Steps for building a vpn pptp server under RHEL/Centos/Fedora/

 

Vpn has been used for many years. However, due to laziness, I have never written any articles about how to build a vpn server. This year I am interested in this. I would like to share with you the process of building a vpn server, it is easy to write. Do not make a brick. Vpn is widely used. It can be said that most of the network worms and technical units need to use it. However, before reading the following, please first check whether your server supports pptp vpn servers. For details, please execute the command

Modprobe ppp-compress-18 & echo OK

If the output is OK, continue. If it is not OK, the server does not support it. The following article may be useless to you.

Step 1: install pptpd

In general, you can directly install pptpd using yum to execute

Yum list pptpd

If yes, execute

Yum install pptpd

If you do not need to download the file to sf.net, run the following command to install the file:

Cd/usr/local/src
 
# For 64bit OS
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
Rpm-Uhv pptpd-1.4.0-1.el6.x86_64.rpm
 
# For 32bit OS
Wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.i686.rpm
Rmp-Uhv pptpd-1.4.0-1.el6.i686.rpm
The pptpd vpn server has been installed.

Pptp vpn server configuration

Configure the pptp vpn IP address
Edit/etc/pptpd. conf:

Vim/etc/pptpd. conf

Locate 39 lines of logwtmp and add the # comment (for details, see: Solve the PTY read or GRE write failed problem on the VPN server), and set the local ip address (localip) and the client ip address (remoteid) the allocated ip address is approximately 102 rows.

# Logwtmp
 
Localip 192.168.0.1
Remoteip 192.168.0.234-238,192.168 .0.245

In this way, the ip address above the pptp vpn server is 192.168.0.1 for forwarding. The client can assign the ip address segment as remoteip and set the ip address segment as needed.

Add pptp vpn account and password

Edit/etc/ppp/chap-secrets in the following format:
Name of the user name pptpd (default: pptpd) password IP address

Note: the location must be correct. Enter * for the random allocation of the last IP address, but add it. Otherwise, an error occurs during verification. The specific example is as follows:

# Client server secret IP addresses
Vpnuser0 pptpd vpnpass1 *
Configure the pptp vpn dns server

Use google's DNS server to edit the/etc/ppp/options.ppt pd file.

Vim/etc/ppp/options.ppt pd
# Change ms-dns:
 
Ms-dns 8.8.8.8
Ms-dns 4.2.2.2
 
# We recommend that you enable the debugging mode and cancel the # sign before the following text to cancel the comment.
Debug

Enable the network forwarding function

# Open/etc/sysctl. conf
Vim/etc/sysctl. conf
# Add (if any, remove the # sign above to cancel the comment)
Net. ipv4.ip _ forward = 1
# Execute the following command to make the previous operation take effect in the system
Sysctl-p
 

Pptp vpn firewall configuration

The above steps can basically connect to the vpn server after the restart, but to allow external users to connect to the pptp vpn, you also need to open port 1723 and Port 47 of the Linux server in the firewall, and enable the GRE protocol:

# Note that the following eth1 is a network card, which usually has an internal network card and an external network card. Run the ifconfig command to view
# Select the NIC that is displayed as an Internet ip address
Iptables-a input-I eth1-p tcp -- dport 1723-j ACCEPT
Iptables-a input-I eth1-p gre-j ACCEPT
Iptables-t nat-a postrouting-o eth1-j MASQUERADE
# Save the firewall settings and restart the firewall
Service iptables save
Service iptables restart
If "Failed to restart iptables. service: Unit iptables. service failed to load: No such file or directory." is displayed, you cannot find iptables service in RHEL 7/CentOS 7/Fedora.

Debug the pptp vpn server

# Enable pptpd
Service pptpd restart
# Set start pptpd
Chkconfig pptpd on
By the preceding steps, the configuration has been completed. Next, connect to the client and run the following command to view the pptp vpn server log.

Tail-f/var/log/messages

If it is normal, the job can be closed. If there is a problem, please automatically crawl the text according to the log prompt