The purpose of this is for the company's research and development department to visit foreign websites through Hong Kong's servers, just mark it, maybe later, and not spend any more time studying it.
CentOS 5.x/6.x under PPTP VPN server installation
1, installation of related software packages
32-bit version:
# yum install-y PPP Libpcap iptables
# wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.i386.rpm # #我的就是32位CentOS5.6
# RPM-IVH pptpd-1.3.4-2.rhel5.i386.rpm
64-bit version:
# yum install-y PPP Libpcap iptables
# wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
# RPM-IVH pptpd-1.3.4-2.rhel5.x86_64.rpm
# #64位 6.0 System Download this link: wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm-P/tmp/
2, configuration file preparation
①, configuration file/etc/ppp/options.pptpd
# Mv/etc/ppp/options.pptpd/etc/ppp/options.pptpd.bak
# VIM/ETC/PPP/OPTIONS.PPTPD
Enter the following content:
Name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
Proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
idle 2592000 ms-dns 8.8.8.8 Ms-dns 8.8.4.4
#本栏目更多精彩内容: http://www.bianceng.cn/OS/Linux/
#这里的DNS可以查看服务器本机使用的DNS地址.
②, config file #/etc/ppp/chap-secrets
# Mv/etc/ppp/chap-secrets/etc/ppp/chap-secrets.bak
# vim/etc/ppp/chap-secrets
Enter the following content
# Secrets for authentication using CHAP
# client server secret IP addresses
myusername pptpd MyPassword *
Note: The MyUserName and MyPassword here are the PPTP VPN login username and password, changed to your own.
③, configuration file/etc/pptpd.conf
# Mv/etc/pptpd.conf/etc/pptpd.conf.bak
# vim/etc/pptpd.conf
Enter the following content:
OPTION/ETC/PPP/OPTIONS.PPTPD
logwtmp
localip 192.168.168.1
remoteip 192.168.168.11-30
#注: Dynamically assign IP between 192.168.168.11~192.168.168.30 for the user who is dialing into the VPN.
④, configuration file/etc/sysctl.conf
# vim/etc/sysctl.conf
Modify the following:
Net.ipv4.ip_forward = 1
Execute after save and exit:
Sysctl-p
3. Start PPTP VPN server side:
#/ETC/INIT.D/PPTPD Start
4, set iptables rules and restart:
# Vim/etc/sysconfig/iptables
Add the following rules:
*nat
:P rerouting ACCEPT [0:0]
:P ostrouting ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
-A postrouting-s 192.168.168.0/255.255.255.0-o eth0-j Masquerade
COMMIT
# Completed on Mon June 1 19:18:47 2013
*filter< C9/>:input ACCEPT [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
: Rh-firewall-1-input-[0:0]-a
Forward-s 192.168.168.0/255.255.255.0-j ACCEPT
-a input-p gre-j ACCEPT
-a rh-firewall-1-input-p tcp-m stat E--state new-m tcp--dport 1723-j ACCEPT
-A rh-firewall-1-input-p tcp-m State--state new-m TCP--dport 2333-j ACCEPT
-A rh-firewall-1-input-i ppp+-j ACCEPT-i
forward-p tcp--syn-i ppp+-j TCPMSS--SET-MSS 1356
Reboot the firewall:
#/etc/init.d/iptables Start