How to install pptp service on Centos 6.2 by yum
請先確定 network 是否已經調配完成
SETP 1
yum install -y ppp wget (未安裝時....)
rpm -ivh http://li.nux.ro/download/nux/misc/el6/x86_64/pptpd-1.3.4-1.el6.nux.x86_64.rpm
STEP 2
cp /etc/ppp/options /etc/ppp/options.bak
cp /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak
cp /etc/pptpd.conf /etc/pptpd.conf.bak
STEP 3
vim /etc/ppp/options
holdoff 600
nobsdcomp
novj
novjccomp
nologfd
auth
lock
debug
proxyarp
name lab_vpn-test ( 主機名稱 )
multilink
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
require-mschap-v2
require-mppe
#require-mppe-128
#ms-dns 168.95.1.1
dump
logfile /var/log/ppp/pptpd.log
STEP 4
vim /etc/pptpd.conf
speed 115200
option /etc/ppp/options
debug
localip 11x.1xx.9x.1xx ( WAN IP)
remoteip 192.168.1.100-200 (LAN IP,撥號進來取得的IP為192.168.1.100~200之間的IP)
STEP 5
vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
test lab_vpn-test "12345" *
( 帳號 / 主機名稱 / "密碼" / *表示依 remoteip設定的 ip range取得內部IP )
STEP 6
(centos 6.x)
yum install http://vesta.informatik.rwth-aachen.de/ftp/pub/Linux/fedora-epel/6/x86_64/epel-release-6-8.noarch.rpm
(centos 5.x)
rpm -ivh http://vesta.informatik.rwth-aachen.de/ftp/pub/Linux/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm
yum install -y xl2tpd
cp /etc/xl2tpd/xl2tpd.conf /etc/xl2tpd/xl2tpd.conf.bak
STEP 7
vim /etc/xl12tpd/xl2tpd.conf
auth file = /etc/ppp/chap-secrets
[lns default]
ip range = 192.168.1.100-200
local ip = 11x.1xx.9x.1xx
; leave chap unspecified for maximum compatibility with windows, iOS, etc
require chap = yes
refuse pap = yes
require authentication = yes
name = LinuxVPNserver
ppp debug = yes
pppoptfile = /etc/ppp/options
length bit = yes
STEP 8 設定IPTABLE
vim ~/iptables.sh
modprobe ip_tables
modprobe iptable_nat
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe iptable_filter
modprobe ip_conntrack
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -X
iptables -Z
iptables -F -t filter
iptables -X -t filter
iptables -Z -t filter
iptables -F -t nat
iptables -X -t nat
iptables -Z -t nat
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P POSTROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
########################INPUT######################
iptables -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p tcp --dport 47 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -j ACCEPT
#######################FORWARD######################
iptables -A FORWARD -p TCP --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 1300:1536 -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -j ACCEPT
##############################OUTPUT################################
iptables -A OUTPUT -j ACCEPT
#############################POSTROUTING##############################
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
存檔離開,執行iptables.sh
sh ~/iptables.sh
STEP 9
chkconfig pptp on;chkconfig xl12tpd on;chkconfig iptables on
service pptp start;service xl2tpd start;service iptables start
SETP 10
netstat -ntlp
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 10477/pptpd
※ tail -f /var/log/messages (觀察有無錯誤訊息)
Windows 平台 VPN Server 建置方式
沒有留言:
張貼留言