CentOS PPTP service setup

CentOS PPTP service setup

Operating System: CentOS 6.2

Internet IP Address: 192.168.101.168

Deployment operation:

1. Check whether the system kernel supports MPPE patches.

# Modprobe ppp-compress-18 & echo OK

# If OK is displayed, the system supports the MPPE patch. If not, install kernel-devel first.

# Yum install kernel-devel

2. Check whether TUN/TAP support is enabled.

# Cat/dev/net/tun

# If the following information is displayed

Cat:/dev/net/tun: File descriptor in bad state

3. Check whether ppp support is enabled.

# Cat/dev/ppp

# If the following information is displayed

Cat:/dev/ppp: No such device or address

# Note: The above three items must be met at the same time; otherwise, pptp vpn cannot be installed.

4. Install pptp dependency package ppp

# Yum install ppp

5. Install pptpd

# You can also directly use the EPEL Source

# Yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/pptpd-1.4.0-3.el6.x86_64.rpm

6. Configure pptp

# Vim/etc/ppp/options.ppt pd

Name pptpd

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Ms-dns 202.96.128.166

Ms-dns 114.114.114.114

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd

# Vim/etc/pptpd. conf

Option/etc/ppp/options.ppt pd

Logwtmp

Localip 10.0.0.1-100 # vpn dial the IP address of the user Server

Remoteip 10.0.0.101-200 # vpn dial in the user client to dynamically allocate the address pool

# Vim/etc/ppp/chap-secrets

# Client User Name Server Authentication password * automatically assigned IP

# ClientserverserversecretIP addresses

Test1@redhat.compptpd123456 *

Test2@redhat.compptpd123456 *

7. Enable the server system routing mode and support packet forwarding

# Vim/etc/sysctl. conf

Net. ipv4.ip _ forward = 1

#/Sbin/sysctl-p

# Note: the following error occurs:

Error: "net. bridge. bridge-nf-call-ip6tables" is an unknown key

Error: "net. bridge. bridge-nf-call-iptables" is an unknown key

Error: "net. bridge. bridge-nf-call-arptables" is an unknown key

# Solution

# Modprobe bridge

# Lsmod | grep bridge

8. Start pptpd

# Service pptpd start

# Chkconfig pptpd on

9. Enable Firewall port 1723 and Set firewall rules

# Iptables-a input-p tcp-m state -- state NEW, ESTABLISHED -- dport 1723-j ACCEPT

# Iptables-a input-p gre-m state -- state ESTABLISHED-j ACCEPT

# Iptables-a output-p tcp-m state -- state ESTABLISHED -- sport 1723-j ACCEPT

# Iptables-a output-p gre-m state -- state NEW, ESTABLISHED-j ACCEPT

# Enable forwarding rules and MTU control rules

# Iptables-t nat-a postrouting-s 10.0.0.0/24-j SNAT -- to-source 192.168.101.168

# Iptables-a forward-p tcp -- syn-s 10.0.0.0/24-j TCPMSS -- set-mss 1356

# Enable ssh, icmp, and loopback

# Iptables-a input-p tcp-m state -- state NEW, ESTABLISHED -- dport 22-j ACCEPT

# Iptables-a output-p tcp-m state -- state ESTABLISHED -- sport 22-j ACCEPT

# Iptables-a input-p icmp -- icmp-type 8-m state -- state NEW, ESTABLISHED-j ACCEPT

# Iptables-a output-p icmp -- icmp-type 0-m state -- state ESTABLISHED-j ACCEPT

# Iptables-a output-p icmp -- icmp-type 8-m state -- state NEW, ESTABLISHED-j ACCEPT

# Iptables-a input-p icmp -- icmp-type 0-m state -- state ESTABLISHED-j ACCEPT

# Iptables-a input-I lo-j ACCEPT

# Iptables-a output-o lo-j ACCEPT

# Enable server access to web

# Iptables-I OUTPUT-p tcp-m state -- state NEW, ESTABLISHED-m multiport -- dports 80,443-j ACCEPT

# Iptables-a input-m state -- state ESTABLISHED, RELATED-j ACCEPT

# Iptables-I OUTPUT 5-p udp -- dport 53-j ACCEPT

# Modify the Default INPUT and OUTPUT chain policies to DROP

# Iptables-P INPUT DROP

# Iptables-P OUTPUT DROP

# Iptables-P FORWARD ACCEPT

# Restart iptables

# Service iptables save

10. set to automatically create a ppp device node upon startup (this file may be lost after the system is restarted, resulting in an error 619 in the dialing of the pptp client)

Vim/etc/rc. d/rc. local

Mknod/dev/ppp c 108 0