CentOS6.4 build pptpd (VPN) Service

Source: Internet
Author: User

Since Linux does not integrate the PPTP function, we need to install related components to allow our RedHat to support PPTP. Download the corresponding installation package based on the kernel version. The components used are as follows:

Dkms-2.2.0.3-1.noarch.rpm

Kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Pptpd-1.3.4.tar.gz

1. PPTP requires PPP support. Although the system itself has the PPP function, it does not support MPPE. Therefore, you need to update the PPP component of the system,

[Root @ htuidc local] # yum-y install gcc-c ++ rpm-build make wget automake

[Root @ htuidc etc] # yum-y install ppp


2. Install the kernel MPPEMicrosoft Point to Point Encryption, Microsoft Point-to-Point Encryption) patch. The installation command is as follows:

[Root @ htuidc etc] # rpm-ivh dkms-2.2.0.3-1.noarch.rpm

[Root @ htuidc etc] # rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Run the following command to check whether the kernel MPPE patch is successfully installed. If the MPPE module is loaded, run the following command:

[Root @ htuidc ~] # Modprobe ppp-compress-18 & echo success

Success


[Root @ htuidc etc] # cd/usr/local/src

[Root @ htuidc src] # tar zxvf pptpd-1.3.4.tar.gz

[Root @ htuidc src] # cd pptpd-1.3.4

[Root @ htuidc pptpd-1.3.4] #./configure -- prefix =/usr/local/pptpd

[Root @ htuidc Co., pptpd-1.3.4] # make & make install

After compilation and installation are complete, you must first create some directories and copy the original pptpd configuration file:

[Root @ htuidc Co., pptpd-1.3.4] # mkdir/usr/local/pptpd/etc

[Root @ htuidc Co., pptpd-1.3.4] # vi/usr/local/pptpd/etc/pptpd. conf

Enter the following content:

# Pptpd. conf

Option/usr/local/pptpd/etc/options.ppt pd

Debug

Stimeout 30

Localip 10.0.0.254

Remoteip 10.0.0.200-210


Note:

Option/usr/local/pptpd/etc/options.ppt pd ---- specify the position of the pptpd extension property configuration file options.ppt pd.

Debug ---- enable the debug mode. For pptpd? Information and errors are recorded in/var/logs/message to facilitate troubleshooting and debugging.

Stimeout 30 ---- set the maximum connection wait time for the client to connect to the pptpd server), 30 seconds.

Localip 10.0.0.254 ---- pptpd server? The IP address of the server, which can be set to any IP address bound to the server.

Remoteip 10.0.0.200-210 ---- set the IP address range (10.0.0.200-10.0.0.210) that can be allocated after the client connects to the pptpd server. You can set it as follows: 10.0.0.200-208, 10.0.0.0.209, 10.0.0.210, the results are the same.


[Root @ htuidc Co., pptpd-1.3.4] # vi/usr/local/pptpd/etc/options.ppt pd

Enter the following content:

# Options.ppt pd

Name htu-VPN

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Ms-dns 202.106.46.151

Ms-dns 202.106.0.20

# Ms-dns 208.67.222.222

# Ms-dns 208.67.220.220

Proxyarp

Debug

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd


Note:

Name IsMole-VPN ---- name of pptpd server.

Refuse-pap-reject the pap Authentication mode.

Refuse-chap-reject chap authentication mode.

Refuse-mschap-reject the mschap Authentication mode.

Require-mschap-v2-uses Microsoft's mschap-v2 for self-verification when the endpoint performs a connection handshake.

Require-mppe-128 ---- The MPPE module uses 128-bit encryption.

Ms-dns 202.106.46.151

Ms-dns 202.106.0.20 ---- ppp provides the DNS server IP address for the Windows client. The first ms-dns is the DNS Master, and the second is the DNS Slave.

Proxyarp ---- create an ARP proxy key value.

Debug ---- enable the debugging mode. The relevant information is also recorded in/var/logs/message.

Lock ---- lock the client's PTY device file.

Nobsdcomp ---- disable the BSD compression mode.

Novj

Novjccomp ---- disable Van Jacob's compression mode.

Nologfd-do not record error messages to stderr devices ).


After configuring the above two files, we will start to add the client account.

The client account control file is located at:/etc/ppp/chap-secrets

Shell> vi/etc/ppp/chap-secrets

# PPTP User Accounts

# Username server_name "password" ip

Vpnuser1 IsMole-VPN "123456" 10.0.0.201


3. Start PPTPD

[Root @ htuidc pptpd-1.3.4] #/usr/local/pptpd/sbin/pptpd-c/usr/local/pptpd/etc/pptpd. conf-o/usr/local/pptpd/etc/options.ppt pd

[Root @ htuidc Co., pptpd-1.3.4] # netstat-tnlpu | grep pptp

Tcp 0 0 0.0.0.0: 1723 0.0.0.0: * LISTEN 3719/pptpd

If tcp port 1723 is enabled, it indicates that OK is enabled.


4. Enable linux route forwarding

Echo 1>/proc/sys/net/ipv4/ip_forward


5. Enable 10.0.0.0/24 forwarding:

[Root @ htuidc ~] # Iptables-t nat-a postrouting-s 10.0.0.0/24-j MASQUERADE

Note:

Enable pptp vpn forwarding, vpn Server, and Intranet Router

Modprobe ip_conntrack_pptp

Modprobe ip_nat_pptp


Problems:

The following 678 error occurs during connection because the firewall does not enable port 1723:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131228/003Q33464-0.png "title =" qq201309020.1.png "/>

Solution:

[Root @ htuidc ~] # Iptables-a input-p TCP -- dport 1723 -- sport 1024: 65534-j ACCEPT

This article is from the galean blog, please be sure to keep this source http://galean.blog.51cto.com/7702012/1288631

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.