麦乐吧

To Create a Trouble TicketLog into your Account Manager.
From the My Products section, select Servers.
Click Launch Manager next to the server account that you would like to manage. The Dedicated Hosting Manager opens in a new window.
Under Support, click Trouble Ticket. The Trouble Ticket Wizard displays
Enter your contact information, including an email address and phone number.
Enter a summary and a detailed description of your issue under Trouble Ticket Description.
Click Continue.
Review your trouble ticket information and click Submit.

Thank you for contacting Live Chat support for Virtual and Dedicated Servers. This is Heather. How can I help you?
myqq8comadmin: I am a Chinese user,I want my vps support Chinese ,can you help me install Simplified Chinese language pack?
Heather P. – Server Concierge: You can not change the language of a Virtual Dedicated Server.
myqq8comadmin: or can I install the language pack by myself?
Heather P. – Server Concierge: You can not modify the language on a Virtual Dedicated Server.
Heather P. – Server Concierge: It can not be changed.
Heather P. – Server Concierge: Due to the virtualization software, the server retrieves its language from the host node. You would need a fully dedicated server if you wish to change the language.
myqq8comadmin: Ok,I know.Thank you!
Heather P. – Server Concierge: Thanks again for using Live Chat; have a great day.
myqq8comadmin: another question
myqq8comadmin: can I install apache and php on my VPS?
Heather P. – Server Concierge: Yes you can.
myqq8comadmin: and mysql?
Heather P. – Server Concierge: You may install anything on your server that does not violate our license agreement or require system level modifications.
myqq8comadmin: undertand,thank you!
Heather P. – Server Concierge: Is there anything else I can help you with?
myqq8comadmin: no ,thanks!Goodbye!

这个过程最后是失败的，因为在我最终联系了HOstgator的技术支持后，他们给了我答案：
PPTP is not supported by Virtuozzo / OpenVZ. You would need to use OpenVPN because it uses a TUN device instead of PPP.
但是这个过程却让我学习了不少东西，记录下来，也许哪天换服务器了，或许可以用的到。

首先，在安装之前，需要检测服务器是否支持ppp,
Run the command below to test if your kernel supports MPPE and you should get a return an “ok”:
#modprobe ppp-compress-18 && echo ok
FATAL: Could not load /lib/modules/2.6.18-028stab066.10/modules.dep: No such file or directory
很不幸，我的服务器不支持。但是在我安装的时候忽略了，我以为只是模块没有安装，安装上就可以了。

还要检测服务器是否开启了tun/tap
#cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state 返回这样的信息说明服务器开启了tun/tap。
如果其它信息，就说明没有开启，需要客服支持，我给他们发了邮件寻求支持。

I am using a level 3 VPS,but no cpanel.
I do not want to buy cpanel, because that need 10$/mon.
Now ,I want to install PPTP VPN,need tun/tap support,Can you help me enable tun/tap?

客服的服务很好，很快就给我开启了。继续安装。我的CentOS服务器是64位版的。
yum install -y ppp iptables
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-1.rhel5.1.x86_64.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm

配置文件编写
1、配置文件/etc/ppp/options.pptpd
mv /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak
vi /etc/ppp/options.pptpd
输入以下内容：
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
idle 2592000
ms-dns 208.67.222.222
ms-dns 208.67.222.220
其中两个dns是OpenDns的IP，也可以用其它的，我目前能找到的就是它们了。
2、配置文件/etc/ppp/chap-secrets (VPN用户配置文件)
mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak
vi /etc/ppp/chap-secrets
输入以下内容：
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
myusername pptpd mypassword *
注：这里的myusername和mypassword即为PPTP VPN的登录用户名和密码。

3、配置文件/etc/pptpd.conf
mv /etc/pptpd.conf /etc/pptpd.conf.bak
vi /etc/pptpd.conf
输入以下内容：
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.10.1
remoteip 192.168.9.5-10
注：为拨入VPN的用户动态分配192.168.10.5-192.168.10.10之间的IP。

4、配置文件/etc/sysctl.conf
vi /etc/sysctl.conf
输入以下内容：
net.ipv4.ip_forward = 1

保存、退出后执行命令：
#/sbin/sysctl -p

启动PPTP VPN 服务器端：
#/sbin/service pptpd start

启动iptables：
#/sbin/service iptables start
#/sbin/iptables -t nat -A POSTROUTING -o venet0 -s 192.168.10.0/24 -j MASQUERADE

