Build a VPN using PPTP on CentOS

Build a VPN using PPTP on CentOS
Centos 6.3 64bit used in this experiment. 1. Check System compatibility before installation. Check the kernel MPPE patch to see if the kernel supports mppe: modprobe ppp-compress-18 & echo OK if OK is displayed, it indicates that the kernel has mppe support. 2. to install VPN, you need to install three components: ppp, pptp, and pptpd. The yum command on the local machine is faulty and can only be performed in wget mode. Can you go to http://pkgs.org/search/pptpd? Type = name find the appropriate installation package on this site: 1. Download: wget http://mirror.centos.org/centos/6/ OS /x86_64/Packages/ppp-2.4.5-5.el6.x86_64.rpm wget http://mirror.centos.org/centos/6/ OS /x86_64/Packages/pptp-1.7.2-8.1.el6.x86_64.rpm wget http://dl.fedoraproject.org/pub/epel/6/x86_64/pptpd-1.4.0-3.el6.x86_64.rpm 2. Install: rpm-ivh ppp-2.4.5-5.el6.x86_64.rpm rpm-ivh pptp-1.7.2-8.1.el6.x86_64.rpm rpm-ivh pptpd-1.4.0-3.el6.x86_64.rpm 3. The three required components have been installed. We will configure them later. 1.ppt pd configuration file in/etc/pptpd. conf. (1) Comment out logwtmp in this file: # logwtmp (2) then configure the Local intranet IP address and the IP address to be allocated after the client dials in: localip 192.168.0.1 remoteip 192.168.0.201-250 2. enable ms-dns. The path is in/etc/ppp/options.ppt pd. This DNS can be set to a public DNS server or configured by yourself. Google Internet DNS is generally used: ms-dns 8.8.8.8 3. Configure the user name and password for VPN access and the assigned IP address. The path is in/etc/ppp/chap-secrets. Qd pptpd qjgwhihajCfkc * 4. Enable the IP forwarding function of the firewall. The path is in/etc/sysctl. conf. (1) Assign net. ipv4.ip _ forward to 1: net. ipv4.ip _ forward = 1 (2) Save and exit. Run the sysctl-p command to make the configuration take effect. Sysctl-p 5. Add Rules to the firewall to allow NAT translation. The command is as follows: (1) single Nic iptables-t nat-a postrouting-o eth0-j MASQUERADE (2) Multiple NICs, you need to specify the Internet ip iptables-t nat-a postrouting-s 192.168.0.0/24-j SNAT -- to-source **. **. **. ** 6. start pptpd now. Service iptables start service pptpd start 7. Configure the service to automatically start chkconfig pptpd onchkconfig iptables on when it is started. 4. Client connection. You can view an Eni on the VPN Server and the IP address obtained by the VPN Client: ifconfig v. pptpd service commands. Restart: service pptpd restart disabled: service pptpd stop enabled: service pptpd start