JUNIPER 防火墙 后端搭建PPTPD 服务器
来源:互联网 发布:苹果4s支持4g网络吗 编辑:程序博客网 时间:2024/05/28 05:16
PPTPD 服务器搭建略,网上很多资料。
需要特别注意的是需要 注释 /etc/pptpd.conf 里面的logwtmp
设置/etc/sysctl.conf 里面 net.ipv4.ip_forward =1 退出 sysctl -p
网上说的要打开juniper 的 ALG pptp 应用层网关,感觉是错误的。千万别勾选这个选项,不然有可能导致只有一个用户可以同时登陆。
我这里是做的MIP 外网一个固定IP地址 对应 内网一台服务器。
设置一个CUSTOMPPTP服务,
其实就是放行GRE 和 1723 端口
做策略放行ANY————》固定MIP 的 CUSTOMPPTP service。
经测试,完美。
如果是用的VIP 来做,需要放开VIP 的多端口支持。其实就是因为VIP 只有一个端口,而VPN 一个是连接端口,一个是数据传输端口。
以下为找得英文文档,没有测试。(好像不用变成ROUTE模式)
Configure Juniper SSG-5 to pass-through PPTP traffic
When it comes to configuring your SSG-5 Juniper firewall to pass-through PPTP traffic, it can be a pain in the **s. As I discovered myself after two days struggling…
So, I case you end up in the same situation, here’s my solution; How to configure the Juniper SSG-5 to pass-through PPTP trafic? Forgive me that this explanation uses the WebGUI, but it’s actually very easy.
Before starting you have to have to set VIP multi-port on. This can only be done trough the command-line interface. ArticleKB5471 from Juniper knowledge-base is describing this set-up:
set vip multi-port [Enter]
save [Enter]
reset [Enter]
First of all you have to punt your existing network interfaces in ROUTE mode, instead of NAT. If you already have policies defined, don’t panic! I will come shortly to how to fix NAT transition.
So, go to: Network > Interfaces > List and edit both trusted and untrusted interfaces, set interface mode on ROUTE.
At the untrusted interface (that’s where the internet is connected to, and you will be pointing your PPTP client to) click also on de Properties VIP.
Add a VIP entry with the [Same as the interface IP adres].
Go to Policy > Policy Elements > Services > Custom. Click the new button.
Give the service name: CustomPPTP
Add the protocol information accordingly and press OK.
Do understand; the PPTP protocol self uses TCP and port 1723. Protocol 47 (GRE) is using port 2048.
Go back to the interface configuration of your untrusted VIP settings and add a New VIP service. Select your CustomPPTP service and map it to the IP of your PPTP server:
Go to Policy > Policies and add a new policy from the UNTRUSTED zone to the TRUSTED zone:
Go to the Advanced tap (you should do this for ALL your existing policies when you’ve changed the interface settings from NAT to ROUTE!) and turn NAT Source Translation ON and press OK:
That’s all you have to do. Try connect your client to the server, all should work now.
Please note: The above IP-addresses are for example.
If you think this article was helpful or you’ve still got some questions, then please feel free to drop a comment!
- JUNIPER 防火墙 后端搭建PPTPD 服务器
- ubuntu搭建pptpd服务器
- CentOS7搭建VPN(pptpd)服务器
- pptpd vpn服务器搭建记录
- Ubuntu搭建VPN服务器pptpd安装配置
- centos 下搭建VPN服务器 pptpd
- centos 下搭建VPN服务器 pptpd(转)
- Juniper防火墙基本功能配置
- juniper防火墙软件升级
- Juniper SRX防火墙-NAT
- juniper SSG550 防火墙
- juniper防火墙端口映射
- juniper SSG5 防火墙
- 通过Amazon EC2来搭建基于pptpd协议的服务器
- centos 7搭建vpn(pptpd)服务器 (只限centos 7)
- Juniper防火墙新手教程总结
- juniper防火墙命令大全(中文)
- 把juniper防火墙的日志发送到指定的syslog服务器上去
- 朴素贝叶斯模型:文本分类+垃圾邮件分类
- CentOS7 minimal installation 上网
- Java千百问_08JDK详解(014)_如何编写JVMTI agent程序
- 面试题23:从上往下打印二叉树
- Spring学习笔记之Spring MVC 入门教程
- JUNIPER 防火墙 后端搭建PPTPD 服务器
- “爱运动管理系统”诞生记(5)
- STM32 IO口的8种方式的于说明
- BZOJ3160 万径人踪灭
- “Microsoft.Jet.OLEDB.4.0” 解决方法
- ACM 学习心得
- 算法-自然合并排序
- PHP 数据类型
- 16.2节练习