Set up a VPN Server in CentOS

Last Update:2014-12-27 Source: Internet

Author: User

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

Note:

Server Operating System: CentOS 5.X 64-bit

Server IP Address: 192.168.21.128

Purpose: To install and configure pptp on the server and provide the vpn dialing service externally

Specific operations:

1. Download the installation package

1. ppp # This software package is required for pptpd Installation

Http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-14.1.rhel5.x86_64.rpm

2. pptpd # the latest version

Http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm

Upload the downloaded file to the/usr/local/src directory.

2. Check whether pptp vpn can be installed in the server system environment

1. Check whether the system kernel supports MPPE patches.

Modprobe ppp-compress-18 & echo success

Success indicates that the system supports the MPPE patch. If not, install kernel-devel first.

Yum install kernel-devel

2. Check whether TUN/TAP support is enabled.

Cat/dev/net/tun

If the result of this command is the following text, it indicates that:

Cat:/dev/net/tun: File descriptor in bad state

3. Check whether ppp support is enabled.

Cat/dev/ppp

If the result of this command is the following text, it indicates that:

Cat:/dev/ppp: No such device or address

The above three items must be met at the same time; otherwise, pptp vpn cannot be installed.

Iii. InstallationPptp

Cd/usr/local/src

Rpm-ivh ppp-2.4.4-14.1.rhel5.x86_64.rpm # Install ppp

Rpm-ivh pptpd-1.4.0-1.rhel5.x86_64.rpm # Install pptp

Iv. ConfigurationPptp

1. vi/etc/ppp/options.ppt pd # edit, add, and modify the following parameters

Name pptpd

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Proxyarp

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd

Ms-dns 8.8.8.8 # Add the primary DNS server address

Ms-dns 8.8.4.4 # Add a backup DNS server address

: Wq! # Save and exit

2. vi/etc/ppp/chap-secrets # Set the pptp dial-up user and password (multiple users can be set, one per line)

# ClientserversecretIP addresses

Osyunweivpnuser01 pptpd123456 *

Osyunweivpnuser02 pptpd 1234 *

Osyunweivpnuser03 pptpd12345678 *

Format: username pptpd password *

* Indicates that the client is automatically assigned an IP address.

: Wq! # Save and exit

3. vi/etc/pptpd. conf # Set the IP address of the pptp server and set the vpn to dial the Client IP address pool

Option/etc/ppp/options.ppt pd

Logwtmp

Localip 172.16.36.1 # Set the IP address of the pptp virtual dialing server (Note: it is not the IP address of the server itself)

Remoteip 172.16.36.2-254 # dynamically allocate 172.16.36.2 ~ IP address between 172.16.36.254

: Wq! # Save and exit

/Sbin/service pptpd start # start pptp

/Etc/init. d/pptpd stop # disable

Service pptpd restart # restart

Chkconfig pptpd on # Set startup

5. Enable the server system routing mode and support packet forwarding

Vi/etc/sysctl. conf # Edit

Net. ipv4.ip _ forward = 1 # set to 1

# Net. ipv4.tcp _ syncookies = 1 # comment out

: Wq! # Save and exit

/Sbin/sysctl-p # Make the settings take effect immediately

System O & M www.osyunwei.com reminder: qihang01 original content is copyrighted. For more information, see the source and original article links.

6. Set firewall forwarding rules

Yum install iptables # install firewall

Service iptables start # start the Firewall

Iptables-t nat-a postrouting-s 172.16.36.0/255.255.255.0-j SNAT -- to-source 192.168.21.128 # Add Rules

Iptables-a forward-p tcp -- syn-s 172.16.36.0/255.255.255.0-j TCPMSS -- set-mss 1356 # Add Rules

/Etc/init. d/iptables save # save firewall settings

7. EnablePptpService portTCP/IP 1723, SetVpnDial the clientIpAddress pool172.16.36.0/255.255.255.0Use Firewall

Vi/etc/sysconfig/iptables # edit and add the following code

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT

-A RH-Firewall-1-INPUT-s 172.16.36.0/255.255.255.0-j ACCEPT

: Wq! # Save and exit

Note:

#192.168.21.128 is the Server IP Address

#172.16.36.0/255.255.255.0 is the IP address segment of the pptp virtual dialing server set in step 4.

/Etc/init. d/iptables restart # restart the Firewall

Chkconfig iptables on # Set startup

Cat/etc/sysconfig/iptables # view the firewall configuration file

# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013

* Nat

: Prerouting accept [4680: 60]

: Postrouting accept [4:258]

: Output accept [4:258]

-A postrouting-s 172.16.36.0/255.255.255.0-j SNAT -- to-source 192.168.21.128

COMMIT

# Completed on Wed Dec 11 20:21:08 2013

# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013

* Filter

: Input accept [0: 0]

: Forward accept [0: 0]

: Output accept [94: 16159]

: RH-Firewall-1-INPUT-[0: 0]

-A input-j RH-Firewall-1-INPUT

-A forward-j RH-Firewall-1-INPUT

-A forward-s 172.16.36.0/255.255.255.0-p tcp-m tcp -- tcp-flags FIN, SYN, RST, ack syn-j TCPMSS -- set-mss 1356

-A RH-Firewall-1-INPUT-I lo-j ACCEPT

-A RH-Firewall-1-INPUT-p icmp-m icmp -- icmp-type any-j ACCEPT

-A RH-Firewall-1-INPUT-p esp-j ACCEPT

-A RH-Firewall-1-INPUT-p ah-j ACCEPT

-A RH-Firewall-1-INPUT-d 224.0.0.20.- p udp-m udp -- dport 5353-j ACCEPT

-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-m state -- state RELATED, ESTABLISHED-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 22-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT

-A RH-Firewall-1-INPUT-s 172.16.36.0/255.255.255.0-j ACCEPT

-A RH-Firewall-1-INPUT-j REJECT -- reject-with icmp-host-prohibited

COMMIT

# Completed on Wed Dec 11 20:21:08 2013

8. Set Automatic startupPppDevice Node(This file may be lost after the system restartsPptpClient dialing Error619)

Vi/etc/rc. d/rc. local # Edit

Mknod/dev/ppp c 108 0 # Add this line of code at the end of the file

: Wq! # Save and exit

So far, the pptp vpn Server under CentOS has been set up. You can establish a VPN connection on the Windows client, enter the Internet IP address of the server, and use the aboveConfigure the account and password to connect.

Link: http://www.osyunwei.com/archives/7407.html

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More

Set up a VPN Server in CentOS

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support

Set up a VPN Server in CentOS

Contact Us

What's Trending

Top 10 Tags

Top 10 Keywords

Trending Topic

A Free Trial That Lets You Build Big!

Sales Support

After-Sales Support