This article describes how to install and configure the pptpvpn server in centos. For more information, see CentOS.
Note:
Server operating system: CentOS 5.X 64-bit
Server IP address: 192.168.21.128
Purpose: to install and configure pptp on the server and provide the vpn dialing service externally
Specific operations:
1. download the installation package
1. ppp # this software package is required for pptpd installation
Http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-14.1.rhel5.x86_64.rpm
2. pptpd # The latest version
Http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm
Upload the downloaded file to the/usr/local/src directory.
2. check whether pptp vpn can be installed in the server system environment
1. check whether the system kernel supports MPPE patches.
Copy codeThe code is as follows:
Modprobe ppp-compress-18 & echo success
Success indicates that the system supports the MPPE patch. if not, install kernel-devel first.
Copy codeThe code is as follows:
Yum install kernel-devel
2. check whether TUN/TAP support is enabled.
Cat/dev/net/tun
If the result of this command is the following text, it indicates that:
Copy codeThe code is as follows:
Cat:/dev/net/tun: File descriptor in bad state
3. check whether ppp support is enabled.
Copy codeThe code is as follows:
Cat/dev/ppp
If the result of this command is the following text, it indicates that:
Copy codeThe code is as follows:
Cat:/dev/ppp: No such device or address
The above three items must be met at the same time; otherwise, pptp vpn cannot be installed.
3. install pptp
Copy codeThe code is as follows:
Cd/usr/local/src
Rpm-ivh ppp-2.4.4-14.1.rhel5.x86_64.rpm # install ppp
Rpm-ivh pptpd-1.4.0-1.rhel5.x86_64.rpm # install pptp
4. configure pptp
1. vi/etc/ppp/options.ppt pd # edit, add, and modify the following parameters
Copy codeThe code is as follows:
Name pptpd
Refuse-pap
Refuse-chap
Refuse-mschap
Require-mschap-v2
Require-mppe-128
Proxyarp
Lock
Nobsdcomp
Novj
Novjccomp
Nologfd
Ms-dns 8.8.8.8 # add the primary DNS server address
Ms-dns 8.8.4.4 # Add a backup DNS server address
: Wq! # Save and exit
2. vi/etc/ppp/chap-secrets # set the pptp dial-up user and password (multiple users can be set, one per line)
Copy codeThe code is as follows:
# Client server secret IP addresses
Osyunweivpnuser01 pptpd 123456 *
Osyunweivpnuser02 pptpd 1234 *
Osyunweivpnuser03 pptpd 12345678 *
Format: username pptpd password *
* Indicates that the client is automatically assigned an IP address.
: Wq! # Save and exit
3. vi/etc/pptpd. conf # set the IP address of the pptp server and set the vpn to dial the client IP address pool
Copy codeThe code is as follows:
Option/etc/ppp/options.ppt pd
Logwtmp
Localip 172.16.36.1 # set the IP address of the pptp virtual dialing server (note: it is not the IP address of the server itself)
Remoteip 172.16.36.2-254 # dynamically allocate 172.16.36.2 ~ IP address between 172.16.36.254
Copy codeThe code is as follows:
: Wq! # Save and exit
/Sbin/service pptpd start # start pptp
/Etc/init. d/pptpd stop # Disable
Service pptpd restart # restart
Chkconfig pptpd on # set startup
5. enable the server system routing mode and support packet forwarding
Edit vi/etc/sysctl. conf
Copy codeThe code is as follows:
Net. ipv4.ip _ forward = 1 # Set to 1
# Net. ipv4.tcp _ syncookies = 1 # Comment out
Copy codeThe code is as follows:
: Wq! # Save and exit
/Sbin/sysctl-p # Make the settings take effect immediately
6. set firewall forwarding rules
Copy codeThe code is as follows:
Yum install iptables # install firewall
Service iptables start # start the firewall
Iptables-t nat-a postrouting-s 172.16.36.0/255.255.255.0-j SNAT -- to-source 192.168.21.128 # add rules
Iptables-a forward-p tcp -- syn-s 172.16.36.0/255.255.255.0-j TCPMSS -- set-mss 1356 # add rules
/Etc/init. d/iptables save # save firewall settings
7. enable the pptp service port tcp 1723 and set the vpn to dial the client IP address pool 172.16.36.0/255.255.255.0 through the firewall.
Edit vi/etc/sysconfig/iptables and add the following code:
Copy codeThe code is as follows:
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT
-A RH-Firewall-1-INPUT-s 172.16.36.0/255.255.255.0-j ACCEPT
: Wq! # Save and exit
Note:
Copy codeThe code is as follows:
#192.168.21.128 is the server IP address
#172.16.36.0/255.255.255.0 is the IP address segment of the pptp virtual dialing server set in step 4.
/Etc/init. d/iptables restart # restart the firewall
Chkconfig iptables on # set startup
Cat/etc/sysconfig/iptables # view the firewall configuration file
# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013
* Nat
: Prerouting accept [4680: 60]
: Postrouting accept [4:258]
: Output accept [4:258]
-A postrouting-s 172.16.36.0/255.255.255.0-j SNAT -- to-source 192.168.21.128
COMMIT
# Completed on Wed Dec 11 20:21:08 2013
# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [94: 16159]
: RH-Firewall-1-INPUT-[0: 0]
-A input-j RH-Firewall-1-INPUT
-A forward-j RH-Firewall-1-INPUT
-A forward-s 172.16.36.0/255.255.255.0-p tcp-m tcp -- tcp-flags FIN, SYN, RST, ack syn-j TCPMSS -- set-mss 1356
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp-m icmp -- icmp-type any-j ACCEPT
-A RH-Firewall-1-INPUT-p esp-j ACCEPT
-A RH-Firewall-1-INPUT-p ah-j ACCEPT
-A RH-Firewall-1-INPUT-d 224.0.0.20.- p udp-m udp -- dport 5353-j ACCEPT
-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state RELATED, ESTABLISHED-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 22-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT
-A RH-Firewall-1-INPUT-s 172.16.36.0/255.255.255.0-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT -- reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Dec 11 20:21:08 2013
8. set to automatically create a ppp device node upon startup (This file may be lost after the system is restarted, resulting in an error 619 in the dialing of The pptp client)
Edit vi/etc/rc. d/rc. local and add this line of code at the end of the file.
Copy codeThe code is as follows:
Mknod/dev/ppp c 108 0 # add this line of code at the end of the file
: Wq! # Save and exit