Deployment of vpn (pptpd) in Centos

Currently, most VPS servers are abroad, so PPTP servers can be used to build a practical proxy server. PPTP service requires specific Li

Currently, most VPS servers are abroad, so PPTP servers can be used to build a practical proxy server. PPTP services require specific Linux kernel technologies. Therefore, most VPS in OpenVZ architecture cannot be configured with PPTP (which can be replaced by OPENVPN), but almost all VPS in XEN or KVM architecture can be installed normally. This document describes how to install PPTP in CentOS with XEN architecture.

1. prepare the environment

PPTPD requires the Linux kernel to support mppe. generally, it is included in CentOS installation. The following is the installation of ppp and iptables:

yum install perl ppp iptables

2. install PPTPD

For 32-bit CentOS, run

wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpmrpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

For 64-bit CentOS, run

wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpmrpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm

3. modify configurations

Edit The PPTP configuration file/etc/ppp/options.ppt pd, as shown in the following figure:

name pptpdrefuse-paprefuse-chaprefuse-mschaprequire-mschap-v2require-mppe-128proxyarplocknobsdcompnovjnovjccompnologfdidle 2592000ms-dns 8.8.8.8ms-dns 8.8.4.4

Edit the configuration file/etc/pptpd. conf as follows:

option /etc/ppp/options.pptpdlogwtmplocalip 192.168.254.1remoteip 192.168.254.100-254

* Localip and remoteip define the intranet IP address allocated after the client connects to the VPN server. you can modify the IP address as needed.

Configure the user authentication file/etc/ppp/chap-secrets as follows:

testuser pptpd testpwd *

* Change testuser and testpwd to the desired VPN login username and password.

Set net. ipv4.ip _ forward in the/etc/sysctl. conf file to 1 (if not, create a new row in the format ):

net.ipv4.ip_forward = 1

Save and exit. Run

/sbin/sysctl -p

Make it take effect.

 

4. set iptables forwarding

/etc/init.d/iptables start/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.254.0/24 -j MASQUERADE/etc/init.d/iptables save/etc/init.d/iptables restart

* Note that the above 192.168.254.0 should correspond to the previously set network segment.

 

5. set startup

chkconfig pptpd onchkconfig iptables on

Restart the computer to connect and access the internet normally.

If you cannot connect to the VPN after restarting the server, first check whether Port 1723 of The PPTP service on the server is enabled (note that the firewall allows this port). if you can connect to the VPN but cannot access the internet normally, check whether iptables is forwarded normally.

6. configure the VPN client (windows ).

1. create a VPN connection, right-click the "network neighbor" icon on the desktop, and select the "attribute" command in the shortcut menu. Double-click the Create Connection Wizard icon. In the displayed "Welcome to New Connection Wizard" dialog box, click "next" and select "connect to my workplace Network ":
2. click next and select "virtual private network connection ":
3. enter the connection name 4. enter the domain name or IP address of the VPN server 5. in the last step, create a shortcut on the desktop 6. dial-up logon.Double-click the VPN connection icon on the desktop. in the displayed connection dialog box, enter the user name and password for logging on to the VPN server, and then click the connect button.