之前用的centos 6搭建pptpd.vpn一键包失效了。
熟悉linux基础的朋友,手动搭建下pptpd/vpn也不是很难。
服务器操作系统:CentOS 6.X 64位
服务器IP地址:45.33.55.150
一、检查服务器系统环境是否支持安装pptp/vpn
1、检查系统内核是否支持MPPE补丁
modprobe ppp-compress-18 &&echo success
显示success说明系统支持MPPE补丁,如果不支持,需要先安装kernel-devel
yum install kernel-devel
======================================
[[email protected] ~]# modprobe ppp-compress-18 &&echo success
FATAL: Module ppp_mppe not found.
[[email protected] ~]# yum install kernel-devel
Running Transaction
Installing : kernel-devel-2.6.32-573.12.1.el6.x86_64 1/1
Verifying : kernel-devel-2.6.32-573.12.1.el6.x86_64 1/1
Installed:
kernel-devel.x86_64 0:2.6.32-573.12.1.el6
Complete!
========================================
2、检查系统是否开启TUN/TAP支持
cat /dev/net/tun
如果这条指令显示结果为下面的文本,则表明通过:
cat: /dev/net/tun: File descriptor in bad state
=================================
[[email protected] ~]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
=================================
3、检查系统是否开启ppp支持
cat /dev/ppp
如果这条指令显示结果为下面的文本,则表明通过:
cat: /dev/ppp: No such device or address
============================
[[email protected] ~]# cat /dev/ppp
cat: /dev/ppp: No such device or address
============================
上面三条必须同时满足,否则不能安装pptp/ vpn
二、安装ppp和pptpd
wget -c http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.5-33.0.rhel6.x86_64.rpm
wget -c http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -ivh ppp-2.4.5-33.0.rhel6.x86_64.rpm 【安装ppp】
rpm -ivh pptpd-1.4.0-1.el6.x86_64.rpm【安装pptpd】
三、配置pptpd
1、vi /etc/ppp/options.pptpd
修改默认的
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
变成:
ms-dns 8.8.8.8 #添加主DNS服务器地址
ms-dns 8.8.4.4 #添加备DNS服务器地址
2、vi /etc/ppp/chap-secrets #设置pptp拨号用户和密码(可以设置多个用户,每行一个)
# Secrets for authentication using CHAP
# client server secret IP addresses
laoyi2 pptpd laoyi2 *
格式:用户名 pptpd 密码 *
其中*表示为客户端自动分配IP地址
3、vi /etc/pptpd.conf #设置pptp服务器IP地址,设置vpn拨入客户端ip地址池
默认是
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
修改成
localip 192.168.11.1 #设置pptp虚拟拨号服务器IP地址(注意:不是服务器本身的IP地址)
remoteip 192.168.11.2-254 #为拨入vpn的用户动态分配192.168.11.2~192.168.11.254之间的IP地址
/sbin/service pptpd start #启动pptp
/etc/init.d/pptpd stop #关闭
service pptpd restart #重启
chkconfig pptpd on #设置开机启动
======================================
[[email protected] ~]# /sbin/service pptpd start
Starting pptpd: [ OK ]
[[email protected] ~]# /etc/init.d/pptpd stop
Shutting down pptpd: [ OK ]
[[email protected] ~]# service pptpd restart
Shutting down pptpd: [FAILED]
Starting pptpd: [ OK ]
Warning: a pptpd restart does not terminate existing
connections, so new connections may be assigned the same IP
address and cause unexpected results. Use restart-kill to
destroy existing connections during a restart.
[[email protected] ~]# chkconfig pptpd on
========================================
四、开启服务器系统路由模式,支持包转发
vi /etc/sysctl.conf #编辑
net.ipv4.ip_forward = 1 #设置为1
#net.ipv4.tcp_syncookies = 1 #注释掉
:x保存后,执行
/sbin/sysctl -p #使设置立刻生效
五、设置防火墙转发规则
yum install iptables #安装防火墙
service iptables start #启动防火墙
iptables -t nat -A POSTROUTING -s 192.168.11.0/255.255.255.0 -j SNAT --to-source 45.33.55.150 #添加规则
iptables -A FORWARD -p tcp --syn -s 192.168.11.0/255.255.255.0 -j TCPMSS --set-mss 1356 #添加规则 |
iptables -t nat -A POSTROUTING -s 192.168.11.0/255.255.255.0 -j SNAT --to-source 45.33.55.150 #添加规则
iptables -A FORWARD -p tcp --syn -s 192.168.11.0/255.255.255.0 -j TCPMSS --set-mss 1356 #添加规则
/etc/init.d/iptables save #保存防火墙设置
======================================
[root@li1005-150 ~]# iptables -t nat -A POSTROUTING -s 192.168.11.0/255.255.255.0 -j SNAT --to-source 45.33.55.150
[root@li1005-150 ~]# iptables -A FORWARD -p tcp --syn -s 192.168.11.0/255.255.255.0 -j TCPMSS --set-mss 1356
[root@li1005-150 ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] |
[[email protected] ~]# iptables -t nat -A POSTROUTING -s 192.168.11.0/255.255.255.0 -j SNAT --to-source 45.33.55.150
[[email protected] ~]# iptables -A FORWARD -p tcp --syn -s 192.168.11.0/255.255.255.0 -j TCPMSS --set-mss 1356
[[email protected] ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
=======================================
六、开启pptp服务端口tcp 1723,设置vpn拨入客户端ip地址池192.168.11.0/255.255.255.0通过防火墙
vi /etc/sysconfig/iptables #编辑,添加以下代码
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT |
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -s 192.168.11.0/255.255.255.0 -j ACCEPT
:wq! #保存,退出
备注:
#45.33.55.150为服务器IP地址
#192.168.11.0/255.255.255.0是第三步中设置的pptp虚拟拨号服务器IP地址段
/etc/init.d/iptables restart #重启防火墙
chkconfig iptables on #设置开机启动
=======================
[[email protected] ~]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 37 failed
[FAILED] 提示失败
===========
换个方法:
[root@li1005-150 ~]# /sbin/iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
[root@li1005-150 ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@li1005-150 ~]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ],提示ok了。 |
[[email protected] ~]# /sbin/iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
[[email protected] ~]# /etc/rc.d/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[[email protected] ~]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: security raw nat[FAILED]filter
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ],提示ok了。
============================
七、设置开机自动建立ppp设备节点(系统重新启动后有可能会丢失此文件,导致pptp客户端拨号出现错误619)
vi /etc/rc.d/rc.local #编辑
mknod /dev/ppp c 108 0 #在文件最后添加此行代码
:wq! #保存,退出
至此,CentOS下PPTP VPN服务器搭建完成,可以在Windows客户端建立VPN连接,输入服务器外网IP地址,用上面配置的账号、密码进行连接。
最新评论