CentOS7.0 VPN setup

Source: Internet
Author: User

CentOS7.0 VPN setup
Before CentOS7.0, the iptables firewall was used, and firewalld was used by default after 7.0. The VPN settings were also different: 1. check if pptpd: modprobe ppp-compress-18 is supported & echo yes returns yes indicates Support 2. check whether tun: cat/dev/net/tun is enabled. If cat:/dev/net/tun: File descriptor in bad state is returned, it is supported. Otherwise, you must manually enable tun. install pptpd and ppp: yum-y install ppp pptpd Note: If you are prompted that pptpd cannot be found, you need to manually download: rpm-I http://poptop.sourceforge.net/yum/stable/rhel7/pptp-release-current.noarch.rpm 4. configure pptpd. conf: vim/etc/p Ptpd. conf: remove the comments from localip 192.168.0.1 and remoteip 192.168.0.234-238,192.168 .0.245. romoteip is an open terminal Intranet segment and is randomly selected between 234-245, even if the terminal lan ip address is 192.168.0.234. 5. modify DNS: Add DNS at the end of vim/etc/ppp/options.ppt pd. google hosts: ms-dns 8.8.8.8: ms-dns 8.8.4.4 you can search for some foreign DNS on the Internet and ping it on your own to see which one is used quickly. 6. add an account: vim/etc/ppp/chap-secrets # client serversecret IP address account pptpd password ** indicates any assigned IP address 7. configure sysctl. conf: vim/etc/sysctl. conf, add a line of net. ipv4.ip _ forward = 1, save, and use sysctl-p to make the kernel modification take effect. 8. set forwarding rules: If iptables is used (disable firewalld), iptables-t nat-a postrouting-s 192.168.0.234/24-o eth0-j MASQUERADE, 192.168.0.234/24 corresponds to pptpd. in conf, remoteipiptables-F-t nat iptables-X-t natiptables-Z-t if you want to clear forwarding rules, you can use the preceding command and then use service iptables save. Note: if it is 7.0, the forwarding rule will expire after restart, and rc needs to be written. local: chmod + x/etc/rc. d/rc. localvim/etc/rc. d/rc. local adds the forwarding rule to the last save and exits. Open VPN Port: iptables-I input-p tcp -- dport 1723-j ACCEPT iptables-I input-p tcp -- dport 47-j ACCEPT iptables-I INPUT-p gre-j ACCEPT restart pptpd, service pptpd restart: firewall-cmd -- permanent -- direct -- add-rule ipv4 filter INPUT 0-I eth0-p tcp -- dport 1723-j ACCEPTfirewall-cmd -- permanent -- direct -- add-rule ipv4 filter INPUT 0-p gre-j ACCEPTfirewall-cmd -- permanent -- dire Ct -- add-rule ipv4 filter POSTROUTING 0-t nat-o eth0-j MASQUERADE firewall-cmd -- permanent -- direct -- add-rule ipv4 filter FORWARD 0-I ppp +-o eth0 -j ACCEPT firewall-cmd -- permanent -- direct -- add-rule ipv4 filter FORWARD 0-I eth0-o ppp +-j ACCEPT restart firewall-cmd -- reload 10. set to enable auto-start: chkconfig pptpd on is probably like this process. I wanted to explore linux in the past two years, but since the time has been too long, I have been put on hold. I will check it out recently, I just got started with linux. For the above content, it is purely my materials and I have no authority to explain the results of the practice. There may be many mistakes. I hope you will give me some advice. Thank you very much.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.