秋天的博客

2.下载pptpd最新版本的rpm包（比自己编译方便多了，删除也方便）
wget http://poptop.sourceforge.net/yu … -1.rhel5.1.i386.rpm

3.安装下载好的rpm包
rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

4.设置pptpd解析用的dns（把ms-dns前的#号去掉，#号代表注释，填上opendns的服务器地址）
vi /etc/ppp/options.pptpd
ms-dns 208.67.222.222
ms-dns 208.67.220.220

5.设置拨号时候用的：用户名、拨号方式、用户密码、来源ip地址（用户名和密码可以随便设置，拨号方式只能填pptpd，来源ip用*号代表不限制）
vi /etc/ppp/chap-secrets
myusername pptpd mypassword *

6.设置本地ip和远端ip（本地ip就是你等一下建立拨号后分配给你的，远端ip是分配给服务器的）
vi /etc/pptpd.conf
localip 192.168.9.1
remoteip 192.168.9.11-30

7.设置ip转发状态为生效，然后立即载入（和第9步的NAT转发有关）
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p

8.启动pptpd服务，并且设置为开机启动
/sbin/service pptpd start
chkconfig pptpd on

9.启动iptables规则，设置NAT转发，然后保存（iptables本身就是开机启动的，不需要再用chkconfig iptables on了）
/sbin/service iptables start
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.9.0/24 -j MASQUERADE
service iptables save

10.在windows下本地连接里建立vpn拨号，输入用户名和密码，就连接上了。

—————–
First make sure that you have ppp installed.

yum install ppp

In my case it was already installed, so I got the message ‘Package ppp – 2.4.4-1.el5.x86_64 is already installed’.

After you make sure that you have ppp installed, download and install Poptop. You can get the RHEL/CentOS 5 RPMs from http://poptop.sourceforge.net/yum/stable/rhel5/. I was using 64 bit version of CentOS 5. So I downloaded and installed the 64 bit (x86_64) version of the RPM.

wget http://poptop.sourceforge.net/yum/stable/rhel5/x86_64/pptpd-1.3.4-1.rhel5.1.x86_64.rpm

rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm

After installing Poptop, open the file /etc/pptpd.conf.

nano /etc/pptpd.conf

Go to the end of the file where you can see examples of localip and remoteip. Below them add your own values for localip and remoteip.

localip 10.0.0.1
remoteip 10.0.0.10-100

In the above, 10.0.0.1 will be used for the ppp interface and 10.0.0.10 – 10.0.0.100 will be assigned to the clients. You can also use different private IPs in ‘localip’ and ‘remoteip’, like 10.20.26.1 and 10.20.26.10-100. The OpenVPN documentation has some good info about numbering private subnets. Click here to check it out.

Next, open the file /etc/ppp/options.pptpd.

nano /etc/ppp/options.pptpd

Uncomment the ms-dns lines (by removing the ‘#’ in front of them) and change them to the dns servers provided by your ISP or to public DNS servers like ones provided by OpenDNS.

ms-dns 208.67.222.222
ms-dns 208.67.220.220

Thats all you need to change in the options.pptpd file. Next you will need to edit the file /etc/ppp/chap-secrets to add usernames and passwords for your clients. You need to enter the usernames and passwords in the following format.

# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
username2 pptpd password2 *

You can also put a * in place of ‘pptpd’ just like there is a * below ‘IP addresses’. Also instead of a * below ‘IP addresses’ you can put the IP address from which the client will be connecting.

IP Forwarding and Firewall Rules

Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1.

net.ipv4.ip_forward = 1

To make the changes to sysctl.conf take effect, use the following command.

sysctl -p

Or you can also use the following command to enable IP forwarding temporarily.

echo 1 > /proc/sys/net/ipv4/ip_forward

Next, configure iptables to do NAT.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Next, we need to allow TCP port 1723 and the GRE protocol through iptables.

iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT

The following iptables rules are necessary if you want to be able to route all your internet traffic through the VPN server.

iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

Now start the PPTP server if you haven’t already.

service pptpd start

相关文章:

1. BuyVM OpenVZ VPS CentOS搭建PPTP VPN
2. OpenVPN服务自动设置客户端路由表
3. VPN连接后不能打开网页问题
4. CentOS安装L2TP/IPSec
5. L2TP/IPSec : iPhone/iPad断开VPN连接后不能再连接成功