-1.7.0-1.i386.rpm
安装它们
用以下命令检查内核MPPE补丁是否安装成功:
#modprobe ppp-compress-18
用以下命令检查PPP是否支持MPPE:
#strings '/usr/sbin/pppd' |grep -i mppe | wc --lines
如果以上命令输出为“0”则表示不支持;输出为“30”或更大的数字就表示支持。
修改配置文件
1.修改modules.conf文件
编辑/etc/modules.conf配置文件,加入如下内容:
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias net-pf-47 ip_gre
2.修改pptpd.conf文件
编辑/etc/pptpd.conf配置文件,添加如下内容,确定本地VPN服务器的IP地址和客户端登录后分配的IP地址范围。
ppp /usr/sbin/pppd
debug
option /etc/ppp/options.pptpd
localip 192.168.0.254 #本地VPN服务器的IP
remoteip 192.168.0.1-253 #客户端被分配的IP范围
3.修改options.pptpd文件
编辑/etc/ppp/options.pptpd配置文件,替换成如下内容:
auth
lock
debug
proxyarp
lock
name rh9vpn #VPN服务器的名字
multilink
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
refuse-mschap-v2
require-mppe
ms-wins 192.168.1.2 #把想要在网络邻居中看到的机器的IP填写到这里
ms-dns 192.168.1.2 #DNS服务器地址
dump
logfile /var/log/pptpd.log #日志存放的路径
4.修改chap-secrets文件
编辑/etc/ppp/chap-secrets配置文件,添加如下内容:
# client server secret IP addresses
"abc1" * "test" *
上面第二行代码的四项内容分别对应第一行中的四项。“abc1”是Client端的VPN用户名;“server”对应的是VPN服务器的名字,该名字必须和/etc/ppp/options.pptpd文件中指明的一样,或者设置成“*”号来表示自动识别服务器;“secret”对应的是登录密码;“IP addresses”对应的是可以拨入的客户端IP地址,如果不需要做特别限制,可以将其设置为“*”号。
5.设置IP伪装转发
只有设置了IP伪装转发,通过VPN连接上来的远程计算机才能互相ping通,实现像局域网那样的共享。用下面的命令进行设置:
#echo 1 > /proc/sys/net/ipv4/ip_forward
可以将这条命令放到文件/etc/rc.d/rc.local里面,以实现每次开机时自动运行该命令。
6.打开防火墙端口
将Linux服务器的1723端口和47端口打开,并打开GRE协议。
#/sbin/iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#/sbin/iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#/sbin/iptables -A INPUT -p gre -j ACCEPT
到这里Linux服务器的设置就完成了,下面将利用Windows客户端进行测试。
如果要求外网机器通过vpn连接其它网段的机器,还要用iptable做NAT转发
在实际应用中,我的防火墙是这样设置的:
#!/bin/sh
# load any special modules
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
# delete any existing chains
iptables -F
iptables -F -t nat
iptables -X
iptables -Z
# turn on ip forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -P INPUT DROP
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
#iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#iptables -A INPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 192.168.1.2#(VPN服务器本机地址)
奇怪的是,我把上面红色的两句注释掉,仍然能正常拔号,不知道是怎么回事?
[ 本帖最后由 hsyll 于 2006-9-29 15:18 编辑 ]
作者: hsyll 发布时间: 2006-09-29
#iptables -A INPUT -p tcp --dport 47 -j ACCEPT
有个小小的疑问,目标端口是47? 我记得协议类型是47,以前用pptp的时候没听说要用47号端口啊?还是我记错了?
gre好像就是类型号为47的协议。
有个小小的疑问,目标端口是47? 我记得协议类型是47,以前用pptp的时候没听说要用47号端口啊?还是我记错了?