我在最后一步的时候，总是出现错误提示，unknown error 18446744073709551615。

在有点碰运气的状况下，远程VPN连接服务器，总是提示错误619，连接不上。

在无奈之下，查看系统日志\var\log\messages 发现了原因：
This system lacks kernel support for PPP. This could be because the PPPkernel module could not be loaded, or becaus e PPP was not included inthe kernel configuration. If PPP was included as a module, try`/sbin/modprobe -v ppp’. If that fails, check that ppp.o exists i n/lib/modules/`uname -r`/net. See README.linux file in the pppdistribution for more details.

于是，再次检测ppp
I run the command to test:
[root@xin ~]# modprobe -v ppp
FATAL: Could not load /lib/modules/2.6.18-028stab066.10/modules.dep: No such file or directory

然后把错误信息发给客服，客服答复说不支持，建议我安装OpenVPN。
下面就开始OpenVPN的安装之旅。

在经过了一番头疼的折腾后，这次的结果是成功的。过程比较顺利。下面是过程和细节。

由于PPTP对环境的要求很高，大多数的VPS都是基于OpenVZ虚拟化技术的，所以无法安装。这回介绍另一种VPN——OpenVPN，能在绝大多数VPS上安装，而且功能更加强大。（有些话是google来的，比如这句套话）

OpenVPN 需要TUN支持，大多数VPS默认都没有开启，你可以用这个命令检测：cat /dev/net/tun 如果返回信息为：cat: /dev/net/tun: File descriptor in bad state 说明正常，否则就需要客服帮忙开吧。（这段上文中也讲过。）

另外如果你需要连上OpenVPN后能访问互联网，还需要iptables_nat模块支持，用这个命令检测：iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o venet0 -j MASQUERADE

如果返回信息为：iptables: Unknown error 4294967295 说明正常，否则同样需要客服帮忙开通。

环境准备好之后，开始安装OpenVPN了。网上的教程绝大多数都是用源代码编译方式安装的，但我觉得这种方式不便于以后升级维护，这里使用yum来安装。

默认情况下centos的yum源没有OpenVPN的，先安装EPEL这个东西，使用命令：rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-3.noarch.rpm

(注意上面的x86_64，我的VPS是64位的，所以是这个，如果是32位的就要改成i386)

成功后yum源里面就有 OpenVPN了，直接使用命令yum -y install openvpn

这里就体现了yum安装的好处，比如 OpenVPN需要lzo支持，安装的时候会检测系统，没有的组件会自动安装进去。

程序安装到了这个目录：/usr/share/openvpn/easy-rsa

把easy-rsa这个文件夹移出来，用命令：cp -R /usr/share/openvpn/easy-rsa /etc/openvpn/

然后cd /etc/openvpn/easy-rsa/2.0进入，生成OpenVPN需要的证书。

用vi vars来编辑环境变量(目录操作和文件的编辑我都是用VNC远程桌面编辑的，跟windows一样)。

把最后几行根据实际情况修改：

export KEY_COUNTRY=”CN”
export KEY_PROVINCE=”He”
export KEY_CITY=”He”
export KEY_ORG=”xxxx”
export KEY_EMAIL=”xxxx@mail.com“

这些红字需要自己按需修改，在生成证书的时候需要提问的。

保存后运行. vars设置生效。（注意点后面的空格）

接下来运行./build-ca server创建证书颁发机构。

Generating a 1024 bit RSA private key
……………………++++++
….++++++
writing new private key to ‘ca.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:回车
State or Province Name (full name) [He]:回车
Locality Name (eg, city) [He]:回车
Organization Name (eg, company) [xxxx]:回车
Organizational Unit Name (eg, section) []:回车
Common Name (eg, your name or your server’s hostname) [xxxx]:回车
Name []:回车
Email Address [xxxx@mail.com]:回车

注意红色的地方，需要按回车的。

创建CA之后来生成服务器证书，输入./build-key-server server

Generating a 1024 bit RSA private key
…++++++
……………++++++
writing new private key to ’server.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:回车
State or Province Name (full name) [He]:回车
Locality Name (eg, city) [He]:回车
Organization Name (eg, company) [xxxx]:回车
Organizational Unit Name (eg, section) []:回车
Common Name (eg, your name or your server’s hostname) [server]:回车
Name []:回车
Email Address [xxxx@mail.com]:回车

