Set up a VPN Server in CentOS

Set up a VPN Server in CentOS

Note:

Server Operating System: CentOS 5.X 64-bit

Server IP Address: 192.168.21.128

Purpose: To install and configure pptp on the server and provide the vpn dialing service externally

Specific operations:

1. Download the installation package

1. ppp # This software package is required for pptpd Installation

Http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-14.1.rhel5.x86_64.rpm

2. pptpd # the latest version

Http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm

Upload the downloaded file to the/usr/local/src directory.

2. Check whether pptp vpn can be installed in the server system environment

1. Check whether the system kernel supports MPPE patches.

Modprobe ppp-compress-18 & echo success

Success indicates that the system supports the MPPE patch. If not, install kernel-devel first.

Yum install kernel-devel

2. Check whether TUN/TAP support is enabled.

Cat/dev/net/tun

If the result of this command is the following text, it indicates that:

Cat:/dev/net/tun: File descriptor in bad state

3. Check whether ppp support is enabled.

Cat/dev/ppp

If the result of this command is the following text, it indicates that:

Cat:/dev/ppp: No such device or address

The above three items must be met at the same time; otherwise, pptp vpn cannot be installed.

Iii. InstallationPptp

Cd/usr/local/src

Rpm-ivh ppp-2.4.4-14.1.rhel5.x86_64.rpm # Install ppp

Rpm-ivh pptpd-1.4.0-1.rhel5.x86_64.rpm # Install pptp

Iv. ConfigurationPptp

1. vi/etc/ppp/options.ppt pd # edit, add, and modify the following parameters

Name pptpd

Refuse-pap

Refuse-chap

Refuse-mschap

Require-mschap-v2

Require-mppe-128

Proxyarp

Lock

Nobsdcomp

Novj

Novjccomp

Nologfd

Ms-dns 8.8.8.8 # Add the primary DNS server address

Ms-dns 8.8.4.4 # Add a backup DNS server address

: Wq! # Save and exit

2. vi/etc/ppp/chap-secrets # Set the pptp dial-up user and password (multiple users can be set, one per line)

# ClientserversecretIP addresses

Osyunweivpnuser01 pptpd123456 *

Osyunweivpnuser02 pptpd 1234 *

Osyunweivpnuser03 pptpd12345678 *

Format: username pptpd password *

* Indicates that the client is automatically assigned an IP address.

: Wq! # Save and exit

3. vi/etc/pptpd. conf # Set the IP address of the pptp server and set the vpn to dial the Client IP address pool

Option/etc/ppp/options.ppt pd

Logwtmp

Localip 172.16.36.1 # Set the IP address of the pptp virtual dialing server (Note: it is not the IP address of the server itself)

Remoteip 172.16.36.2-254 # dynamically allocate 172.16.36.2 ~ IP address between 172.16.36.254

: Wq! # Save and exit

/Sbin/service pptpd start # start pptp

/Etc/init. d/pptpd stop # disable

Service pptpd restart # restart

Chkconfig pptpd on # Set startup

5. Enable the server system routing mode and support packet forwarding

Vi/etc/sysctl. conf # Edit

Net. ipv4.ip _ forward = 1 # set to 1

# Net. ipv4.tcp _ syncookies = 1 # comment out

: Wq! # Save and exit

/Sbin/sysctl-p # Make the settings take effect immediately

System O & M www.osyunwei.com reminder: qihang01 original content is copyrighted. For more information, see the source and original article links.

6. Set firewall forwarding rules

Yum install iptables # install firewall

Service iptables start # start the Firewall

Iptables-t nat-a postrouting-s 172.16.36.0/255.255.255.0-j SNAT -- to-source 192.168.21.128 # Add Rules

Iptables-a forward-p tcp -- syn-s 172.16.36.0/255.255.255.0-j TCPMSS -- set-mss 1356 # Add Rules

/Etc/init. d/iptables save # save firewall settings

7. EnablePptpService portTCP/IP 1723, SetVpnDial the clientIpAddress pool172.16.36.0/255.255.255.0Use Firewall

Vi/etc/sysconfig/iptables # edit and add the following code

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT

-A RH-Firewall-1-INPUT-s 172.16.36.0/255.255.255.0-j ACCEPT

: Wq! # Save and exit

Note:

#192.168.21.128 is the Server IP Address

#172.16.36.0/255.255.255.0 is the IP address segment of the pptp virtual dialing server set in step 4.

/Etc/init. d/iptables restart # restart the Firewall

Chkconfig iptables on # Set startup

Cat/etc/sysconfig/iptables # view the firewall configuration file

# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013

* Nat

: Prerouting accept [4680: 60]

: Postrouting accept [4:258]

: Output accept [4:258]

-A postrouting-s 172.16.36.0/255.255.255.0-j SNAT -- to-source 192.168.21.128

COMMIT

# Completed on Wed Dec 11 20:21:08 2013

# Generated by iptables-save v1.3.5 on Wed Dec 11 20:21:08 2013

* Filter

: Input accept [0: 0]

: Forward accept [0: 0]

: Output accept [94: 16159]

: RH-Firewall-1-INPUT-[0: 0]

-A input-j RH-Firewall-1-INPUT

-A forward-j RH-Firewall-1-INPUT

-A forward-s 172.16.36.0/255.255.255.0-p tcp-m tcp -- tcp-flags FIN, SYN, RST, ack syn-j TCPMSS -- set-mss 1356

-A RH-Firewall-1-INPUT-I lo-j ACCEPT

-A RH-Firewall-1-INPUT-p icmp-m icmp -- icmp-type any-j ACCEPT

-A RH-Firewall-1-INPUT-p esp-j ACCEPT

-A RH-Firewall-1-INPUT-p ah-j ACCEPT

-A RH-Firewall-1-INPUT-d 224.0.0.20.- p udp-m udp -- dport 5353-j ACCEPT

-A RH-Firewall-1-INPUT-p udp-m udp -- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m tcp -- dport 631-j ACCEPT

-A RH-Firewall-1-INPUT-m state -- state RELATED, ESTABLISHED-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 22-j ACCEPT

-A RH-Firewall-1-INPUT-p tcp-m state -- state NEW-m tcp -- dport 1723-j ACCEPT

-A RH-Firewall-1-INPUT-s 172.16.36.0/255.255.255.0-j ACCEPT

-A RH-Firewall-1-INPUT-j REJECT -- reject-with icmp-host-prohibited

COMMIT

# Completed on Wed Dec 11 20:21:08 2013

8. Set Automatic startupPppDevice Node(This file may be lost after the system restartsPptpClient dialing Error619)

Vi/etc/rc. d/rc. local # Edit

Mknod/dev/ppp c 108 0 # Add this line of code at the end of the file

: Wq! # Save and exit

So far, the pptp vpn Server under CentOS has been set up. You can establish a VPN connection on the Windows client, enter the Internet IP address of the server, and use the aboveConfigure the account and password to connect.

Link: http://www.osyunwei.com/archives/7407.html