Install the VPN Server pptpd in centos 6.4

Detailed installation Tutorial:

1. Check whether the server has necessary support. If no support is provided, pptp cannot be installed. Run the following command:

# Modprobe ppp-compress-18 & echo OK

After this execution, "OK" is displayed, indicating that the operation is successful. However, you need to perform another check and enter the command:

# Cat/dev/net/tun

If the result of this command is the following text, it indicates that:

Cat:/dev/net/tun: File descriptor in bad state

You can install pptp only after both of the preceding steps are passed. Otherwise, you can only consider openvpn, or ask your service provider to solve this problem.

2. Install ppp and iptables (iptables is optional ). by default, the complete CentOS comes with these two components, but the lite version of the system may not. run the following command to confirm the installation. If not, the system will not perform any operations:

# Yum install-y ppp iptables

3. Install pptp. This software is not available in the yum source. We need to download it manually. We need to switch to the tmp directory first:

# Cd/tmp

Run the following command to download the pptp installation package:

# Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm (for 32-bit systems)

# Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm (for 64-bit systems)

If your CentOS is 32-bit, execute the 32-bit command. If it is a 64-bit CentOS, execute the 64-bit command.

Next, install pptp, which is also divided into 32-bit and 64-bit systems:

# Rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm (32-bit system used)

# Rpm-ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm (64-bit system used)

4. Configure pptp. First, edit the/etc/pptpd. conf file:

# Vim/etc/pptpd. conf

Locate the "locapip" and "remoteip" configuration items and remove the ";" annotator to change the value of the expected IP segment. localip indicates the IP address of the server, and remoteip indicates the IP address assigned to the client, which can be set as a range. here we use the default pptp Configuration:

Localip 192.168.0.1

Remoteip 192.168.0.234-238,192.168 .0.245

Note that the IP segment settings will directly affect the command for adding iptables rules. please note that the matching is correct. If you are too troublesome, we recommend that you use the configuration in this article to copy commands and text.

Next, edit the/etc/ppp/options.ppt pd file and add Google DNS for the VPN:

# Vim/etc/ppp/options.ppt pd

Add the following two lines at the end:

Ms-dns 8.8.8.8

Ms-dns 8.8.4.4

5. Set the pptp VPN account password. We need to edit the/etc/ppp/chap-secrets file:

# Vim/etc/ppp/chap-secrets

In this file, write the password in the form of "User Name pptpd password *", one account and one password line. For example, add the user name as test and password as 1234, edit the following content:

Test pptpd 1234 *

6. Modify the kernel settings to support forwarding. Edit the/etc/sysctl. conf file:

# Vim/etc/sysctl. conf

Change "net. ipv4.ip _ forward" to 1, and change it to the following format.

Net. ipv4.ip _ forward = 1

Save and exit, and execute the following command to take effect:

# Sysctl-p

7. Add iptables forwarding rules. after the previous six steps, we can dial the VPN, but we cannot access any web page. the last step is to add iptables forwarding rules. Enter the following command:

# Iptables-t nat-a postrouting-s 192.168.0.0/24-o eth0-j MASQUERADE

Note that the "192.168.0.0/24" in this command is changed according to the "localip" network segment in the previous configuration file, for example, the "10.0.0.1" network segment you set, it should be changed to "10.0.0.0/24 ″. in addition, you need to note eth0. If your Internet Nic is not eth0, but eth1 (for example, the SoftLayer server is like this ), remember to change eth0 to the corresponding Nic ID. Otherwise, the network cannot be accessed.

Then, enter the following command to allow iptables to save the forwarding rule we just added so that you do not need to add it again after restarting the system:

#/Etc/init. d/iptables save

Restart iptables:

#/Etc/init. d/iptables restart

8. Restart the pptp service. Enter the following command to restart pptp:

#/Etc/init. d/pptpd restart

Now you can connect to your VPN and browse the Web page. However, we still need to make the final step.

9. Set the service to run automatically upon startup. the last step is to set pptp and iptables to automatically run upon startup, so you do not need to manually start the service every time you restart the server. Of course, you can skip this step if you do not need to automatically start the service, input command:

# Chkconfig pptpd on

# Chkconfig iptables on

In this way, you can quickly establish a VPN connection under Windows. Fill in your server IP address, username and password, and set your username and password. Click "Connect ", then you can use the server to browse the Web page.

Note:

Specify forwarding rules for multiple ip servers

Iptables-t nat-a postrouting-s 192.168.8.0/24-j SNAT -- to-source 192.168.8.1

Or

Iptables-t nat-a postrouting-s 192.168.8.0/24-j SNAT -- to-source server Internet ip Address

If an iphone or other device can be connected, the access to the webpage or youtube is very slow, you need to make the following changes:

Vi/etc/ppp/ip-up

Add a row

/Sbin/ifconfig$ 1 mtu 1400

Or modify iptables rules.

Iptables-a forward-p tcp -- syn-s 192.168.8.0/24-j TCPMSS -- set-mss 1356

The value of 1356 may need to be adjusted to the maximum value that can ensure normal network usage.