Set up pptp server in centos

Set up pptp server in centos

PPTP(Point to Point Tunneling Protocol)

Default port: 1723

PPTP is the PPTF protocol. This protocol is a new enhanced security protocol developed on the basis of the PPP protocol. It supports multi-protocol Virtual Private Network (VPN) and can pass the password authentication protocol (PAP) and Extended Authentication Protocol (EAP) to enhance security. This allows remote users to access CEN through an ISP, a direct connection to the Internet, or other networks.

Point-to-Point Tunneling (PPTP) is a network technology that supports multi-protocol virtual private networks. It works on the second layer. With this protocol, remote users can securely access the company's network through Microsoft Windows NT Workstation, Windows xp, Windows 2000, Windows 7, and other systems with point-to-point protocols, and can be connected to a local ISP by dialing, and securely linked to the company network through the Internet.

PPTP is a Point-to-Point Tunneling Protocol that separates control packets from data packets, and controls control packets over TCP. PPTP uses the TCP protocol and is suitable for use in networks without firewall restrictions.

I. Deployment of pptp servers:

Server

IPAddress

Description

Server05(Centos6.6)

192.168.10.65(Vpn: 10.0.0.1)

Vpn-serverServer

Windows-xp

192.168.10.69

Vpn-clientClient

Server06(Centos6.6)

192.168.10.66

Vpn-clientClient

1. Check whether the system kernel supports MPPE patches.

[Root @ server05 ~] # Modprobe ppp-compress-18 & echo OK

# If OK is displayed, the system supports the MPPE patch. If not, you must first install the kernel-devel installation command: yuminstallkernel-devel

2. Check whether TUN/TAP support is enabled.

[Root @ server05 ~] # Cat/dev/net/tun

cat:/dev/net/tun:Filedescriptorinbadstate# If this information is displayed, it indicates that

3. Check whether ppp support is enabled.

[Root @ server05 ~] # Cat/dev/ppp

cat:/dev/ppp:Nosuchdeviceoraddress# If this information is displayed, it indicates that

Note: The preceding three conditions must be met at the same time; otherwise, pptpvpn cannot be installed.

4. Install pptp dependency package ppp

[Root @ server05 ~] # Yum install ppp

5. Install pptpd

[Root @ server05 ~] # Yum installpptpd

6. Edit the/etc/ppp/options.ppt pd file.

[Root @ server05 ~] # Vim/etc/ppp/options.ppt pd

ms-dns172.16.1.5# Because I have a dns server on the Intranet, I fill in the Intranet dns server address. If there is no intranet dns, enter the dns address provided by the supplier;ms-dns172.16.1.7# Backup dns

7. Edit the/etc/pptpd. conf file.

[Root @ server05 ~] # Vim/etc/pptpd. conf

localip10.0.0.1# Vpn dial the IP address of the user server (you can also write it as 10.0.0.1-100, so that each client will correspond to a separate server IP address)remoteip10.0.0.101-200# Vpn dial in the user client to dynamically allocate an address pool

8. Set the VPN account password and edit the/etc/ppp/chap-secrets file.

[Root @ server05 ~] # Vim/etc/ppp/chap-secrets

#clientserversecretIPaddressestestpptpd123456*testvpnpptpd123456*# Column 1st is the user name used to log on to the vpn Client, column 3rd is the password used to log on to the vpn Client, and column 4th is the IP address definition of the host of the login user, "*" indicates any IP address.

9. Modify the kernel settings to support forwarding and edit the/etc/sysctl. conf file.

[Root @ server05 ~] # Vim/etc/sysctl. conf

net.ipv4.ip_forward=1# Change "net. ipv4.ip _ forward" to 1

Make the modified configuration take effect:

[Root @ server05 ~] # Sysctl-p

# If an error is reported:error:"net.bridge.bridge-nf-call-ip6tables"isanunknownkeyerror:"net.bridge.bridge-nf-call-iptables"isanunknownkeyerror:"net.bridge.bridge-nf-call-arptables"isanunknownkey

# Solution

[Root @ server05 ~] # Modprobe bridge

[Root @ server05 ~] # Lsmod | grep bridge # View

[Root @ server05 ~] # Sysctl-p # reload the configuration file

10. Start pptpd

[Root @ server05 ~] # Service pptpd start # start the service

Startingpptpd:[OK]

[Root @ server05 ~] # Chkconfig pptpd on # Add the startup Item

[Root @ server05 ~] # Chkconfig -- list pptpd # view startup

[Root @ server05 ~] # Ss-tnl # pptpd service listening port 1723

StateRecv-QSend-QLocalAddress:PortPeerAddress:PortLISTEN03*:1723*:*

11. Set iptables policies

[Root @ server05 ~] # Iptables-F # clear existing iptables policies;

[Root @ server05 ~] # Iptables-tnat-a postrouting-s 10.0.0.0/24-j MASQUERADE # Set IPTABLES forwarding policy;

