Install and configure pptp vpn in CentOs 5.5

Source: Internet
Author: User


VPN (Virtual Private Network) is an extension of a Private Network. It can simulate a point-to-point Private connection through a shared Internet or public Network connection, send data between a local computer and a remote computer. It has good confidentiality and is not subject to authorization, so that both parties can establish a free and secure point-to-point connection.
There are two common VPN services in Linux: pptp and openvpn. The former is simpler, but only independent servers and xen vps can be built. The latter has no restrictions. The former directly creates a VPN dial-up connection in Windows without a special VPN Client. The latter needs to install a client for the dial-up network experiment environment: Server version: centOs 5.5VPN server: eth0 = 192.168.1.241 eth0: 1 = 192.168.20.241 Intranet IP Address: 192.168.20.241 www.2cto.com Internet IP Address: 192.168.1.241
1. Check the server for necessary support. If the check results do not support these features, pptp cannot be installed. Run Command: # modprobe ppp-compress-18 & echo OK after the execution, "OK" indicates that the pass. However, another check is required. Enter the command: # cat/dev/net/tun. If the command displays the result as the following text, it indicates that: cat: /dev/net/tun: File descriptor in bad state. Otherwise, you can only consider openvpn, or ask your service provider to solve this problem. Cent OS 5.5 kernel version is later than 2.6.15, so the following check can be ignored: Check whether PPP supports MPPE by using the following command to check whether PPP supports MPPE: # strings '/usr/sbin/pppd' | grep-I mppe | wc -- lines: Unsupported if the preceding command output is "0; if the output is "30" or a larger number, it indicates support. MPPE (Microsoft Point to Point Encryption, Microsoft Point-to-Point Encryption ).
Ii. Install ppp and iptables. By default, the complete CentOS comes with these two components, but the lite version of the system may not. Run the following command to check whether the command is installed. If not, the system does not perform any operations: # yum install-y ppp iptables
3. Install pptp. This software does not exist in the yum source. We need to download it manually. We first switch to the tmp directory: # cd/tmp www.2cto.com and then execute the following command to download the pptp installation package: # wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm (for 32-bit Systems) # wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm (for 64-bit systems) if your CentOS is 32-bit, execute the 32-bit command. If it is a 64-bit CentOS, execute the 64-bit command. Be sure not to make a mistake, the error will be reported after the client fails to connect to 619 or 800, and prompt the pptpd-logwtmp.so cannot be found. Next install pptp, also divided into 32-bit and 64-bit systems: # rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm (for 32-bit Systems) # rpm-ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm (for 64-bit systems)
4. Configure pptp. First, edit/etc/pptpd. conf file: # vim/etc/pptpd. in the conf file, locate the "locapip" and "remoteip" configuration items, remove the ";" comment, and change the value of the expected IP segment. Localip indicates the IP address of the server, and remoteip indicates the IP address assigned to the client, which can be set as a range. Here we use the default pptp configuration: localip 192.168.1.241 remoteip 192.168.00009-238. Note that the IP segment settings here will directly affect the command for adding iptables rules. Please pay attention to the correctness of the matching. If you are too troublesome, we recommend that you use the configuration in this article to copy commands and text. Next, edit the/etc/ppp/options.ppt pd file and add Google DNS: # vim/etc/ppp/options.ppt pd to the VPN and add the following two lines at the end: generally, you only need to modify ms-dns, the DNS Server IP address assigned to the VPN Client name pptpd www.2cto.com refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd idle 2592000 72 hours idle disconnect ms-dns 8.8.8.8
5. Set the pptp VPN account password. Edit the/etc/ppp/chap-secrets file: # vim/etc/ppp/chap-secrets in this file, which is written in the form of "User Name pptpd password, one account and one password per line. For example, to add a user with the username test and password 1234, edit the following content: test pptpd 1234 * (specifying the ip address assigned to the user test)

6. Modify the kernel settings to support forwarding. Edit/etc/sysctl. conf file: www.2cto.com # vim/etc/sysctl. conf. ipv4.ip _ forward "is changed to 1 and becomes the following form: net. ipv4.ip _ forward = 1 save and exit, and execute the following command to take effect: # sysctl-p
7. Add iptables forwarding rules. After the previous six steps, we can dial the VPN, but we cannot access any web page. The last step is to add iptables forwarding rules. Enter the following command: # iptables-t nat-a postrouting-s 192.168.0.0/24-o eth0-j MASQUERADE. Note that, in this command, "192.168.0.0/24" is changed according to the "localip" network segment in the previous configuration file, for example, the "10.0.0.1" network segment you set, change to "10.0.0.0/24 ". In addition, you need to note eth0. If your Internet Nic is not eth0, but eth1 (for example, the SoftLayer server is like this ), remember to change eth0 to the corresponding Nic ID. Otherwise, the network cannot be accessed! Then, enter the following command to allow iptables to save the forwarding rule we just added so that you do not need to add it again after restarting the system: #/etc/init. d/iptables save and restart iptables: #/etc/init. d/iptables restart
8. Restart the pptp service. Run the following command to restart pptp: #/etc/init. d/pptpd restart. Now you can connect to your VPN and browse the Web page. However, we still need to make the final step.
9. Set the service to run automatically upon startup. The last step is to set pptp and iptables to automatically run upon startup, so you do not need to manually start the service after each restart of the server. Of course, you can ignore this step if you do not need to start the service automatically. Input command: # chkconfig pptpd on www.2cto.com # chkconfig iptables on
10. VPN Client configuration 1. Create a VPN connection, right-click the "Network Neighbor" icon on the desktop, and select the "attribute" command in the shortcut menu. Double-click the create Connection Wizard icon. In the displayed "Welcome to New Connection Wizard" dialog box, click "Next.

2. Select as follows:

3. Enter the connection name.

4. Enter the domain name or IP address of the VPN Server.

5. Double-click the VPN connection icon. In the displayed connection dialog box, enter the user name and password for logging on to the VPN Server, and then click the connect button.

6. the VPN connection is successful.

7. Test the VPN Client to ping the Intranet server.

8. If the web page cannot be viewed locally after vpn is dialed, disable the following options:

From woshou's BLOG

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.