How to set up a vpn using pptp in CentOS

Source: Internet
Author: User
After a night of hard work, I finally succeeded in the installation. although there are many documents on the Internet, although pptp is the simplest one, it is basically copied, in some cases, errors will not be corrected, so I will sort out the labels: CentOS

Okay, go straight to the theme. my system is centos 5.6.

In the following code #... and subsequent content is Comments. do not copy them. if the file to be modified in the sample code already exists, you can change it to an example. if not, add it.

1: install the dependent software, directly yum:

Yum makecache
Yum-y update
Yum-y install ppp wget iptables-devel perl
Explanation: pptp depends on ppp and iptables, and the perl library is also required.

2: install pptp:

32-bit system:
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.i386.rpm
Rpm-ivh pptpd-1.3.4-2.rhel5.i386.rpm

64-bit system:
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
Rpm-ivh pptpd-1.3.4-2.rhel5.x86_64.rpm


32-bit system:


Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm
64-bit operating system.
Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm


3: pptp configuration

Vi/etc/pptpd. conf
Localip 192.168.2.1
Remoteip 192.168.2.2-192.168.2.250
Explanation: localip is the ip address used by pptp. you can use the remoteip to link to the vpn. you can use the same network segment as the localip to access the ip address.

Vi/etc/ppp/options.ppt pd
Ms-dns 8.8.8.8
Ms-dns 208.67.222.222
Explanation: setting a link to a vpn does not have to do with the dns set on the server.

Vi/etc/ppp/chap-secrets
Test pptpd 123456 *
Explanation: This is the user password for the vpn connection. each line represents one user.
Format Description: The first column is the user, followed by the server name, password, and ip address, separated by a space or tab.
The user and password are free of charge. do not change the server name (pptpd). The "*" parameter indicates that the ip address is automatically allocated by pptpd.

Vi/etc/sysctl. conf
Net. ipv4.ip _ forward = 1
/Sbin/sysctl-p # enable the setting to take effect immediately
Explanation: enable ip forwarding.

4: iptables settings

If your server does not have the/etc/sysconfig/iptables file, you can create it and enter the content. this is the default rule.
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
* Filter
: Input accept [0: 0]
: Forward accept [0: 0]
: Output accept [0: 0]
: RH-Firewall-1-INPUT-[0: 0]
-A input-j RH-Firewall-1-INPUT
-A forward-j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT-I lo-j ACCEPT
-A RH-Firewall-1-INPUT-p icmp -- icmp-type any-j ACCEPT
-An RH-Firewall-1-INPUT-p 50-j ACCEPT
-An RH-Firewall-1-INPUT-p 51-j ACCEPT
-A RH-Firewall-1-INPUT-p udp -- dport 5353-d 224.0.0.20.- j ACCEPT
-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT
-A RH-Firewall-1-INPUT-m state -- state ESTABLISHED, RELATED-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 22-j ACCEPT
-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 80-j ACCEPT
-A RH-Firewall-1-INPUT-j REJECT -- reject-with icmp-host-prohibited
COMMIT

After saving and exiting, restart iptables and back up the default rules.

Cp/etc/sysconfig/iptables {,. bak}
Service iptables start
Set the public ip address assigned by the client, that is, the ip address displayed when accessing the website through vpn.
Iptables-t nat-a postrouting-s 192.168.2.0/255.255.255.0-j SNAT -- to-source 192.168.1.108 (IP address of the pptpd server)

Service iptables save # save the rule set above
Service iptables restart

Explanation: I set it on a LAN and only one ip address is 192.168.1.108. if it is an independent Internet ip address, replace it with your Internet ip address.
If your server has multiple NICs, this ip address can be any one.

Vi/etc/sysconfig/iptables
# Add the following before-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT, this is the DNS port, if not set, even if the user can connect to the vpn, you can only access qq and cannot access the network.

-A RH-Firewall-1-INPUT-p udp-m udp -- dport 53-j ACCEPT
# Add the following after-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 80-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT
Save and exit, restart iptables, and start pptp.

Service iptables restart
Service pptpd start
At this time, try to connect to your server and use test 123456 to log on to one to access some websites.

Common commands:

Service iptables sava # Save rules
Service iptables start # start iptables
Service iptables stop # stop iptables
Service iptables restart # restart iptables

Service pptpd start # start pptp
Service pptpd stop # stop pptp
Service pptpd restart # restart pptp
Service pptpd restart-kill # restart pptp and disconnect all connected users
Service pptpd status # view the current pptp status

Chkconfig pptpd on # set automatic startup
Chkconfig iptables on # set automatic startup

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.