System Environment: CentOS 5.4 Final
NIC: eth0: 98.126.x.x
Check the MPPE of the system first. Basically, CentOS itself exists. If you see OK, you can continue. If not, you can patch it and it will be everywhere on the Internet.
Modprobe ppp-compress-18 & echo OK
CentOS5.4 has already been installed with the ppp version. You can use this version or reinstall it. Here I uninstalled it and reinstall it all by myself.
Rpm-q ppp
Rpm-e rp-pppoe
Rpm-e ppp
Rm-rf/etc/ppp
The required software is as follows:
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-1.rhel5.1.i386.rpm
Wget http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-9.0.rhel5.i386.rpm
1. Install
Rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm
Rpm-ivh ppp-2.4.4-9.0.rhel5.i386.rpm
2. Set Basic Server configurations
The main configuration file is placed in
/Etc/pptpd. conf
/Etc/ppp/options.ppt pd
/Etc/ppp/chap-secrets
Vi/etc/pptpd. conf
Add the following information at the bottom of the Configuration:
Localip 192.168.8.1-30
Remoteip 192.168.8.50-80,192.168 .8.100-200
(1) define the IP address on the vpn Server. (It is the IP address that the client can communicate with the vpn service after connecting, that is, the client may access the vpn Server through this address)
(2) define the IP segment of the client. (Use-to connect consecutive ip addresses, and use commas to separate ip addresses of different segments)
Vi/etc/ppp/options.ppt pd
Add a row at the end
Ms-dns 4.2.2.2(You can change it to your frequently-used dns)
Vi/etc/ppp/chap-secretsGrant user permissions and assign IP addresses
Format: User, service password * (courier)
# Vi/etc/ppp/chap-secrets
The content is as follows:
# Secrets for authentication using CHAP
# Client server secret IP addresses
Test01 pptpd 123456 * (automatically obtained)
Test02 pptpd 654321 192.168.7.230 (specified IP)
3. Enable the routing function of the Linux kernel (ensure that the routing function is enabled every time you start the system, and add vi/etc/rc. local)
Echo "1">/proc/sys/net/ipv4/ip_forward
(Check whether SELINUX is disabled.Vi/etc/selinux/config, and check if SELINUX = disabled)
Or edit/etc/sysctl. conf and add the following statement:
Net. ipv4.ip _ forward = 1
To make sysctl take effect immediately, run the following command :-
Sysctl-p
4. If iptables is enabled, the following rules are required:
Open Port 1723,47
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --dport 47 -j ACCEPT
5. Start and Stop the VPN Service
#/Etc/rc. d/init. d/pptpd start
#/Etc/rc. d/init. d/pptpd stop close
#/Etc/rc. d/init. d/pptpd restart
To enable the VPN service to be automatically started during system boot, run:
# Chkconfig pptpd on
Use netstat-anl to check whether port 1723 is enabled on the server.
6. In this way, the VPN Server should be able to start normally, but to use it normally, you still need a command, which is not found in many articles on the network.
# iptables -t nat -A POSTROUTING -s 192.168.8.0/24 -o eth0 -j SNAT --to 98.126.x.x(NAT translation, which can be bound to an ip address)
&
/Sbin/iptables-t nat-I POSTROUTING-s 192.168.8.0/24-j MASQUERADE
View NAT
Iptables-t nat-L
You may need to add this route to access the Internet. (Two NICs are used)
Ip route add 192.168.0.0/16 via 192.168.8.1
Create a VPN dial-up connection client in Windows:
1. Open the network connection, click "Create a new connection" in the list on the left, and click "Next ".
2. Select "connect to my workplace network" and click "Next ".
3. Select "Virtual Private Network Connection" and click "Next ".
4. Enter any name in the "Company Name" input box. You just like it and click "Next ".
5. Enter the domain name or IP address on the vpn Server in the "host name or IP address" box, click "Next", and click "finish" to create the connection, A connection icon is added to the network connection window.
