Banwagong vps build a vpn by hand, and banwagongvps

Banwagong vps build a vpn by hand, and banwagongvps

I. Check
1.0 # modprobe ppp-compress-18 & echo OK (module support MPPE encryption mode browsing, if Kernel support is not detected .)

After this execution, "OK" indicates yes. If "Module ppp_mppe not found." is displayed, manually upgrade mppe.
1) switch to the cd/tmp directory first.
2) download: wget http://poptop.sourceforge.net/yum/stable/packages/dkms-2.0.17.5-1.noarch.rpm
Wget http://poptop.sourceforge.net/yum/stable/packages/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Dkms is a new software that allows you to plug in some kernel modules without compiling the kernel.
Kernel_ppp_mppe is the kernel module supported by mppe.
3) Installation
Rpm-ivh dkms-2.0.17.5-1.noarch.rpm
Rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

The preceding two methods are used to load the MPPE [MICROSOFT encryption protocol] For CENTOS. encrypted connections cannot be used without installation.

4) skip this step if gcc is needed by kernel_ppp_mppe-1.0.2-3dkms.noarch does not have an error

　　　　　　yum -y install gcc gcc-c++

Ps: (the rpm installation method is relatively primitive. If the dependent library does not exist, an error is prompted. The yum installation method is relatively advanced. If the dependent library does not exist, it will be associated with download and installation.

There are many ways to install gcc in rpm on the Internet. I am a lot confused. The teacher is not found such file. I don't know. I only know how to copy and paste it, where can I find this file for you and install it at rpm)

After the installation is successful, we will re-install the failed Step,

Rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

2.0 check whether ppp and tun are enabled

Cat/dev/ppp
Cat/dev/net/tun

The result is as follows:

1. Cat:/dev/ppp: No such device or address
2. Cat:/dev/net/tun: File descriptor in bad state

It passes. Otherwise

You can Submit a Ticket request to the VPS provider for activation:

1. Hello
2. Cocould you enabled TUN-TAP for me? I want run pptp-vpn on my VPS.
3. Thank you.

-- End

Ii. Install ppp and iptables.By default, the complete CentOS comes with these two components, but the lite version of the system may not. Run the following command to confirm the installation. If not, the system will not perform any operations:

Yum install-y ppp iptables

3. Install pptp.This software does not exist in the yum source. We need to download it manually. Switch to the tmp directory first:

#cd /tmp

Run the following command to download the pptp installation package:

# Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm (for 32-bit systems)
# Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm (for 64-bit systems)

If your CentOS is 32-bit, execute the 32-bit command. If it is a 64-bit CentOS, execute the 64-bit command. Be sure not to make a mistake.

Next, install pptp, which is also divided into 32-bit and 64-bit systems:

# Rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm (32-bit system used)
# Rpm-ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm (64-bit system used)

1) An error occurred with "ppp = 2.4.4 is needed by pptpd-1.3.4-1.rhel5.1.x86_64"

Run the command to view the ppp version: yum list installed ppp

The results show that: ppp. x86_64 2.4.5-5. el6

Search for the ing between ppp and pptp on the Internet as follows:

　　

ppp 2.4.4——————>pptpd 1.3.4
ppp 2.4.5——————>pptpd 1.4.0

That is to say, the version of pptpd1.3.4 we installed earlier is too low. We only need 1.4.0.

It seems that only the computer can automatically select the corresponding pptpd version.

FirstAdd yum Source: # Rpm-Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm

Then install pptpd with yum:

#yum install pptpd

Generally, pptpd is successfully installed on a computer,

The results show pptpd. x86_64 1.4.0-1. el6.

4. modify the configuration file

1.0Configuration file/etc/ppp/options.ppt pd

# Cp/etc/ppp/options.ppt pd. bak

Back up a file to bak and modify it on the original file.

# Vim/etc/ppp/options.ppt pd

 

Add two lines of google dns servers at the end.

Ms-dns 8.8.8.8
Ms-dns 8.8.4.4

Here, some friends do not know how to edit and add these two lines of data. The edit command is as follows:

 

1.0 press I to enter the editing mode (there will be -- insert -- mark in the lower left corner). To end the editing, Press esc to enter the command mode and enter: Enter the last line mode in command mode.
2.0 common xshell commands for saving files
Save but do not exit vi
: W
Save and exit vi
: Wq
Exit vi, but do not save the changes
: Q!
Save with another file name
: W filename
Save and overwrite the existing file
: W! Filename

It is best to open the debug option in this file (remove the "#" before debug) so that we can view the log troubleshooting errors. In/var/log/messages, run the command cat/var/log/messages | grep pptpd to view error information about PPTP.

