今天来介绍一下Ubuntu服务器安装PPTP服务来搭建一台×××××× Server, 然后用nscd 和dnsmasq 实现缓存加速。
首先来安装pptp
sudo agpt-get install pptpd
需要更改的文件有/etc/pptpd.conf
[root@shanker:~/shanker08:02]#grep -E -v '^#|^$' /etc/pptpd.conf option /etc/ppp/options.pptpd logwtmp localip 192.168.2.1 remoteip 192.168.2.10-100
localip是指pptp *** 使用的虚拟ip,remoteip就是客户端使用的***的ip段。
下面是PPP选项配置文件
[root@shanker:~/shanker08:17]#grep -E -v '^#|^$' /etc/ppp/options.pptpd name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp nodefaultroute lock nobsdcomp novj novjccomp nologfd
然后添加一下用户名和密码
[root@shanker:~/shanker08:18]#grep -E -v '^#|^$' /etc/ppp/chap-secrets shanker pptpd passwd *
开启网络转发,设置iptables NAT转发
sysctl -w net.ipv4.ip_forward=1 && echo "net.ipv4.ip_forward = 1">>/etc/sysctl.conf iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j MASQUERADE iptables -A FORWARD -p tcp --syn -s 192.168.2.0/24 -j TCPMSS --set-mss 1356
然后运行pptp /usr/sbin/pptpd,至此PPTP的安装就完成了,因为使用的是AWS的EC2,还需要到安全组里设置一下端口开放策略。
允许ICMP(ALL)
TCP Port 1723
后来在网上搜索发现已经有一键安装脚本了,请参考:https://github.com/viljoviitanen/setup-simple-pptp-***,就是把以上步骤封装成shell了。
下面安装nscd做hosts缓存,如果机器是ssd硬盘就没必要用passwd,group缓存,由于我使用的是AWS日本的免费版,所以就都开启缓存了。
sudo apt-get install nscd [root@shanker:~/shanker08:19]#grep -E -v '^#|^$' /etc/nscd.conf debug-level 0 paranoia no enable-cache passwd yes positive-time-to-live passwd 600 negative-time-to-live passwd 20 suggested-size passwd 211 check-files passwd yes persistent passwd yes shared passwd yes max-db-size passwd 33554432 auto-propagate passwd yes enable-cache group yes positive-time-to-live group 3600 negative-time-to-live group 60 suggested-size group 211 check-files group yes persistent group yes shared group yes max-db-size group 33554432 auto-propagate group yes enable-cache hosts yes positive-time-to-live hosts 3600 negative-time-to-live hosts 20 suggested-size hosts 211 check-files hosts yes persistent hosts yes shared hosts yes max-db-size hosts 33554432 enable-cache services yes positive-time-to-live services 28800 negative-time-to-live services 20 suggested-size services 211 check-files services yes persistent services yes shared services yes max-db-size services 33554432 enable-cache netgroup no positive-time-to-live netgroup 28800 negative-time-to-live netgroup 20 suggested-size netgroup 211 check-files netgroup yes persistent netgroup yes shared netgroup yes max-db-size netgroup 33554432
然后是dnsmasq的配置
sudo apt-get intsll dnsmasq port=53 user=dnsmasq group=dnsmasq bind-interfaces # slaves must use this option no-dhcp-interface= server=8.8.8.8 # us00procms00 server=8.8.4.4 # us00procms00 resolv-file= strict-order dns-forward-max=150 cache-size=500 # the size of dnsmasq’s cache. The default is 150 names neg-ttl=60 local-ttl=300 # [used] When replying with information from /etc/hosts or the DHCP leases file log-async=20 # Enable asynchronous logging - for non-blocking logging log-facility=/var/log/dnsmasq.log
更改完成后重启nscd 和 dnsmasq,这样在连着***浏览网页的时候就可以实现dns的加速目的,其实对咱们用户浏览网页级别的dns加速看不到什么效果,之前在广告公司的网络爬虫服务器用的dnsmasq可真真实实可以看到加速效果。
实测用AWS日本的虚拟机,速度还是挺快的,而且手机,pad也可以添加pptp *** 来×××了。
转载于:https://blog.51cto.com/shanker/1735058