[Root @ server05 ~] # Serviceiptables save # save iptables settings

Ii. xp Client test (my server and test machine are in the same LAN ):

Check the IP address of the client from the server side;

[Root @ server05 ~] # Ip addr

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNlink/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostloinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000link/ether08:00:27:8d:6d:c9brdff:ff:ff:ff:ff:ffinet192.168.10.65/24brd192.168.10.255scopeglobaleth1inet6fe80::a00:27ff:fe8d:6dc9/64scopelinkvalid_lftforeverpreferred_lftforever3:ppp0:<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP>mtu1396qdiscpfifo_faststateUNKNOWNqlen3link/pppinet10.0.0.1peer10.0.0.101/32scopeglobalppp0

[Root @ server05 ~] # Ping 10.0.0.101 # the server can also communicate with the client;

PING10.0.0.100(10.0.0.100)56(84)bytesofdata.64bytesfrom10.0.0.100:icmp_seq=1ttl=128time=1.80ms64bytesfrom10.0.0.100:icmp_seq=2ttl=128time=3.02ms64bytesfrom10.0.0.100:icmp_seq=3ttl=128time=2.82ms64bytesfrom10.0.0.100:icmp_seq=4ttl=128time=1.93ms---10.0.0.100pingstatistics---4packetstransmitted,4received,0%packetloss,time3286msrttmin/avg/max/mdev=1.807/2.398/3.027/0.535ms

3. Connect the Linux client to the vpn Server:

[Root @ server06 ~] # Iptables-F # Clear the default iptables rules

[Root @ server06 ~] # Yum-y install ppp pptp-setup # install related packages

[Root @ server06 ~] # Pptpsetup -- create testvpn -- server 192.168.10.65 -- username test -- password 123456 -- encrypt -- start # create a vpn connection named testvpn

Usinginterfaceppp0Connect:ppp0<-->/dev/pts/1CHAPauthenticationsucceededMPPE128-bitstatelesscompressionenabledlocalIPaddress10.0.0.100remoteIPaddress10.0.0.1

[Root @ server06 ~] # Cat/etc/ppp/peers/testvpn # This file is the vpn connection information generated by the previous command;

[Root @ server06 ~] # Ip add # view the IP address. You can see that PPP0 has obtained the vpn ip address;

1:lo:<LOOPBACK,UP,LOWER_UP>mtu65536qdiscnoqueuestateUNKNOWNlink/loopback00:00:00:00:00:00brd00:00:00:00:00:00inet127.0.0.1/8scopehostloinet6::1/128scopehostvalid_lftforeverpreferred_lftforever2:eth1:<BROADCAST,MULTICAST,UP,LOWER_UP>mtu1500qdiscpfifo_faststateUPqlen1000link/ether08:00:27:d2:d5:71brdff:ff:ff:ff:ff:ffinet192.168.10.66/24brd192.168.10.255scopeglobaleth1inet6fe80::a00:27ff:fed2:d571/64scopelinkvalid_lftforeverpreferred_lftforever8:ppp0:<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP>mtu1496qdiscpfifo_faststateUNKNOWNqlen3link/pppinet10.0.0.100peer10.0.0.1/32scopeglobalppp0

[Root @ server 06 ~] # Route add-net 0.0.0.0 dev ppp0 # add a default route. If no route entry is added, communication with other vpn clients will fail.

[Root @ server06 ~] # Ping10.0.0.1 # test whether the server can be successfully connected

PING10.0.0.1(10.0.0.1)56(84)bytesofdata.64bytesfrom10.0.0.1:icmp_seq=1ttl=64time=2.39ms

[Root @ server06 ~] # Ping10.0.0.101 # test connection to other vpn clients

PING10.0.0.101(10.0.0.101)56(84)bytesofdata.64bytesfrom10.0.0.101:icmp_seq=1ttl=127time=8.72ms64bytesfrom10.0.0.101:icmp_seq=2ttl=127time=5.73ms

Try to disconnect and reconnect:

[Root @ server06 ~] # Ps aux | grep vpn

root19680.00.026564772?Ss14:340:00pppdcallvpnupdetachroot20890.00.0103244856pts/0S+15:160:00grepvpn

[Root @ server06 ~] # Killed 1968

[Root @ server06 ~] # Ip add # Check the IP address again !!!

[Root @ server06 ~] # Pppd call testvpn # reconnect to the vpn Server. Here, testvpn is the connection file generated during the first creation;

Note: The IP address is obtained again. However, you cannot connect to other vpn clients at this time, because the default route is unavailable !!!! You need to add a new default route !!!

[Root @ server06 ~] # Route add-net 0.0.0.0 dev ppp0

[Root @ server06 ~] # Ping 10.0.0.101

PING10.0.0.101(10.0.0.101)56(84)bytesofdata.64bytesfrom10.0.0.101:icmp_seq=1ttl=127time=5.67ms64bytesfrom10.0.0.101:icmp_seq=2ttl=127time=4.87ms

The test is complete !!!!