The process of constructing VPN service based on PPTP protocol on CentOS

Source: Internet
Author: User
Tags centos iptables

About PPTP

Point-to-Point Tunneling Protocol (English: point to Point Tunneling Protocol, abbreviated to PPTP) is one way to implement a virtual private network (VPN). PPTP uses Transmission Control Protocol (TCP) to create controlling channels to send control commands and to encapsulate Point-to-Point Protocol (PPP) packets to send data using the generic Routing Encapsulation (GRE) channel. This agreement was first developed by manufacturers such as Microsoft.

The PPTP protocol specification itself does not describe the encryption or authentication part, it relies on Point-to-Point Protocol (PPP) to implement these security features. Because the PPTP protocol is built into the Microsoft Windows System family of products, in the Microsoft Point-to-Point Protocol (PPP) protocol stack, a variety of standard authentication and encryption mechanisms are provided to support PPTP. In a Microsoft Windows system, it can be authenticated with PAP, CHAP, Ms-chap v1/v2, or EAP-TLS. It can also be used with Microsoft Point-to-Point Encryption (MPPE) or IPSec encryption mechanisms to improve security.

In addition to Windows or Mac OS platforms, platforms such as Linux and FreeBSD also provide open source versions.

PPTP makes a general point-to-point transmission to the other in the Generic Routing Encapsulation (GRE) protocol. Initiates and manages the GRE status through the TCP1723 port. Because PPTP requires 2 network states, it makes it difficult to traverse a firewall. Many firewalls do not fully pass the connection, causing the connection to fail. On Windows or Mac OS platforms, typically PPTP can be authenticated with MSCHAP-V2 or EAP-TLS, or it can be encrypted when connected to Microsoft Point-to-Point Encryption (MPPE).

Another common VPN protocol similar to PPTP is the second-tier Tunneling Protocol (L2TP).

Build steps

1, check whether the server has the necessary support. If the check results do not support this, PPTP cannot be installed. Execution Instructions:

The code is as follows:

#modprobe ppp-compress-18 && Echo OK

After this execution, the show "OK" indicates the pass. But then you need to do another check and enter the instructions:

The code is as follows:

#cat/dev/net/tun

If the instruction shows the result to the following text, it means:

The code is as follows:

Cat:/dev/net/tun:file Descriptor in

All of the above two passes to install PPTP. Otherwise you can only consider OpenVPN, or ask your service provider to solve this problem.

2, the installation of PPP and iptables. By default, the complete CentOS is provided with these two components, but a compact version of the system may not. We enter the following command to confirm that if it is not installed, some of the system will not do any action:

#yum install-y PPP Iptables

3, install PPTP. This software is not in the Yum source, we need to manually download. Let's switch to the TMP directory first:

#cd/tmp

Then execute the following command to download the PPTP installation package:

The code is as follows:

#wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm

(32-bit system use)

The code is as follows:

#wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.x86_64.rpm

(64-bit system use)

If your CentOS is 32-bit, execute the 32-bit instruction, and if it is a 64-bit CentOS, execute the 64-bit instruction. Be careful not to get it wrong.

Next, you install PPTP, which is also divided into 32-bit and 64-bit systems:

The code is as follows:

#rpm-IVH pptpd-1.3.4-1.rhel5.1.i386.rpm

(32-bit system use)

The code is as follows:

#rpm-IVH pptpd-1.3.4-1.rhel5.1.x86_64.rpm

(64-bit system use)

4, configure PPTP. First we want to edit the/etc/pptpd.conf file:

The code is as follows:

#vim/etc/pptpd.conf

Locate both the "Locapip" and "REMOTEIP" configuration items, and the preceding ";" The annotation character is removed and changed to the IP segment value you expect. Localip indicates that the server's IP,REMOTEIP represents the IP address assigned to the client and can be set to an interval. Here we use the PPTP default configuration:

The code is as follows:

Localip 192.168.0.1

Remoteip 192.168.0.234-238,192.168.0.245

Note that the IP segment settings here will directly affect the following Iptables rule add command. Please note that the matching is correct, if you are too troublesome, it is recommended to use the configuration of this article, you can always copy the command and text used.

Next we edit the/etc/ppp/options.pptpd file and add Google DNS to the VPN:

The code is as follows:

#vim/etc/ppp/options.pptpd

Add the following two lines at the end:

The code is as follows:

Ms-dns 8.8.8.8

Ms-dns 8.8.4.4

5, set the PPTP VPN account password. We need to edit/etc/ppp/chap-secrets this file:

The code is as follows:

#vim/etc/ppp/chap-secrets

In this file, according to the "Username pptpd password *" Written in the form of a line of account and password. For example, if you add a user named Test with a password of 1234, edit the following:

The code is as follows:

Test PPTPD 1234 *

6, modify the kernel settings, so that it supports forwarding. Edit/etc/sysctl.conf File:

The code is as follows:

#vim/etc/sysctl.conf

Change "Net.ipv4.ip_forward" to 1, into the following form:

The code is as follows:

Net.ipv4.ip_forward=1

Save the exit and execute the following command to take effect on it:

The code is as follows:

#sysctl-P

7, add iptables forwarding rules.

The code is as follows:

Iptables-t nat-a postrouting-s 192.168.85.0/24 (PPTP client IP-j SNAT--to 192.168.0.105 (to issue public network IP)

We then enter the following instructions to let iptables save our forwarding rules so that we do not need to add them again after restarting the system:

The code is as follows:

#/etc/init.d/iptables Save

Then we restart Iptables:

The code is as follows:

#/etc/init.d/iptables restart

8, restart the PPTP service. Enter the following instruction to restart PPTP:

The code is as follows:

#/etc/init.d/pptpd restart

Now you can connect your VPN and browse the Web. But we still need to take the final step.

9, set up automatic operation service. Our final step is to set PPTP and iptables to boot autorun so that you do not have to start the service manually each time you restart the server. Of course you do not need to start the service automatically, you can ignore this step. Input directive:

The code is as follows:

#chkconfig pptpd on

#chkconfig iptables on

That's it.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.