The configuration of PPTP consists of the following five steps:
Verify that the kernel is loading the MPPE module
Install the required packages
Configure PPP and PPTP configuration files
Turn on IP forwarding for the kernel
Start the pptpd daemon
Configuring iptables firewall release and forwarding rules
Detailed steps
1. Verify that the kernel is loaded with the MPPE module:
Basically all installed, so skip over
2. Install the required packages:
Ppp
PPTP encapsulates user data using the PPP protocol, and then encapsulates PPP data frames in IP datagrams and spreads over IP networks. So first you need to support the PPP protocol, and the following command installs PPP:
Yum install-y PPP
Pptpd
With the PPP protocol support, next install PPTPD. First come here to find the latest version of the PPTPD for your platform. Then you also need to select a 32-bit or 64-bit package based on the kernel. After you find the correct package, copy its URL and download it to the home directory of root (or install it directly with the RPM-IVH URL) with wget. For example, my 64-bit kernel CentOS, use the following command to download:
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
RPM-IVH pptpd-1.4.0-1.el6.x86_64.rpm
3. Configure
Ppp
Configuring PPP requires editing its two profiles, one option (options) file and one user account file. First edit Option file:
Vim/etc/ppp/options.pptpd
Find Ms-dns
Modify:
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4
Next, modify another file that stores the user account:
Vim/etc/ppp/chap-secrets
This file is very simple, where the VPN client's username, service name, password, and IP address range are stored in clear text, one account per line:
UserName1 pptpd PASSWD1 *
UserName2 pptpd PASSWD2 *
The first and third columns are user names and passwords; the second column should match the service name specified after name in the file/etc/ppp/options.pptpd above, and the last column restricts the client IP address, and the asterisk indicates that there is no limit.
Pptpd
Vim/etc/pptpd.conf
Modify the following two lines
Localip 192.168.0.1
Remoteip 192.168.0.207-217
Two lines are the more important two lines. VPN can be understood in this way, Linux clients use a virtual network device PPP0 (Windows clients can also be understood as a VPN virtual network card), connected to the server's virtual networking device Ppp0, so that the client joined the server-side ppp0 on the network. Localip is the IP address that can be assigned to the server-side ppp0, and REMOTEIP will be assigned to the client ppp0 (or virtual network card).
These two can be multiple IP, general localip set an IP on the line, Remoteip is depending on the number of clients, assigning a section of IP. The IP segment of REMOTEIP needs to be consistent with the IP segment of Localip.
Localip and REMOTEIP IP segments can be specified at will, but the range does not contain the actual network card eth0 IP address. In general, use the configuration in the above configuration to make it work, all you have to do is change the IP range of 192.168.0.207-217 to your favorite 192.168.0.a-b, which 1<a<b<255.
4. Turn on the kernel IP forwarding function
To enable the VPN server to act as a transit agent for network requests, to enable clients to access the Internet via VPN, you also need to turn on the IP forwarding capabilities of the kernel. You can edit the configuration file:
Vim/etc/sysctl.conf
Locate the line:
Net.ipv4.ip_forward = 0
Amended to
Net.ipv4.ip_forward = 1
Then execute the following command to make the above modifications effective:
Sysctl-p
5. Start the pptpd daemon
Once the configuration is complete, you can start the PPTPD process and set the automatic startup
/ETC/INIT.D/PPTPD start
Chkconfig--level pptpd on
If you need a user to surf the internet after the connection, you also need to set NAT,IP forwarding
Use iptables on a Linux server, as follows:
Iptables-t nat-f
Iptables-t nat-a postrouting-s 192.168.0.0/24-j SNAT--to
# xxx.xxx.xxx.xxx is your IP
Then configure
There are also about the configuration of iptable, here is not much to say, refer to the following:
Here I tested directly off the service iptables stop