gre好像就是类型号为47的协议。
作者: sailer_sh 发布时间: 2006-09-30
应该是协议号
还是sailer_sh看得仔细
还是sailer_sh看得仔细
作者: wenzk 发布时间: 2006-09-30
QUOTE:
ip 0 IP # internet protocol, pseudo protocol number
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # internet group management protocol
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk>
egp 8 EGP # exterior gateway protocol
igp 9 IGP # any private interior gateway (Cisco: for IGRP)
bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring
nvp 11 NVP-II # Network Voice Protocol
pup 12 PUP # PARC universal packet protocol
argus 13 ARGUS # ARGUS
emcon 14 EMCON # EMCON
xnet 15 XNET # Cross Net Debugger
chaos 16 CHAOS # Chaos
udp 17 UDP # user datagram protocol
mux 18 MUX # Multiplexing protocol
dcn 19 DCN-MEAS # DCN Measurement Subsystems
hmp 20 HMP # host monitoring protocol
prm 21 PRM # packet radio measurement protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
trunk-1 23 TRUNK-1 # Trunk-1
trunk-2 24 TRUNK-2 # Trunk-2
leaf-1 25 LEAF-1 # Leaf-1
leaf-2 26 LEAF-2 # Leaf-2
rdp 27 RDP # "reliable datagram" protocol
irtp 28 IRTP # Internet Reliable Transaction Protocol
iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4
netblt 30 NETBLT # Bulk Data Transfer Protocol
mfe-nsp 31 MFE-NSP # MFE Network Services Protocol
merit-inp 32 MERIT-INP # MERIT Internodal Protocol
sep 33 SEP # Sequential Exchange Protocol
3pc 34 3PC # Third Party Connect Protocol
idpr 35 IDPR # Inter-Domain Policy Routing Protocol
xtp 36 XTP # Xpress Tranfer Protocol
ddp 37 DDP # Datagram Delivery Protocol
idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto
tp++ 39 TP++ # TP++ Transport Protocol
il 40 IL # IL Transport Protocol
ipv6 41 IPv6 # IPv6
sdrp 42 SDRP # Source Demand Routing Protocol
ipv6-route 43 IPv6-Route # Routing Header for IPv6
ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
idrp 45 IDRP # Inter-Domain Routing Protocol
rsvp 46 RSVP # Resource ReSerVation Protocol
gre 47 GRE # Generic Routing Encapsulation
mhrp 48 MHRP # Mobile Host Routing Protocol
bna 49 BNA # BNA
ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6
ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6
i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA
swipe 53 SWIPE # IP with Encryption
narp 54 NARP # NBMA Address Resolution Protocol
mobile 55 MOBILE # IP Mobility
tlsp 56 TLSP # Transport Layer Security Protocol
skip 57 SKIP # SKIP
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
# 61 # any host internal protocol
cftp 62 CFTP # CFTP
# 63 # any local network
sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK
kryptolan 65 KRYPTOLAN # Kryptolan
rvd 66 RVD # MIT Remote Virtual Disk Protocol
ippc 67 IPPC # Internet Pluribus Packet Core
# 68 # any distributed file system
sat-mon 69 SAT-MON # SATNET Monitoring
visa 70 VISA # VISA Protocol
ipcv 71 IPCV # Internet Packet Core Utility
cpnx 72 CPNX # Computer Protocol Network Executive
cphb 73 CPHB # Computer Protocol Heart Beat
wsn 74 WSN # Wang Span Network
pvp 75 PVP # Packet Video Protocol
br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring
sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary
wb-mon 78 WB-MON # WIDEBAND Monitoring
wb-expak 79 WB-EXPAK # WIDEBAND EXPAK
iso-ip 80 ISO-IP # ISO Internet Protocol
vmtp 81 VMTP # Versatile Message Transport
secure-vmtp 82 SECURE-VMTP # SECURE-VMTP
vines 83 VINES # VINES
ttp 84 TTP # TTP
nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP
dgp 86 DGP # Dissimilar Gateway Protocol
tcf 87 TCF # TCF
eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
ospf 89 OSPFIGP # Open Shortest Path First IGP
sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol
larp 91 LARP # Locus Address Resolution Protocol
mtp 92 MTP # Multicast Transport Protocol
ax.25 93 AX.25 # AX.25 Frames
ipip 94 IPIP # Yet Another IP encapsulation
micp 95 MICP # Mobile Internetworking Control Pro.
scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro.
