6. dial-up login.
Dial-up, log in to view the log of the VPN server, see the user's connection, the following is a fragment of the interception, for reference: Dec1917: 16 01max-vpnpppd [9833]: Plugin/usr/lib/pptpd-logwtmp.soloaded.Dec1917: pptpd/16: 01max-vpnpppd [9833]: pptpd-logwtmp: $ Version $ Dec1917: 16 01max-vpnpppd [9833]: pppdoptionsineffect: Dec1917: 16 01max-vpnpppd [9833]: debug # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: logfile/etc/ppp/vpn.log # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: dump # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: plugin/usr/lib/pptpd/pptpd-logwtmp.so # (fromcommandline) Dec1917: 16 01max-vpnpppd [9833]: require-mschap-v2 # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: refuse-pap # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: refuse-chap # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: refuse-mschap # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: namepptpd # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: pptpd-original-ip200.199.118.72 # (fromcommandline) Dec1917: 16 01max-vpnpppd [9833]: 115200 # (fromcommandline) Dec1917: 16 01max-vpnpppd [9833]: lock # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: local # (fromcommandline) Dec1917: 16 01max-vpnpppd [9833]: novj # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: novjccomp # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: ipparam200.199.118.72 # (fromcommandline) Dec1917: 16 01max-vpnpppd [9833]: ms-dnsxxx # [don'tknowhowtoprintvalue] # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: proxyarp # (from/etc/ppp/options.pptpd) Dec1917: 16 01max-vpnpppd [9833]: 172.16.195.1: 172.16.195.101-200 # (fromcommandline) Dec1917: 16 02max-vpnpppd [9833]: nobsdcomp # (from/etc/ppp/options.pptpd) Dec1917: 16 02max-vpnpppd [9833]: require-mppe-128 # (from/etc/ppp/options.pptpd) Dec1917: 16 02max-vpnpppd [9833]: pppd2.4.4startedbyroot, uid0Dec1917: 16 02max-vpnpppd [9833]: Usinginterfaceppp0Dec1917: 16 02max-vpnpppd [9833]: Connect: ppp0 <-->/dev/pts/1Dec1917: 16 02max-vpnpptpd [9832]: CTRL: IgnoredaSETLINKINFOpacketwithreaLACCMs! Dec1917: 16 02max-vpnpppd [9833]: Unsupportedprotocol'IPv6ControlProtovol ' (0x8057) receivedDec1917: 16 02max-vpnpppd [9833]: MPPE128-bitstatelesscompressionenabledDec1917: 16 04max-vpnpppd [9833]: CannotdetermineethernetaddressforproxyARPDec1917: 16 04max-vpnpppd [9833]: localIPaddress172.16.195.1Dec1917: 16 04max-vpnpppd [9833]: remoteIPaddress172.16.195.101Dec1917: 16 04max-vpnpppd [9833]: pptpd-logwtmp.soip-upppp0sery200.199.118.72root @ max-vpn ~] # this log indicates that there is already a from 200.199.118.72 connect to the VPN server, the account number for sery, assign to the VPN client machine address 172.16.195.101. in the dial-up machine (windows) to view their current network parameters C:\Users\sery > ipconfig/allWindowsIP configure hostname ... ... ... ....: sery-sony primary DNS suffix ... ... ... ..: node type ... ... ... ...: hybrid IP routing enabled. ....: no WINS proxy enabled ... ... ...: no DNS suffix search list ... ... ..: maxthon.netPPP adapter VPN connection: connection-specific DNS suffix .......: description ... ... ... ... ...: the physical address of the VPN connection ... ... ... ....: DHCP enabled ... ... ... ..: no automatic configuration are enabled ... ...: is the IPv4 address of ... ... ... ...: 172.16.195.101 (preferred) subnet mask ... ... ... ...: 255.255.255.255 default gateway ... ... ... ....: 0.0.0.0DNS server ... ... ... ..: 61.135.154.5159.226.240.66TCPIP NetBIOS on ...: enabled seven, set routing and IP masquerading. Although you can log in here, but because of the VPN server does not have a set of related forwarding rules, or no way to access a private network behind the vpn or VPN to access the Internet (Windows machine in the network connection icon in the status bar displays a yellow exclamation mark). Therefore you also need to complete the next steps would be truly finished — read some articles on the Internet, usually just end up here, it seems that the author is logged in the virtual environment. (A) turn on IP forwarding: modify/etc/sysctl.conf configuration file to enable net.ipv4.ip_forward = 1 (2) write a script file, routing, and its contents is as follows: root @ max-vpn ~] # more/usr/local/bin/vpn_route.sh #!/bin/bash/sbin/iptables-tnat-APOSTROUTING-s192.168.195.0/24-oeth0-jSNAT--to-source61.135.251.50/sbin/iptables-tnat-APOSTROUTING-s172.16.195.0/24-oeth1-jSNAT--to-source192.168.195.166/sbin/iptables-tnat-APOSTROUTING-oeth0-jMASQUERADE destination network/vpn's internal network as 192.168.195.0/24, the VPN server has two network adapters, one to connect public network (eth0), the IP address is another NIC 61.135.251.51 even the private network, ip is 192.168.195.166. This will properly routed network involved. Manual execution of this script, see client (windows) can access the target machine in the network: the easiest way is to ping, assumes that destination network has a 192.168.195.100 machine and allow icmp, ping192.168.195.100, normal, and then further access to the server (remote login). No problem, it adds in the power-on self restart it. For security reasons, you can add in this script more iptables rules. This article is taken from "sery" blog, be sure to keep this source http://sery.blog.51cto.com/10037/122108
No comments:
Post a Comment