1.edit pptpd configuration file.
on the default pptpd.conf we can see detail expain
this set,we only need to ensure something following.
a).Path to the pptpd program,Default '/usr/sbin/pppd'
ppp /usr/sbin/pppd
b).Set localip and remoteip
following the default Tag and explain.We can understand that localip is configuared for clients to get ipaddress auto.
For the vpn server Is the gateway.So,we need configure localip.
the vpn program will ignore the localip and set it automatic following the system configuration.
#localip 192.168.0.1
remoteip is become very important.It must be given as the rangle of you lan network.if you set the seperate of your Lan network proxyarp can't through to other's computer,well,You can configure it using shorewall by very complex code.
This time,For simple action,I set the remoteip address as a ranges space ipaddress as the same as LAN network which is not using .
for example:
remoteip 10.10.11.230-252
save the configuration file and complete pptp configuaration.
2.rebuild firewall with shorewall.
We will ingore the basic building and configuration about shorewall.
a).edit the shorewall interface file,add a vpn interface,Since the vpn login ipaddress is dynamic,We need set a ppp+ for interface configuaration.
vpn ppp+ detect
save the configuration and exit after add a line above.
b).set the firewall configration rules
allow pre protocol through our firewall.
ACCEPT wan fw gre -
ACCEPT fw lan gre -
wan is the eth0 connect to internet,lan is the eth1 connect to LAN network.fw is signal of firewall
c).Policy configuration
vpn fw ACCEPT
vpn wan ACCEPT
Set a line allow data from vpn devices to fw,wan successfully.
d).Allow vpn connection accept to internet.
edit the configuration of Masq file
ppp+ 10.10.11.0/23 10.10.11.254
10.10.11.0/23 is vpn Network address,and 10.10.11.254 is the LAN Network ipaddress which is exists
this I set to The gateway ipaddress.
e).After Set Above successful,Reboot firewall.
It will work well.and completed the configuration of vpn and shorewall.