Configuration environment:
Server version: centos 6.4x86
Pptpd version: pptpd v1.40
1. Introduction to vpn
Vpn is called virtual private network. The technology is simple, that is, setting up a private network in the public network and setting up a VPN server in the company intranet, on the Internet, you can access the company's intranet resources by accessing the VPN server as a springboard. Similarly, you can refer to Baidu Encyclopedia: vpn technology for details, the most direct application is to flip the wall. If necessary, you can contact me via email or QQ
II. vpn_pptp construction
1. Preparations
1) Check whether the system has compiled the mppe
Modprobe ppp-compress-18 & echo OK
If OK is returned, the system supports
2) Download the corresponding installation package
Wget http://down.shshenchu.com/pptpd-1.4.0-1.el6.i686.rpm
Http://poptop.sourceforge.net/yum/stable/packages/
3) install ppp and iptables
Yum install ppp iptables-y
2. Install and configure
1) install software
Rpm-ivh pptpd-1.4.0-1.el6.i686.rpm
2) modify the configuration file
2.1) modify/etc/pptpd. conf
1. Back up the original file pptpd. conf
Mv/etc/pptpd. conf/etc/pptpd. conf. bak
2. Recreate the pptpd. conf file and write the following content.
Option/etc/ppp/options.ppt pd
Logwtmp
Localip 192.168.1.1
Remoteip 192.168.1.20-200
Localip refers to the IP address of the local Nic, and remoteip refers to the IP address assigned to the vpn user.
2.2) modify/etc/options.ppt pd
1.back up the original file options.ppt pd
Mv/etc/ppp/options.ppt pd. bak
2.recreate the options.ppt pd file and write the following content
Name pptpd
Refuse-pap
Refuse-chap
Refuse-mschap
Require-mschap-v2
Require-mppe-128
Proxyarp
Lock
Nobsdcomp
Novj
Novjccomp
Nologfd
Idle 2592000
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
2.3) set the pptpd user password
Edit File
Vim/etc/ppp/chap-secrets
Add record in the last row
Name pptpd password ip or *
The static ip address is configured for the user. If it is *, it is dynamic.
2.4). Modify the system kernel and support forwarding
Vim/etc/sysctl. conf
Change net. ipv4.ip _ forward = 0 to 1.
2. Make it take effect
Sysctl-p
2.5) configure iptables rules
Iptables-I INPUT-p tcp -- dport 1723-j ACCEPT
Iptables-I INPUT-p udp -- dport 1723-j ACCEPT
Iptables-I INPUT-p tcp -- dport 47-j ACCEPT
Iptables-I INPUT-p gre-j ACCEPT
Iptables-t nat-a postrouting-s 192.168.1.0/24-j SNAT -- to-source 111.111.111.111
Iptables-P FORWARD ACCEPT
Save the configuration information.
Service iptables save
Restart the iptables service.
Service iptables restart
Restart the pptpd service.
Service pptpd restart
Add pptpd service to start
Chkconfig pptpd on
Configuration complete
III. Attachment:
One-click installation script
Function:
1. One-click configuration and generate an account named vpn and a random password
2. Add a user