LinuxCentOSPPTPVPN installation tutorial

Source: Internet
Author: User
& Nbsp; pptpdVPN requires kernel support for mppe. if not, contact your service provider. first, before installation, check whether the server supports ppp, kernel & ldquo; OK & rdquo;: # modp pptpd VPN requires kernel support for mppe. if not, contact your service provider.

First, check whether the server supports ppp before installation,
Run the command below to test if your kernel supports MPPE and you shoshould get a return an "OK ":
# Modprobe ppp-compress-18 & echo OK


FATAL: cocould not load/lib/modules/2.6.18-028stab066. 10/modules. dep: No such file or directory


Check whether tun/tap is enabled on the server.
# Cat/dev/net/tun
Cat:/dev/net/tun: File descriptor in bad state. The Returned information indicates that tun/tap is enabled on the server.

Start the configuration below.
First install ppp and iptables.
Yum install-y ppp iptables
If the following conditions occur:
[Root @ mail ~] # Yum install-y ppp iptables
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* Base: mirrors.kernel.org
* Updates: mirrors.kernel.org
* Addons: mirrors.kernel.org
* Extras: mirrors.kernel.org
Http://download.lxlabs.com/download/update/centos-5/ I #/repodata/repomd.xml: [Errno 4] IOError:
Trying other mirror.
Error: Cannot retrieve repository metadata (repomd. xml) for repository: lxlabsupdate. Please verify its path and try again

Run yum clean all first, and then run yum install-y ppp iptables.

Download pptpd.

32-bit operating system.
Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm
64-bit operating system.
Wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm

Install pptpd

32-bit operating system
Rpm-ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

64-bit operating system
Rpm-ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm next edit the/etc/pptpd. conf file, remove the comments for the following two lines or add them directly
Vim/etc/pptpd. conf

Localip 192.168.0.1
Remoteip 192.168.0.234-238,192.168 .0.245


Add the VPN user and password, and keep the password in the format below.
Vim/etc/ppp/chap-secrets

Username pptpd password *

Set DNS to Google DNS.
Vim/etc/ppp/options.ppt pd
To test, open debug and dump
# Logging

# Enable connection debugging facilities.
# (See your syslog configuration for where pppd sends)
Debug

# Print out all the option values which have been set.
# (Often requested by mailing list to verify options)
Dump
The default information is written in/var/log/messages.

Change ms-dns.
Ms-dns 8.8.8.8
Ms-dns 8.8.4.4


The configuration instructions are as follows:

# It is equivalent to the domain used for identity authentication. it must correspond to the content in/etc/ppp/chap-secrets.
Name pptpd
# Transmission encryption. Ppp-2.4.2 and later versions only support MPPE encryption, the kernel module is ppp_mppe.o
# Reject pap authentication
Refuse-pap
# Reject chap authentication
Refuse-chap
# Reject mschap authentication
Refuse-mschap
# Using mschap-v2 (Microsoft Challenge Handshake Authentication Protocol, Version 2) Authentication method
Require-mschap-v2
# Note to use MPPE for encryption when using mschap-v2 authentication
Require-mppe-128
# Assign the DNS address and WINS server address to the client
Ms-dns 202.99.96.68
# Ms-wins 10.0.0.4
# Start the ARP proxy. if the IP address assigned to the client is in the same subnet as the intranet Nic, you must enable the ARP proxy.
Proxyarp



Edit the/etc/sysctl. conf file, find the line "net. ipv4.ip _ forward = 1", and remove the preceding comment. Add if No.



Net. ipv4.ip _ forward = 1



Run the following command to make the configuration take effect.



Sysctl-p



Restart pptpd



/Etc/init. d/pptpd restart



Enable iptables forwarding



/Sbin/iptables-t nat-a postrouting-s 192.168.0.0/24-o eth0-j MASQUERADE



Finally, set iptables and pptpd to automatically start upon startup.



Chkconfig pptpd on chkconfig iptables on

 
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.