Environment:
[Root@vpn_server network-scripts]# Cat/etc/redhat-release
CentOS Release 6.6 (Final)
[Root@vpn_server network-scripts]# Uname-m
x86_64
Preparation:
C64
RPM-IVH http://mirrors.aliyun.com/epel/6/x86_64/epel-release-6-8.noarch.rpm
Yum Install Yum-priorities-y
C32
RPM-IVH http://mirrors.aliyun.com/epel/6/i386/epel-release-6-8.noarch.rpm
Yum Install Yum-priorities-y
Join Yum Source
RPM-UVH http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
Experiment topology:
OS IP Role
Linux eth0:198.168.136.137 pptp_server (vpn_server)
Win7 vpn_client
Goal:
Users (Vpn_client) through PPTP (vpn_server), the realization of the wall-surfing function.
Check to see if the server has the necessary support. If the check results do not have these support, it is not possible to install PPTP, execute instructions:
Modprobe ppp-compress-18 && Echo OK
After this execution, the display of "OK" indicates that it is passed. But then another check is required, and the instructions are entered:
Cat/dev/net/tun
If the instruction shows the result to the following text, it means:
Cat:/dev/net/tun:file Descriptor in
All two of these are approved before PPTP can be installed. Otherwise you can only consider OpenVPN, or ask your service provider to solve this problem
[Root@vpn_server soft]# modprobe ppp-compress-18 && echo OK
Ok
[Root@vpn_server soft]# Cat/dev/net/tun
Cat:/dev/net/tun:file Descriptor in
The Cent OS 6.4 kernel version is above 2.6.15, with the default integration of MPPE and PPP
1 Install PPP,PPTPD and iptables (iptables optional).
By default, the complete CentOS comes with these two components, but a thin version of the system may not. We enter the following command to confirm that if not, install
Yum Install Pptpd-y
2 Configure PPTP.
First, we're going to edit the/etc/pptpd.conf file
Locapip "and" Remoteip "These two configuration items, will precede the"; " The annotation character is removed, or changed to the IP segment value you expect.
Localip represents the IP of the server,
REMOTEIP represents the IP address assigned to the client
[Root@vpn_server soft]# echo "Localip 198.168.136.137" >>/etc/pptpd.conf
[Root@vpn_server soft]# echo "Remoteip 172.16.1.10-15" >>/etc/pptpd.conf
[Root@vpn_server soft]# Tail-2/etc/pptpd.conf
Localip 198.168.136.137
Remoteip 172.16.1.10-15
In the edit/ETC/PPP/OPTIONS.PPTPD file, add DNS for VPN:
[Root@vpn_server soft]# echo "Ms-dns 114.114.114.114" >>/etc/ppp/options.pptpd
[Root@vpn_server soft]# echo "Ms-dns 8.8.8.8" >>/etc/ppp/options.pptpd
[Root@vpn_server soft]# Tail-2/etc/ppp/options.pptpd
Ms-dns 8.8.8.8
Ms-dns 114.114.114.114
Set the PPTP VPN account password. We need to edit/etc/ppp/chap-secrets.
This file: #vim/etc/ppp/chap-secrets in this file, according to the "Username pptpd password *" Written in the form of a line of account and password
For example, if you add a user named Test with a password of 123456, edit the following: Test pptpd 123456 *
[Root@vpn_server soft]# echo "Test pptpd 123456 *" >>/etc/ppp/chap-secrets
[Root@vpn_server soft]# tail-1/etc/ppp/chap-secrets
Test pptpd 123456 *
Modify the kernel settings so that it supports forwarding. Edit/etc/sysctl.conf File:
#vim/etc/sysctl.conf "Net.ipv4.ip_forward" to 1, into the following form. net.ipv4.ip_forward=1
Save the exit and execute the following command to take effect on it:
#sysctl-P
Add iptables forwarding rules. Enter the following directive:
Iptables-t nat-a postrouting-s 172.16.1.0/24-o eth0-j Masquerade
Iptables-a input-i eth0-p tcp–dport 1723-j ACCEPT
Iptables-a forward-i ppp+-o eth0-j ACCEPT
Iptables-a forward-i eth0-o ppp+-j ACCEPT
Iptables-a input-i eth0-p gre-j ACCEPT
Iptables-a input-m state–state established,related-j ACCEPT
Note that the "172.16.1.0/24″" in this directive is changed according to the "Localip" segment of the previous configuration file.
Service Iptables Save
Start pptpd
[Root@vpn_server soft]#/etc/init.d/pptpd start
Starting pptpd: [OK]
[Root@vpn_server soft]# Netstat-lntp|grep pptpd
TCP 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 4129/pptpd
Operating on the Vpn-client
Create a new network connection, slightly