Virtual Private Network (VPN) refers to the technology for establishing a private network on a public network. It is called virtual network, mainly because the connection between any two nodes of the VPN network does not have the end-to-end physical link required by the traditional private network, but is built on the network platform provided by the public network service provider, such as Internet, ATM (asynchronous transmission mode>, Frame
Relay (Frame Relay) is a logical network on which user data is transmitted in a logical link. It covers extensions of private networks that encapsulate, encrypt, and authenticate links across shared networks or public networks. VPN mainly uses tunnel technology, encryption and decryption technology, key management technology and user and device identity authentication technology.
VPN is a remote access technology. In short, it uses a public network link to establish a private network. For example, if an employee is on a business trip to another place, he wants to access the server resources on the Intranet. Such access is remote access. How can we allow employees in other countries to access intranet resources? The solution of VPN is to set up a VPN Server in the Intranet. The VPN Server has two NICs, one connecting the Intranet and the other connecting the internet. After local employees connect to the internet, they can find the VPN Server through the Internet and then use the VPN Server as a stepping stone to enter the Intranet of the enterprise. To ensure data security, the communication data between the VPN Server and the client is encrypted. With data encryption, you can think that data is transmitted securely on a dedicated data link, just like a dedicated network. However, VPN is actually a public link on the Internet, so it can only be called a virtual private network. That is, VPN uses encryption technology to encapsulate a data communication tunnel on the Internet. With the VPN technology, users can use VPN to conveniently access intranet resources on the Internet, whether on a business trip or at home, this is why VPN is widely used in enterprises.
1. Install PPP and iptables
PPTP installation requires support from the PPP and iptables software. Here, yum is used for installation,
Enter this command: Yum
Install-y PPP iptables
Average
PPP is installed by default in centos.
2. Install PPTP
Installation Package http://poptop.sourceforge.net/yum/stable/packages/
Select the latest
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
If wget is invalid, yum install-y wget
Rpm
-IVH pptpd-1.3.4-2.rhel5.x86_64.rpm
3.
Configure PPTP
VI
/Etc/PPP/options.ppt PD
Edit MS-DNS, And the rest do not need to be modified
MS-DNS 208.67.222.222
MS-DNS 208.67.220.220
The last two lines are the DNS server address. opendns is used here. You can also use the DNS of the host service provider. After editing, save and exit.
Opendns
See http://baike.baidu.com/view/755405.htm
InputVI/etc/pptpd. confStart editing and enter the following content:
Option/etc/PPP/options.ppt PD
Logwtmp
Localip 192.168.8.1
Remoteip 192.168.8.2-40,
The last two lines are the IP Address Allocation of the VPN. If you are not familiar with it, do not change it. After editing, save and exit.
The configuration here needs to refer to the configuration of this server
/Sbin/ifconfig
Innet ADDR: 192.168.8.2 bcast 192.168.8.255
InputVI/etc/PPP/chap-secretsStart editing and enter the following content:
Username1 pptpd password1 *
Username2 pptpd password2 *
Username3 pptpd password3 *
This file is used to configure the login user and password of the VPN, one line at a time. After editing, save and exit.
InputVI/etc/sysctl. confStart editing. This file is different from the preceding one and contains the following content:
Find
Net. ipv4.ip _ forward = 0
Change
Net. ipv4.ip _ forward = 1
Save and exit, and then executeSysctl-PThis command.
In this case, PPTP is basically configured. EnterService pptpd startStart.
Configure iptables. First, enterService iptables startStart.
Then, enter the following four commands. Remember to press enter after each input every day:
Iptables-A input-p tcp -- dport 1723-J accept
Iptables-A input-p tcp -- dport 47-J accept
Iptables-A input-P gre-J accept
Iptables-T Nat-A postrouting-s 192.168.8.0/24-O eth0-J Masquerade
Enter/Etc/init. d/iptables saveSave and enter/Etc/init. d/iptables restartRestart.
If you want to automatically start the VPN service when the server starts, you also need to enterChkconfig pptpd onAndChkconfig iptables onThese two commands.
Restart PPTPService pptpd restart
Reference http://www.linuxidc.com/Linux/2011-06/37430.htm