Build a VPN on CentOS
Linux: CentOS
1. Check the server for necessary support. If the check results do not support these features, pptp cannot be installed. Command:
Modprobe ppp-compress-18 & echo OK
After this execution, "OK" indicates that the execution is successful. However, another check is required. Enter the following command:
Cat/dev/net/tun
If the following information is displayed, ticket can be activated for vps vendors if not supported. Most vps vendors in the United States can:
Cat:/dev/net/tun: File descriptor in bad state
The above two can install VPN (pptp) only once they pass through)
2. Prepare the environment
PPTPD requires the Linux kernel to support mppe. Generally, it is included in CentOS installation. The following is the installation of ppp and iptables:
Yum install ppp iptables
3. Install PPTPD
For 32-bit CentOS, run
Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm
Rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm
For 64-bit CentOS, run
Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm
Rpm-ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm
The above two are el5 kernel rpm packages. If el6 is used, run
Rpm-Uvh http://poptop.sourceforge.net/yum/stable/rhel6/i386/pptpd-1.4.0-1.el6.i686.rpm
If you want to install it directly from yum, you can
Rpm-Uvh http://poptop.sourceforge.net/yum/stable/pptp-release-current.noarch.rpm
Yum search pptpd
If the appeal url is invalid, you can access the http://poptop.sourceforge.net to find it
4. modify configuration
Edit the PPTP configuration file/etc/ppp/options.ppt pd and add the following content:
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
Edit the configuration file/etc/pptpd. conf and add the following content:
/Etc/ppp/options.ppt pd
Localip 192.168.254.1
Remoteip 192.168.254.100-254
* Localip and remoteip define the Intranet IP address allocated after the client connects to the VPN Server. You can modify the IP address as needed.
Configure the user authentication file/etc/ppp/chap-secrets as follows:
Testuser pptpd testpwd *
* Change testuser and testpwd to the desired VPN login username and password.
Set net. ipv4.ip _ forward in the/etc/sysctl. conf file to 1 (if not, create a new row in the format ):
Net. ipv4.ip _ forward = 1
At the same time, add # Before "net. ipv4.tcp _ syncookies = 1" to become:
# Net. ipv4.tcp _ syncookies = 1
Save and exit. Run
/Sbin/sysctl-p
Make it take effect.
5. Set iptables forwarding
/Etc/init. d/iptables start
/Sbin/iptables-t nat-a postrouting-o eth0-s 192.168.254.0/24-j MASQUERADE
/Etc/init. d/iptables save
/Etc/init. d/iptables restart
* Note that the above 192.168.254.0 should correspond to the previously set network segment.
6. Remove encryption (some VPS do not support encryption)
This step can be omitted, mainly depending on what VPS you are.
Edit/etc/ppp/options.ppt pd (vim/etc/ppp/options.ppt pd), add a number before the require-mppe-128 # (# require-mppe-128 );
In the VPN connection properties, Select optional encryption mode and allow unencrypted passwords.
Restart PPTPD:
7. Set startup
Chkconfig pptpd on
Chkconfig iptables on
Restart the server to connect and access the Internet normally.
If you cannot connect to the VPN after restarting the server, first check whether port 1723 of the PPTP service on the server is enabled (note that the firewall allows this port). If you can connect to the VPN but cannot access the Internet normally, check whether iptables is forwarded normally.
Iptables-a input-m state -- state NEW-m tcp-p tcp -- dport 1723-j ACCEPT
Service iptables save
Service iptables restart
The following content may be more suitable for you:
Install an open-source VPN Server on CentOS 7
Use PPTP to build a VPN
PPTPD for RHEL5.4 VPN service configuration
The problem of configuring NAT forwarding in PPTPd on Ubuntu VPS
Install pptp vpn under CentOS
Linux VPN (PPTPD) + Windows AD unified authentication