etherip 97 ETHERIP # Ethernet-within-IP Encapsulation
encap 98 ENCAP # Yet Another IP encapsulation
# 99 # any private encryption scheme
gmtp 100 GMTP # GMTP
ifmp 101 IFMP # Ipsilon Flow Management Protocol
pnni 102 PNNI # PNNI over IP
pim 103 PIM # Protocol Independent Multicast
aris 104 ARIS # ARIS
scps 105 SCPS # SCPS
qnx 106 QNX # QNX
a/n 107 A/N # Active Networks
ipcomp 108 IPComp # IP Payload Compression Protocol
snp 109 SNP # Sitara Networks Protocol
compaq-peer 110 Compaq-Peer # Compaq Peer Protocol
ipx-in-ip 111 IPX-in-IP # IPX in IP
vrrp 112 VRRP # Virtual Router Redundancy Protocol
pgm 113 PGM # PGM Reliable Transport Protocol
# 114 # any 0-hop protocol
l2tp 115 L2TP # Layer Two Tunneling Protocol
ddx 116 DDX # D-II Data Exchange
iatp 117 IATP # Interactive Agent Transfer Protocol
stp 118 STP # Schedule Transfer
srp 119 SRP # SpectraLink Radio Protocol
uti 120 UTI # UTI
smp 121 SMP # Simple Message Protocol
sm 122 SM # SM
ptp 123 PTP # Performance Transparency Protocol
isis 124 ISIS # ISIS over IPv4
fire 125 FIRE
crtp 126 CRTP # Combat Radio Transport Protocol
crdup 127 CRUDP # Combat Radio User Datagram
sscopmce 128 SSCOPMCE
iplt 129 IPLT
sps 130 SPS # Secure Packet Shield
pipe 131 PIPE # Private IP Encapsulation within IP
sctp 132 SCTP # Stream Control Transmission Protocol
fc 133 FC # Fibre Channel
icmp 1 ICMP # internet control message protocol
igmp 2 IGMP # internet group management protocol
ggp 3 GGP # gateway-gateway protocol
ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
st 5 ST # ST datagram mode
tcp 6 TCP # transmission control protocol
cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk>
egp 8 EGP # exterior gateway protocol
igp 9 IGP # any private interior gateway (Cisco: for IGRP)
bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring
nvp 11 NVP-II # Network Voice Protocol
pup 12 PUP # PARC universal packet protocol
argus 13 ARGUS # ARGUS
emcon 14 EMCON # EMCON
xnet 15 XNET # Cross Net Debugger
chaos 16 CHAOS # Chaos
udp 17 UDP # user datagram protocol
mux 18 MUX # Multiplexing protocol
dcn 19 DCN-MEAS # DCN Measurement Subsystems
hmp 20 HMP # host monitoring protocol
prm 21 PRM # packet radio measurement protocol
xns-idp 22 XNS-IDP # Xerox NS IDP
trunk-1 23 TRUNK-1 # Trunk-1
trunk-2 24 TRUNK-2 # Trunk-2
leaf-1 25 LEAF-1 # Leaf-1
leaf-2 26 LEAF-2 # Leaf-2
rdp 27 RDP # "reliable datagram" protocol
irtp 28 IRTP # Internet Reliable Transaction Protocol
iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4
netblt 30 NETBLT # Bulk Data Transfer Protocol
mfe-nsp 31 MFE-NSP # MFE Network Services Protocol
merit-inp 32 MERIT-INP # MERIT Internodal Protocol
sep 33 SEP # Sequential Exchange Protocol
3pc 34 3PC # Third Party Connect Protocol
idpr 35 IDPR # Inter-Domain Policy Routing Protocol
xtp 36 XTP # Xpress Tranfer Protocol
ddp 37 DDP # Datagram Delivery Protocol
idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto
tp++ 39 TP++ # TP++ Transport Protocol
il 40 IL # IL Transport Protocol
ipv6 41 IPv6 # IPv6
sdrp 42 SDRP # Source Demand Routing Protocol
ipv6-route 43 IPv6-Route # Routing Header for IPv6
ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
idrp 45 IDRP # Inter-Domain Routing Protocol
rsvp 46 RSVP # Resource ReSerVation Protocol
gre 47 GRE # Generic Routing Encapsulation
mhrp 48 MHRP # Mobile Host Routing Protocol
bna 49 BNA # BNA
ipv6-crypt 50 IPv6-Crypt # Encryption Header for IPv6
ipv6-auth 51 IPv6-Auth # Authentication Header for IPv6
i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA
swipe 53 SWIPE # IP with Encryption
narp 54 NARP # NBMA Address Resolution Protocol
mobile 55 MOBILE # IP Mobility
tlsp 56 TLSP # Transport Layer Security Protocol
skip 57 SKIP # SKIP
ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
# 61 # any host internal protocol
cftp 62 CFTP # CFTP
# 63 # any local network
sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK
kryptolan 65 KRYPTOLAN # Kryptolan
rvd 66 RVD # MIT Remote Virtual Disk Protocol
ippc 67 IPPC # Internet Pluribus Packet Core
# 68 # any distributed file system
sat-mon 69 SAT-MON # SATNET Monitoring
visa 70 VISA # VISA Protocol
ipcv 71 IPCV # Internet Packet Core Utility
cpnx 72 CPNX # Computer Protocol Network Executive
cphb 73 CPHB # Computer Protocol Heart Beat
wsn 74 WSN # Wang Span Network
pvp 75 PVP # Packet Video Protocol
br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring
sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary
wb-mon 78 WB-MON # WIDEBAND Monitoring
wb-expak 79 WB-EXPAK # WIDEBAND EXPAK
iso-ip 80 ISO-IP # ISO Internet Protocol
vmtp 81 VMTP # Versatile Message Transport
secure-vmtp 82 SECURE-VMTP # SECURE-VMTP
vines 83 VINES # VINES
ttp 84 TTP # TTP
nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP
dgp 86 DGP # Dissimilar Gateway Protocol
tcf 87 TCF # TCF
eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
ospf 89 OSPFIGP # Open Shortest Path First IGP
sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol
larp 91 LARP # Locus Address Resolution Protocol
mtp 92 MTP # Multicast Transport Protocol
ax.25 93 AX.25 # AX.25 Frames
ipip 94 IPIP # Yet Another IP encapsulation
micp 95 MICP # Mobile Internetworking Control Pro.
scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro.
etherip 97 ETHERIP # Ethernet-within-IP Encapsulation
encap 98 ENCAP # Yet Another IP encapsulation
# 99 # any private encryption scheme
gmtp 100 GMTP # GMTP
ifmp 101 IFMP # Ipsilon Flow Management Protocol
pnni 102 PNNI # PNNI over IP
pim 103 PIM # Protocol Independent Multicast
aris 104 ARIS # ARIS
scps 105 SCPS # SCPS
qnx 106 QNX # QNX
a/n 107 A/N # Active Networks
ipcomp 108 IPComp # IP Payload Compression Protocol
snp 109 SNP # Sitara Networks Protocol
compaq-peer 110 Compaq-Peer # Compaq Peer Protocol
ipx-in-ip 111 IPX-in-IP # IPX in IP
vrrp 112 VRRP # Virtual Router Redundancy Protocol
pgm 113 PGM # PGM Reliable Transport Protocol
# 114 # any 0-hop protocol
l2tp 115 L2TP # Layer Two Tunneling Protocol
ddx 116 DDX # D-II Data Exchange
iatp 117 IATP # Interactive Agent Transfer Protocol
stp 118 STP # Schedule Transfer
srp 119 SRP # SpectraLink Radio Protocol
uti 120 UTI # UTI
smp 121 SMP # Simple Message Protocol
sm 122 SM # SM
ptp 123 PTP # Performance Transparency Protocol
isis 124 ISIS # ISIS over IPv4
fire 125 FIRE
crtp 126 CRTP # Combat Radio Transport Protocol
crdup 127 CRUDP # Combat Radio User Datagram
sscopmce 128 SSCOPMCE
iplt 129 IPLT
sps 130 SPS # Secure Packet Shield
pipe 131 PIPE # Private IP Encapsulation within IP
sctp 132 SCTP # Stream Control Transmission Protocol
fc 133 FC # Fibre Channel
作者: 河里的鱼 发布时间: 2006-09-30
是类型号,所以我在iptables把它注释掉了,网上的资料里面有那一句,实验证明,没有它也行
#iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#iptables -A INPUT -p gre -j ACCEPT 这句注释掉也行,是不是默认情况下是开着的?
#iptables -A INPUT -p tcp --dport 47 -j ACCEPT
#iptables -A INPUT -p gre -j ACCEPT 这句注释掉也行,是不是默认情况下是开着的?
作者: hsyll 发布时间: 2006-09-30
用iptables -nvL
查看,可知,默认的协议是All,既然是All,当然包含gref协议的,对不?
查看,可知,默认的协议是All,既然是All,当然包含gref协议的,对不?
作者: guliny 发布时间: 2007-01-25
我按照楼主的配完后,用XP拨号提示错误:678,远程计算机没有反应。
作者: wzknet 发布时间: 2007-11-30
照着楼主的教程做了一遍,发现把防火墙关了可以联通VPN。
而我的1723端口已经开启了,这是怎么回事?
而我的1723端口已经开启了,这是怎么回事?
作者: bqsc 发布时间: 2007-12-29
楼主。连接l2tp服务器时报721号错误,知道是什么问题吗?
作者: dywapple 发布时间: 2011-01-24