CentOS6.4 build pptpd (VPN) Service

Since centos itself does not integrate the PPTP function, we need to install related components so that our RedHat supports PPTP. Download the corresponding installation package based on the kernel version. The components used are as follows:

Dkms-2.2.0.3-1.noarch.rpm

Kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Pptpd-1.3.4.tar.gz

1. PPTP requires PPP support. Although the system itself has the PPP function, it does not support MPPE. Therefore, you need to update the PPP component of the system,

[Root @ htuidc local] # yum-y install gcc-c ++ rpm-build make wget automake

[Root @ htuidc etc] # yum-y install ppp

2. Install the kernel MPPE patch. The installation command is as follows:

[Root @ htuidc etc] # rpm-ivh dkms-2.2.0.3-1.noarch.rpm

[Root @ htuidc etc] # rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm

Run the following command to check whether the kernel MPPE patch is successfully installed. If the MPPE module is loaded, run the following command:

[Root @ htuidc ~] # Modprobe ppp-compress-18 & echo success

Success

[Root @ htuidc etc] # cd/usr/local/src

[Root @ htuidc src] # tar zxvf pptpd-1.3.4.tar.gz

[Root @ htuidc src] # cd pptpd-1.3.4

[Root @ htuidc pptpd-1.3.4] #./configure -- prefix =/usr/local/pptpd

[Root @ htuidc Co., pptpd-1.3.4] # make & make install

After compilation and installation are complete, you must first create some directories and copy the original pptpd configuration file:

[Root @ htuidc Co., pptpd-1.3.4] # mkdir/usr/local/pptpd/etc

[Root @ htuidc Co., pptpd-1.3.4] # vi/usr/local/pptpd/etc/pptpd. conf

Enter the following content:

# Pptpd. conf

Option/usr/local/pptpd/etc/options.ppt pd

Debug

Stimeout 30

Localip 10.0.0.254

Remoteip 10.0.0.200-210

Note:

Option/usr/local/pptpd/etc/options.ppt pd ---- specify the position of the pptpd extension property configuration file options.ppt pd.

Debug ---- enable the debug mode. For pptpd? Information and errors are recorded in/var/logs/message to facilitate troubleshooting and debugging.

Stimeout 30 ---- set the maximum connection wait time (connection timeout) and 30 seconds for the client to connect to the pptpd server.

Localip 10.0.0.254 ---- pptpd server? The IP address of the server, which can be set to any IP address bound to the server.

Remoteip 10.0.0.200-210 ---- set the IP address range (10.0.0.200-10.0.0.210) that can be allocated after the client connects to the pptpd server. You can set it as follows: 10.0.0.200-208, 10.0.0.0.209, 10.0.0.210, the results are the same.

[Root @ htuidc Co., pptpd-1.3.4] # vi/usr/local/pptpd/etc/options.ppt pd

Enter the following content:

# Options.ppt pd

Name htu-VPN

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Ms-dns 202.106.46.151

Ms-dns 202.106.0.20

# Ms-dns 208.67.222.222 for international use

# Ms-dns 208.67.220.220

Proxyarp

Debug

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd

Note:

Name IsMole-VPN ---- name of pptpd server.

Refuse-pap-reject the pap Authentication mode.

Refuse-chap-reject chap authentication mode.

Refuse-mschap-reject the mschap Authentication mode.

Require-mschap-v2-uses Microsoft's mschap-v2 for self-verification when the endpoint performs a connection handshake.

Require-mppe-128 ---- The MPPE module uses 128-bit encryption.

Ms-dns 202.106.46.151

Ms-dns 202.106.0.20 ---- ppp provides the DNS server IP address for the Windows client. The first ms-dns is the DNS Master, and the second is the DNS Slave.

Proxyarp ---- create an ARP proxy key value.

Debug ---- enable the debugging mode. The relevant information is also recorded in/var/logs/message.

Lock ---- lock the client's PTY device file.

Nobsdcomp ---- disable the BSD compression mode.

Novj

Novjccomp ---- disable Van Jacob's compression mode.

Nologfd-do not record error messages to stderr devices ).

After configuring the above two files, we will start to add the client account.

The client account control file is located at:/etc/ppp/chap-secrets

Shell> vi/etc/ppp/chap-secrets

# PPTP User Accounts

# Username server_name "password" ip

Vpnuser1 IsMole-VPN "123456" 10.0.0.201

3. Start PPTPD

[Root @ htuidc pptpd-1.3.4] #/usr/local/pptpd/sbin/pptpd-c/usr/local/pptpd/etc/pptpd. conf-o/usr/local/pptpd/etc/options.ppt pd

[Root @ htuidc Co., pptpd-1.3.4] # netstat-tnlpu | grep pptp

Tcp 0 0 0.0.0.0: 1723 0.0.0.0: * LISTEN 3719/pptpd

If tcp port 1723 is enabled, it indicates that OK is enabled.

4. Enable linux route forwarding

Echo 1>/proc/sys/net/ipv4/ip_forward

5. Enable 10.0.0.0/24 forwarding:

[Root @ htuidc ~] # Iptables-t nat-a postrouting-s 10.0.0.0/24-j MASQUERADE

Note:

Enable pptp vpn forwarding, vpn Server, and Intranet Router

Modprobe ip_conntrack_pptp

Modprobe ip_nat_pptp

Problems:

The following 678 error occurs during connection because the firewall does not enable port 1723:

Solution:

[Root @ htuidc ~] # Iptables-a input-p TCP -- dport 1723 -- sport 1024: 65534-j ACCEPT