CentOS7.0 VPN setup

CentOS7.0 VPN setup
Before CentOS7.0, the iptables firewall was used, and firewalld was used by default after 7.0. The VPN settings were also different: 1. check if pptpd: modprobe ppp-compress-18 is supported & echo yes returns yes indicates Support 2. check whether tun: cat/dev/net/tun is enabled. If cat:/dev/net/tun: File descriptor in bad state is returned, it is supported. Otherwise, you must manually enable tun. install pptpd and ppp: yum-y install ppp pptpd Note: If you are prompted that pptpd cannot be found, you need to manually download: rpm-I http://poptop.sourceforge.net/yum/stable/rhel7/pptp-release-current.noarch.rpm 4. configure pptpd. conf: vim/etc/p Ptpd. conf: remove the comments from localip 192.168.0.1 and remoteip 192.168.0.234-238,192.168 .0.245. romoteip is an open terminal Intranet segment and is randomly selected between 234-245, even if the terminal lan ip address is 192.168.0.234. 5. modify DNS: Add DNS at the end of vim/etc/ppp/options.ppt pd. google hosts: ms-dns 8.8.8.8: ms-dns 8.8.4.4 you can search for some foreign DNS on the Internet and ping it on your own to see which one is used quickly. 6. add an account: vim/etc/ppp/chap-secrets # client serversecret IP address account pptpd password ** indicates any assigned IP address 7. configure sysctl. conf: vim/etc/sysctl. conf, add a line of net. ipv4.ip _ forward = 1, save, and use sysctl-p to make the kernel modification take effect. 8. set forwarding rules: If iptables is used (disable firewalld), iptables-t nat-a postrouting-s 192.168.0.234/24-o eth0-j MASQUERADE, 192.168.0.234/24 corresponds to pptpd. in conf, remoteipiptables-F-t nat iptables-X-t natiptables-Z-t if you want to clear forwarding rules, you can use the preceding command and then use service iptables save. Note: if it is 7.0, the forwarding rule will expire after restart, and rc needs to be written. local: chmod + x/etc/rc. d/rc. localvim/etc/rc. d/rc. local adds the forwarding rule to the last save and exits. Open VPN Port: iptables-I input-p tcp -- dport 1723-j ACCEPT iptables-I input-p tcp -- dport 47-j ACCEPT iptables-I INPUT-p gre-j ACCEPT restart pptpd, service pptpd restart: firewall-cmd -- permanent -- direct -- add-rule ipv4 filter INPUT 0-I eth0-p tcp -- dport 1723-j ACCEPTfirewall-cmd -- permanent -- direct -- add-rule ipv4 filter INPUT 0-p gre-j ACCEPTfirewall-cmd -- permanent -- dire Ct -- add-rule ipv4 filter POSTROUTING 0-t nat-o eth0-j MASQUERADE firewall-cmd -- permanent -- direct -- add-rule ipv4 filter FORWARD 0-I ppp +-o eth0 -j ACCEPT firewall-cmd -- permanent -- direct -- add-rule ipv4 filter FORWARD 0-I eth0-o ppp +-j ACCEPT restart firewall-cmd -- reload 10. set to enable auto-start: chkconfig pptpd on is probably like this process. I wanted to explore linux in the past two years, but since the time has been too long, I have been put on hold. I will check it out recently, I just got started with linux. For the above content, it is purely my materials and I have no authority to explain the results of the practice. There may be many mistakes. I hope you will give me some advice. Thank you very much.