2.Configuration file/etc/ppp/chap-secrets

 

# Cp/etc/ppp/chap-secrets/etc/ppp/chap-secrets.bak
# Vim/etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# Client server secret IP addresses

Name pptpd pwd *

Format: username + space + pptpd + password + *. * indicates that this vpn can be used for any ip address. Remember not to lose this asterisk.

One line indicates an account password, which can be multiple lines. If the previous line is automatically supplemented, # Remember to delete #, because # indicates a comment.

3.Configuration file/etc/pptpd. conf

# Cp/etc/pptpd. conf/etc/pptpd. conf. bak
# Vim/etc/pptpd. conf

Add the following two lines:

Localip 192.168.0.1
Remoteip 192.168.0.234-238,192.168 .0.245 // indicates the ip address range obtained by the vpn Client.

 

Key points: 1.Pptpd. the conf configuration file must end with a blank line. Otherwise, "Starting pptpd:" may occur when Starting the pptpd service. The service cannot be started because it remains stuck. Remember! 2. The IP segment settings will directly affect the command for adding iptables rules.

 

4.Configuration file/etc/sysctl. conf

# Vim/etc/sysctl. conf // modify kernel settings to support forwarding

Change net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forward = 1.

Save the modified file,

Run the following command to take effect:

#sysctl -p

Then the following error occurs: (we must solve the problem first, right)

Error: "net. bridge. bridge-nf-call-ip6tables" is an unknown key
Error: "net. bridge. bridge-nf-call-iptables" is an unknown key
Error: "net. bridge. bridge-nf-call-arptables" is an unknown key
Net. netfilter. nf_conntrack_max = 64000
Error: permission denied on key 'Net. nf_conntrack_max'

I finally found the openvz template problem (Google Translate said so). To fix the problem, execute the following four commands:

Fixed modprobe:

Rm-f/sbin/modprobe
Ln-s/bin/true/sbin/modprobe

Fix sysctl:

Rm-f/sbin/sysctl
Ln-s/bin/true/sbin/sysctl

Execute again

# Sysctl-p

Okay. Finally, no error is reported.

5. Start pptp and iptables

1.0 start pptp

# Service pptpd start

OK is displayed, indicating that the connection is successful. At this point, we can connect to the vpn. Test it now (the connection can be established, but there is no network speed)

Connection prompt:

Ip: your vps ip Address

Username and password: set it in/etc/ppp/chap-secrets just now. If you forget it, run the command to view it.

# Vim/etc/ppp/chap-secrets

2.0 enable iptables and nat Forwarding (key !!!!!)

#/Sbin/service iptables start // start iptables

#/Sbin/iptables-t nat-A POSTROUTING-O eth0-S 192.168.9.0/24-j MASQUERADEOrUse one of the following:

# Iptables-t nat-A POSTROUTING-O eth0-S 192.168.9.0/24-j SNAT -- to-source 207.210.83.140

// Note"-O eth0"Indicates the network card name. If multiple network cards are selected, Set-O eth0Change to your-o ethXX (ehtXX is the name of your Nic). You can use ifconfig to check which network adapters are connected to the Internet. GenerallySingle NicAnd most NICs are named eth0 by default. But there are always a variety of things, so if your network adapter is not called eth0, you must remove it.-O eth0. Directly let the system determine the network card you are using, so change the above command:

Iptables-t nat-A POSTROUTING-S 192.168.9.0/24-j SNAT -- to-source 207.210.83.140

(Why is my network card named venet0 !!! So I decided to use this method iptables-t nat-A POSTROUTING-S 192.168.9.0/24-j SNAT -- to-source 207.210.83.140)

Next

#/Etc/init. d/iptables save // save iptables forwarding rules

#/Sbin/service iptables restart // restart iptables

Last step: restart pptp vpn

#service pptpd restart

If you have taken this step, congratulations, the vpn has been configured successfully. Please test it on Google.

In addition: You can set pptp vpn startup

Some people manually enable the service after the restart, so I will restart the command to automatically start pptp vpn and iptables.

# Chkconfig pptpd on // start pptp vpn Service

# Chkconfig iptables on // start iptables at startup

 

 

 

Last thanks @: http://www.dabu.info/centos6-4-structures-pptp-vpn.html

@ Happy: http://blog.xaoyo.net/post/359/