Since centos itself does not integrate the PPTP function, we need to install related components so that our RedHat supports PPTP. Download the corresponding installation package based on the kernel version. The components used are as follows:
Dkms-2.2.0.3-1.noarch.rpm
Kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
Pptpd-1.3.4.tar.gz
1. PPTP requires PPP support. Although the system itself has the PPP function, it does not support MPPE. Therefore, you need to update the PPP component of the system,
[Root @ htuidc local] # yum-y install gcc-c ++ rpm-build make wget automake
[Root @ htuidc etc] # yum-y install ppp
2. Install the kernel MPPE patch. The installation command is as follows:
[Root @ htuidc etc] # rpm-ivh dkms-2.2.0.3-1.noarch.rpm
[Root @ htuidc etc] # rpm-ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
Run the following command to check whether the kernel MPPE patch is successfully installed. If the MPPE module is loaded, run the following command:
[Root @ htuidc ~] # Modprobe ppp-compress-18 & echo success
Success
[Root @ htuidc etc] # cd/usr/local/src
[Root @ htuidc src] # tar zxvf pptpd-1.3.4.tar.gz
[Root @ htuidc src] # cd pptpd-1.3.4
[Root @ htuidc pptpd-1.3.4] #./configure -- prefix =/usr/local/pptpd
[Root @ htuidc Co., pptpd-1.3.4] # make & make install
After compilation and installation are complete, you must first create some directories and copy the original pptpd configuration file:
[Root @ htuidc Co., pptpd-1.3.4] # mkdir/usr/local/pptpd/etc
[Root @ htuidc Co., pptpd-1.3.4] # vi/usr/local/pptpd/etc/pptpd. conf
Enter the following content:
# Pptpd. conf
Option/usr/local/pptpd/etc/options.ppt pd
Debug
Stimeout 30
Localip 10.0.0.254
Remoteip 10.0.0.200-210
Note:
Option/usr/local/pptpd/etc/options.ppt pd ---- specify the position of the pptpd extension property configuration file options.ppt pd.
Debug ---- enable the debug mode. For pptpd? Information and errors are recorded in/var/logs/message to facilitate troubleshooting and debugging.
Stimeout 30 ---- set the maximum connection wait time (connection timeout) and 30 seconds for the client to connect to the pptpd server.
Localip 10.0.0.254 ---- pptpd server? The IP address of the server, which can be set to any IP address bound to the server.
Remoteip 10.0.0.200-210 ---- set the IP address range (10.0.0.200-10.0.0.210) that can be allocated after the client connects to the pptpd server. You can set it as follows: 10.0.0.200-208, 10.0.0.0.209, 10.0.0.210, the results are the same.
[Root @ htuidc Co., pptpd-1.3.4] # vi/usr/local/pptpd/etc/options.ppt pd
Enter the following content:
# Options.ppt pd
Name htu-VPN
Refuse-pap
Refuse-chap
Refuse-mschap
Require-mschap-v2
Require-mppe-128
Ms-dns 202.106.46.151
Ms-dns 202.106.0.20
# Ms-dns 208.67.222.222 for international use
# Ms-dns 208.67.220.220
Proxyarp
Debug
Lock
Nobsdcomp
Novj
Novjccomp
Nologfd
Note:
Name IsMole-VPN ---- name of pptpd server.
Refuse-pap-reject the pap Authentication mode.
Refuse-chap-reject chap authentication mode.
Refuse-mschap-reject the mschap Authentication mode.
Require-mschap-v2-uses Microsoft's mschap-v2 for self-verification when the endpoint performs a connection handshake.
Require-mppe-128 ---- The MPPE module uses 128-bit encryption.
Ms-dns 202.106.46.151
Ms-dns 202.106.0.20 ---- ppp provides the DNS server IP address for the Windows client. The first ms-dns is the DNS Master, and the second is the DNS Slave.
Proxyarp ---- create an ARP proxy key value.
Debug ---- enable the debugging mode. The relevant information is also recorded in/var/logs/message.
Lock ---- lock the client's PTY device file.
Nobsdcomp ---- disable the BSD compression mode.
Novj
Novjccomp ---- disable Van Jacob's compression mode.
Nologfd-do not record error messages to stderr devices ).
After configuring the above two files, we will start to add the client account.
The client account control file is located at:/etc/ppp/chap-secrets
Shell> vi/etc/ppp/chap-secrets
# PPTP User Accounts
# Username server_name "password" ip
Vpnuser1 IsMole-VPN "123456" 10.0.0.201
3. Start PPTPD
[Root @ htuidc pptpd-1.3.4] #/usr/local/pptpd/sbin/pptpd-c/usr/local/pptpd/etc/pptpd. conf-o/usr/local/pptpd/etc/options.ppt pd
[Root @ htuidc Co., pptpd-1.3.4] # netstat-tnlpu | grep pptp
Tcp 0 0 0.0.0.0: 1723 0.0.0.0: * LISTEN 3719/pptpd
If tcp port 1723 is enabled, it indicates that OK is enabled.
4. Enable linux route forwarding
Echo 1>/proc/sys/net/ipv4/ip_forward
5. Enable 10.0.0.0/24 forwarding:
[Root @ htuidc ~] # Iptables-t nat-a postrouting-s 10.0.0.0/24-j MASQUERADE
Note:
Enable pptp vpn forwarding, vpn Server, and Intranet Router
Modprobe ip_conntrack_pptp
Modprobe ip_nat_pptp
Problems:
The following 678 error occurs during connection because the firewall does not enable port 1723:
Solution:
[Root @ htuidc ~] # Iptables-a input-p TCP -- dport 1723 -- sport 1024: 65534-j ACCEPT