Centos6.x configure VPN

The full name of VPN is & ldquo; VirtualPrivateNetwork & rdquo;, translated as & ldquo; virtual private network & rdquo ;. As the name suggests, we can regard a virtual private network as an internal private line of an enterprise. It can establish a proprietary communication line between two or more enterprise intranets connected to the Internet in different places through special encrypted communication protocols, it is like setting up a leased line, but it does not need to be laid out.

The full name of VPN is "Virtual Private Network", which is translated as "Virtual Private Network ". As the name suggests, we can regard a virtual private network as an internal private line of an enterprise. It can establish a proprietary communication line between two or more enterprise intranets connected to the Internet in different places through special encrypted communication protocols, it is like setting up a leased line, but it does not need to lay physical lines such as optical cables. This is like applying for a leased line from the telecommunications board, but there is no need to pay for the laying of the line, or purchase a router or other hardware equipment. VPN technology was originally one of the most important technologies of routers. Currently, VPN functions are also supported in vswitches, firewall devices, Windows, and other software, the core of a VPN is to use a public network to establish a virtual private network.

A virtual private network (VPN) is defined as a temporary and secure connection through a public network (usually the Internet). It is a secure and stable tunnel through a chaotic public network. A virtual private network is an extension of the enterprise Intranet. Virtual private network can help remote users, company branches, business partners and suppliers to establish trusted and secure connections with the company's intranet, and ensure secure data transmission. A virtual private network can be used for the global internet access of increasing mobile users to achieve secure connections. it can be used to implement virtual private lines for secure communication between enterprise websites, it is used to economically and effectively connect commercial partners and users to a secure, out-of-network virtual private network.

PPTP is called The Point to Point Tunneling Protocol-Point to Point Tunnel Protocol, which is one of the VPN protocols.

If the check results do not support these features, pptp cannot be installed.
Execute command:

 

$ Modprobe ppp-compress-18 & echo OK

After this execution, "OK" indicates that the execution is successful. However, another check is required. enter the following command:

 

$ Cat/dev/net/tun

If the result of this command is the following text, it indicates that:

 

$ Cat:/dev/net/tun: File descriptor in bad state

You can install pptp only after both of the preceding steps are passed. Otherwise, you can only consider openvpn, or ask the technical customer service of the vps space provider to enable the TUN/TAP/PPP function for your VPS, it seems that some vps control panel provides a button to enable the TUN/TAP/PPP function.

We recommend that you install yum to automatically resolve dependencies.
1. install ppp and iptables
PPTPD requires the Linux kernel to support mppe. generally, it is included in CentOS installation (I have not installed this step ):

 

$ Yum install-y perl ppp iptables # iptables and ppp are installed in centos by default.

 

Determine whether ppp is available:

 

$ Cat/dev/pppcat:/dev/ppp: No such device or address

If? With the above one? Scratching? The parameter "No such device or address" is not required ?? Module? @ Indicates that ppp is available and can be mounted normally? Pptp.

If? Is "Permission denied", which indicates what is ppp ?? , The following steps? You don't need to read it again.

Second, the method for installing pptpd is to directly install pptpd with yum, so that the computer can automatically select the corresponding version:
Add the yum source first:

 

[Root @ ~] $ Rpm-Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpmRetrieving http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpmwarning :/Var/tmp/rpm-tmp.UDo346: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEYPreparing... ######################################## ### [100%] 1: pptp-release ##################################### ###### [100%] [root @ ~] $ Yum install-y pptpdLoaded plugins: fastestmirror, securityLoading mirror speeds from cached hostfile * rpmforge: ftp. riken. export-stable | 2.2 kB poptop-stable/primary_db | 5.5 kB pptp-stable | 2.2 kB pptp-stable/primary_db | 18 kB Setting up Install uninstall Dependencies --> Running transaction check ---> Package pptpd. x86_64. 4.0-1. el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ==================== ========================================================== ===== Package Arch Version Repository Size ============================ ========================================================== ====== Installing: pptpd x86_64 1.4.0-1. el6 poptop-stable 74 k Transaction Summary ============================== ========================================================== === Install 1 Package (s) total download size: 74 kInstalled size: 174 kDownloading Packages: pptpd-1.4.0-1.el6.x86_64.rpm | 74 kB 00:00 warning: rpmts_HdrFromFdno: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEYRetrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-PPTPImporting GPG key 0x862ACC42: Userid: PPTP Software Signing Key Package: pptp-release-4-7.rhel6.noarch (installed) From:/etc/pki/rpm-gpg/RPM-GPG-KEY-PPTPRunning Transaction TestTransaction Test SucceededRunning TransactionWarning: RPMDB altered outside of yum. installing: pptpd-1.4.0-1.el6.x86_64 1/1 Verifying: pptpd-1.4.0-1.el6.x86_64 1/1 Installed: pptpd. x86_64. 4.0-1. el6 Complete!

