Pptp vpn Server in CentOS6 Architecture

Source: Internet
Author: User

Pptp vpn Server in CentOS6 Architecture

For more information, see http://www.178-go.com/archives/vpn-on-centos-vps.html. There are also many articles about installation and configuration on the Internet, which are also detailed. It is not difficult to configure according to steps. Because my application scenarios are a little different from those described in these articles, the server for configuring the VPN service is in the company LAN and there is no public IP address. The company intranet is 192.168.0.0/24, and the Host IP configured for the VPN service is 192.168.0.3. The following describes the installation and configuration of the PPTPVPN architecture in this case.

  1. First, perform port ing on a vro with a public IP address. The PPTP service port is 1723 of TCP. The request of TCP port 1723 is mapped to the TCP port 1723 of 192.168.0.3 on the vro.

  2. Install the EPEL yum source on the CentOS6 server to ensure that the software to be installed next exists in the yum source.

  3. Check whether the PPP and TUN of the server are enabled.

    # Cat/dev/pppp

    Cat:/dev/pppp: No such file or directory

    # Cat/dev/net/tun

    Cat:/dev/net/tun: File descriptor in bad state

    If the result is shown as above, it indicates that all operations are enabled normally.

  4. Install ppp and pptp

    # Yum install ppp pptp

  5. Configure pptp and edit the/etc/pptpd. conf file.

    # Vim/etc/pptp. conf

    Change the # Before the following fields:

    Localip 192.168.2.1

    Remoteip 192.168.2.234-238,192.168 .2.245

  6. Edit the/etc/ppp/options.ppt pd file.

    # Vim/etc/ppp/options.ppt pd

    Modify the ms-dns parameters. This parameter specifies the IP address of the domain name resolution server of the vpn Client on windows. If the settings are incorrect, the vpn Client cannot access the Internet after connecting to the configured vpn Server. In the 8.8.8.8 configuration in the blog post, I personally tested that the Internet cannot be accessed normally, and configured it as the IP address of the company's DNS server, or as the IP address of the ISP that provides the company's Internet server. The company's ISP is Shanghai Telecom, so the IP address configured for the DNS provided by Shanghai Telecom is also acceptable.

    Ms-dns 192.168.0.203

    Ms-dns 202.96.209.20.

    Note: the IP address of the first primary DNS is the company's DNS server, and the IP address of the Second secondary DNS is the IP address of Shanghai Telecom.

  7. Set the VPN account password and edit the/etc/ppp/chap-secrets file.

    # Client server secret IP addresses

    Vpnuser1 pptpd 123456 *

    Vpnuser2 pptpd 123456 *

    Note: column 1st is the user name used to log on to the vpn Client, column 3rd is the password used to log on to the vpn Client, and column 4th is the IP address of the login user's host, "*" indicates any IP address.

  8. Modify the kernel settings to support forwarding and edit the/etc/sysctl. conf file.

    # Vim/etc/sysctl. conf


    Change the value of "net. ipv4.ip _ forward" to 1.

    Note: As mentioned in the above reference blog, comment out "net. ipv4.tcp _ syncookies = 1" to disable the SYN Cookies function. I have tested that enabling or disabling this function does not affect the normal operation of the VPN function. It may be related to network performance or security factors.

    Make the modified configuration take effect:

    # Sysctl-p

  9. Configure iptables.

    Add forwarding rules:

    # Iptables-t nat-a postrouting-s 192.168.2.0/24-j SNAT -- to-source = 192.168.0.3

    Note: The Source Address of The forwading package must be converted to the address of the VPN Server.

    If TCP port 1723 is disabled, open the port:

    # Iptables-t filter-a input-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT

    Save rule

    #/Etc/init. d/iptables save

  10. Start the pptp service.

    # Service pptpd start

  11. Set the pptp service to start automatically.

    # Chkconfig pptpd on

    At this point, the pptp vpn Server in the company's Intranet has been installed and configured.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.