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:回车
An optional company name []:回车
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           RINTABLE:’CN’
stateOrProvinceName   RINTABLE:’He’
localityName          RINTABLE:’He’
organizationName      RINTABLE:’xxxx’
commonName            RINTABLE:’server’
emailAddress          :IA5STRING:’xxxx@mail.com‘
Certificate is to be certified until Nov 18 17:25:15 2019 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

同样注意红色字的部分，是需要人工输入的。

服务器证书生成完了，接下来生成客户端证书，理论上每个OpenVPN用户都有独立的证书，我们先来生成一个试试。

输入命令：./build-key client1，这里的client1是客户端名称，如果第二个就是client2了。

Generating a 1024 bit RSA private key
…….++++++
………++++++
writing new private key to ‘client1.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [CN]:回车
State or Province Name (full name) [He]:回车
Locality Name (eg, city) [He]:回车
Organization Name (eg, company) [xxxx]:回车
Organizational Unit Name (eg, section) []:回车
Common Name (eg, your name or your server’s hostname) [client1]:回车
Name []:回车
Email Address [xxxx@mail.com]:回车

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:回车
An optional company name []:回车
Using configuration from /etc/openvpn/easy-rsa/2.0/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject’s Distinguished Name is as follows
countryName           RINTABLE:’CN’
stateOrProvinceName   RINTABLE:’GD’
localityName          RINTABLE:’GZ’
organizationName      RINTABLE:’Black-Xstar Net Empire’
commonName            RINTABLE:’client1′
emailAddress          :IA5STRING:’webmaster@black-xstar.com’
Certificate is to be certified until Nov 18 17:31:21 2019 GMT (3650 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated

注意红色字的部分，和上面生成服务器证书差不多。

最后生成Diffie Hellman参数：./build-dh，这个需要一点时间的。完成上面的过程后，把/etc /openvpn/2.0/keys里面的东西下载回来。

接下来我们开始配置OpenVPN了，配置文件只是一个参考，可以根据实际情况修改。

在/etc/openvpn目录下，用命令vi server.conf新建一个配置文件，输入下面内容：

port 443
proto tcp
dev tun
ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem
server 10.8.0.0 255.255.255.0
push “redirect-gateway def1″
push “dhcp-option DNS 208.67.222.222″
push “dhcp-option DNS 208.67.220.220″
client-to-client
keepalive 10 120
comp-lzo
persist-key
persist-tun
verb 3

其中DNS服务器地址可以换成主机商的，这里用的是OpenDns。另外我有了tcp协议和443端口，是为了方便我在cmwap下使用，也可以换别的。

到这里为止OpenVPN就配置好了，接下来我们设置外网访问。

输入vi /etc/sysctl.conf开始编辑，找到net.ipv4.ip_forward = 0改成net.ipv4.ip_forward = 1保存。然后执行sysctl -p这个命令。

输入iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -j SNAT –to-source 1.2.3.4添加规则，注意最后1.2.3.4改成你的VPS的IP 地址。(注意红线,to前面是两个短线-)

完成后用/etc/init.d/iptables save保存iptables设置，然后/etc/init.d/iptables restart重新启动下。

把OpenVPN添加到开机启动，用vi /etc/rc.local进入编辑，在后面加入/usr/sbin/openvpn –config /etc/openvpn/server.conf &这一行。（注意：&是结束符）

需要在服务器上完成的操作到这里就结束了，输入openvpn –config /etc/openvpn/server.conf &启动。
安装客户端：
OpenVPN需要安装客户端才行，在http://www.openvpn.net/index.php/open-source/downloads.html下载最新版本的Windows Installer安装。

然后在下载回来keys文件夹里面找到ca.crt、client1.crt和client1.key这三个文件，放到C:\Program Files\OpenVPN\config里面。

同时在这里面新建一个名字为“client1.ovpn”的文本文件，输入下面内容：

client
dev tun
proto tcp
remote 1.2.3.4 443
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
cert client1.crt
key client1.key
ns-cert-type server
comp-lzo
verb 3

把第四行的1.2.3.4换成VPS的IP地址，然后保存。

在开始菜单里面找到OpenVPN GUI并运行。

文中大部分文字都是google来的，懒得修改了。累了~~~~