6. Click the icon, open a connection window, enter the username and password you just added in/etc/ppp/chap-secrets, and click "Connect ", if the configuration is correct, the connection is established. The ip address used now displays the ip address on the server.
The following is a supplement:
There are many articles on installing VPN in the network, but I hardly see a complete list. Here I will configure and install it based on other articles. guaranteed. the main problems with VPN installation are the software version and system environment.
System Environment: CentOS 5.2 Linux version 2.6.18-92. el5 (because my system version is new, you do not need to update and compile the kernel)
NIC: eth0: 219. 237. ***. *** (one piece, it doesn't matter)
Check the MPPE of the system first. Basically, CentOS itself exists. If you see OK, you can continue. If you don't, you can simply go to other people's patch articles, which are everywhere on the Internet.
Modprobe ppp-compress-18 & echo OK
The CentOS5.2 system has already installed ppp2.4.4.1. I have uninstalled it and reinstall it all by myself.
Rpm-q ppp
Rpm-e rp-pppoe
Rpm-e ppp
Rm-rf/etc/ppp
The required software is as follows:
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-1.rhel5.1.i386.rpm
Wget http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-9.0.rhel5.i386.rpm
1. Install
Rpm-ivh ppp-2.4.4-9.0.rhel5.i386.rpm
Rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm
My system lacks these two things, so it doesn't matter if you install them: yum-y install vim * ntp
2. Set Basic Server configurations
The main configuration file is placed in
/Etc/pptpd. conf
/Etc/ppp/options.ppt pd
/Etc/ppp/chap-secrets
Vi/etc/pptpd. conf
Add the following information at the bottom of the Configuration:
Localip 192.168.5.10-30,192.168 .5.33
Remoteip 192.168.7.225-238,192.168 .7.245
(1) define the IP address on the vpn Server. (It is the IP address that can communicate with the vpn service after the client connects, that is, the client may access the vpn Server through this address)
(2) define the Client IP segment
Vi/etc/ppp/options.ppt pd
Remove the following two parameters "#"
Debug \ open debugging. You can see the debugging result in/var/log/message.
Dump
Or
Logfile/var/log/pptpd. log \ specifies the log file
Vi/etc/ppp/chap-secrets grant user permissions and assign IP addresses
Format: User, service password * (courier)
# Vi/etc/ppp/chap-secrets
The content is as follows:
# Secrets for authentication using CHAP
# Client server secret IP addresses
Test01 pptpd 123456 * (automatically obtained)
Test02 pptpd 654321 192.168.7.230 (specified IP)
3. Enable the routing function of the Linux kernel (ensure that the routing function is enabled every time you start the system, and add vi/etc/rc. local)
Echo "1">/proc/sys/net/ipv4/ip_forward
(Check whether the system SELINUX is disabled. vi/etc/selinux/config to see if SELINUX = disabled is in it)
4. If iptables is enabled, the following rules are required:
Open Port 1723,47
Iptables-a input-p tcp -- dport 1723-j ACCEPT
Iptables-a input-p tcp -- dport 47-j ACCEPT
5. Start and Stop the VPN Service
#/Etc/rc. d/init. d/pptpd start
#/Etc/rc. d/init. d/pptpd stop close
#/Etc/rc. d/init. d/pptpd restart
To enable the VPN service to be automatically started during system boot, run:
# Chkconfig pptpd on
Use netstat-anl to check whether port 1723 is enabled on the server.
6. In this way, the VPN Server should be able to start normally, but to use it normally, you still need a command, which is not found in many articles on the network.
# Iptables-t nat-a postrouting-s 192.168.7.0/24-o eth0-j SNAT -- to 192.168.5.220 (NAT translation)
&
/Sbin/iptables-t nat-I POSTROUTING-s 192.168.7.0/24-j MASQUERADE
View NAT
Iptables-t nat-L
You may need to add this route to access the Internet. (Two NICs are used)
Ip route add 192.168.0.0/16 via 192.168.5.1
Create a VPN dial-up connection in windows.