How to Build pptp vpn in CentOS

1. Install software on the server
1.1 First install ppp. Command:
[Root @ test ~] # Yum install-y ppp
The message "Complete" is displayed! , Indicating that the installation is successful;
1.2 install pptpd. The installation command is as follows:
[Root @ test ~] # Yum clean all
[Root @ test ~] # Yum makecache
[Root @ test ~] # Yum-y install pptpd
 
2. Configure pptpd
2.1 Edit/etc/pptpd. conf with the following command:
[Root @ test ~] # Vi/etc/pptpd. conf
Set
# Localip 192.168.0.1
# Remoteip 192.168.0.234-238
Modify
Localip 192.168.0.1
Remoteip 192.168.0.234-238,192.168 .0.245
Remove the first character "#" from the two lines, save and exit.
Note: the IP addresses set above: localip 192.168.0.1 and remoteip 192.168.0.2-200 are the vpn gateway address and the vpn dialing address segment respectively. You can also set the IP addresses by yourself.
2.2 edit/etc/ppp/options.ppt pd with the following command:
[Root @ test ~] # Vi/etc/ppp/options.ppt pd
Set
# Ms-dns 10.0.0.1
# Ms-dns 10.0.0.2
Change
Ms-dns 223.5.5.5
Ms-dns 223.6.6.6
Remove the first character "#" from the two lines, and then modify the dns ip address.
Note: ms-dns 223.5.5.5 and ms-dns 223.6.6.6 are set dns addresses, which can be set to other ones, such as ms-dns 114.114.114.114.
2.3 set the pptp user name and password command:
[Root @ test ~] # Vi/etc/ppp/chap-secrets
There are only two lines after opening, and no account exists.
# Secrets for authentication using CHAP
# Client server secret IP addresses
Add one account per line as needed. Follow the format of "user name pptpd password IP address". Separate each item by space. For example, test pptpd 123456 * (* indicates all IP addresses). Save and exit.
 
3. Modify the kernel settings to support data forwarding:
[Root @ test ~] # Vi/etc/sysctl. conf
Change net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forward = 1.
Save and exit
Run the following command to make the modified parameter take effect
[Root @ test ~] # Sysctl-p
 
4. Add iptables forwarding rules
If the server does not have iptables by default, you need to install it first, and use the yum install-y iptables command to install
Iptables-t nat-a postrouting-s 192.168.0.0/24-j SNAT -- to-source Internet IP address/or intranet IP address
Note: If you need to access the ECS, RDS, and OSS intranet in the cloud service, you can set it to an intranet IP address. If you need to access the public network through a VPN, you can set it to an Internet IP address.
After adding forwarding rules, run the following command to save the settings and restart the firewall:
[Root @ test ~] #/Etc/init. d/iptables save
[Root @ test ~] #/Etc/init. d/iptables restart
 
5. Restart the pptp service.
[Root @ test ~] #/Etc/init. d/pptpd restart
Note that pptp is not running at this time, so the Shutting down pptp [FAILED] will be displayed when you restart with restart. There is also a warning that can be ignored. If you are not at ease, you can use the above command to restart pptp and it will be very smooth.
 
6. Set pptp and iptables to start with the system
[Root @ test ~] # Chkconfig pptpd on
[Root @ test ~] # Chkconfig iptables on
So far, pptp server installation is complete.
On the local computer "Network and Sharing Center", set a new connection or network to access the VPN.

If any problem occurs after AliCloud ECS is configured, follow the steps below:

1) clear old rules and remember to clear nat records.
Iptables-F
Iptables-X
Iptables-t nat-F
Iptables-t nat-X
--- View nat: # iptables-t nat-nL
--- View # iptables-nvL-t nat -- line-numbers

2 .)
Iptables-a input-p gre-j ACCEPT
Iptables-a input-p tcp -- dport 1723-j ACCEPT
Iptables-a input-p tcp -- dport 47-j ACCEPT
 
This article focuses on:
Iptables-t nat-a postrouting-s 192.168.0.0/24-o eth1-j SNAT -- to-source x. x
(192.168.0.0/24 is the VPN network segment, eth1 is the Internet Nic, xxxx is the Internet ip)
/Etc/init. d/iptables save
/Etc/init. d/iptables restart
/Etc/init. d/pptpd restart
3) in/etc/ppp/ip-up/sbin/ifconfig $1 mtu 1500, add before exit 0. Restart the pptp service