 

Third, after the installation is complete, start related configuration work:
1. configuration file/etc/ppp/options.ppt pd

 

$ Cp/etc/ppp/options.ppt pd. bak $ vi/etc/ppp/options.ppt pd # resolution: I also recommend that you add content to the original configuration file to configure pptp hosts pd: ms-dns 8.8.8.8ms-dns 8.8.4.4

Resolution: ms-dns 8.8.8.8 and ms-dns 8.8.4.4 use google's dns server.

2. configuration file/etc/ppp/chap-secrets

 

$ Cp/etc/ppp/chap-secrets/etc/ppp/chap-secrets.bak $ vi/etc/ppp/chap-secrets # chap-secrets content is as follows: # Secrets for authentication using CHAP # client server secret IP addressesmyusername pptpd mypassword * # myusername is your vpn account, mypassword is your vpn password, * indicates any ip address, remember not to lose this asterisk.

 

3. configuration file/etc/pptpd. conf

 

$ Cp/etc/pptpd. conf/etc/pptpd. conf. bak $ vi/etc/pptpd. conf # add the following two lines: localip 192.168.9.10remoteip 192.168.9.11-20 # indicates the ip address range obtained by the vpn client.

 

4. configuration file/etc/sysctl. conf

 

$ Vi/etc/sysctl. conf # Modify the kernel settings to support forwarding # Change the net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forward = 1 # save the modified file, which takes effect $/sbin/sysctl-p

 

4. start pptp vpn service

 

$/Sbin/service pptpd start # or service pptpd startShutting down pptpd: [OK] Starting pptpd: [OK] # set automatic start $ chkconfig pptpd -- list # check whether pptpd 0 is started by yourself: off 1: off 2: off 3: off 4: off 5: off 6: off $ chkconfig pptpd on # enable automatic startup $ chkconfig pptpd -- list # confirm the self-starting status 2 \ 3 \ 4 \ 5 are on.ppt pd 0: off 1: off 2: on 3: on 4: on 5: on 6: off

 

Fifth: configure and start iptables

 

$ Vi/bin/iptables. sh # Note: I have defined iptables. sh here. You can also directly execute the following statement: # ---------- For VPN Setting ---------------------- # iptables -- flush POSTROUTING -- table natiptables -- flush FORWARDiptables-a input-p tcp-m tcp -- dport 1723-j ACCEPTiptables-a input-p-j ACCEPTiptables-t nat-a postrouting-s 192.168.9.0/24-o em1-j MASQUERADE # note: #1. if your internet nic is not em1 but eth0, you need to change-o eth0. ifconfig may be used to press enter to confirm ## 2. in this command, "192.168.9.0/24" is based on the "localip" network segment in the preceding configuration file. # Note: # is pptp a GRE (Generic Routing Encapsulation) Encapsulation? Port 1723? OK? Why ?,? K and? Set the VPN? Where is the segment ??? Router interface? Send? ν Badam ?? /Div> $/sbin/service iptables restart # or service iptables restartiptables: Flushing firewall rules: [OK] iptables: Setting chains to policy ACCEPT: filter [OK] iptables: Unloading modules: [OK]

 

Next, you can set the local VPN link. you can search for the specific settings on the internet. The Windows visual interface is very simple.

Refer:

Http://www.dabu.info/centos6-4-structures-pptp-vpn.html

Http://www.vixual.net/blog/archives/32

Http://zyan.cc/pptp_vpn/