1. see if your host supports PPTP, returns the result is Yes, which means that passed.
modprobe ppp-compress-18 && echo yes
2. turn the TUN, need to open the virtual machine host and returns the result as a cat:/dev/net/tun:File descriptor in bad state.Said.
cat /dev/net/tun
3. install the PPP, pptpd and iptables.
A. install PPP and pptpd
yum -y install ppp pptpd
B. iptables installed. This is the, if not, then install.
yum -y install iptables
4. configure pptpd.CONF.
/Pptpd.conf # find LocalIP
localip 172.16.195.1
remoteip 172.16.195.101-200
#Localip this line is to set up a tunnel the VPN server IP
#Remoteip is a range of IP addresses automatically assigned to the client.
5. configure options.pptpd
/PPP/options.pptpd # add at the end of the DNS
# Remove debug the # in front, turn on logging
MS-DNS 8.8.8.8 # this is Google, you can also change companyor other
ms-dns 8.8.4.4
logfile /var/log/pptpd.log
6. configure the VPN client account password to be used.
/PPP/CHAP-secrets # format is easy to understand.
# Client accounts, server pptpd service, secret password, * denotes is assigned any IP
# Secrets for authentication using CHAP
# client server secret IP addresses
user pptpd pwd *
7. configure sysctl.conf
vi /etc/sysctl.conf
# Add NET.IPv4.ip_forward = 1 # to the end of a line, and thensave it, this is very important, system routing mode.
# Run the command to add the line above will output information, meaning that the kernel changes to take effect
8. this time turn off iptables can connect VPN, was to be shut down because there is no iptables open VPN ports, customers if direct connection is not allowed. Also need to Setup iptables forward rules here, let your clients connected can access the Internet.
/sbin/iptables -t nat -A POSTROUTING -s 172.16.195.0/24 -o eth0 -j SNAT –to-source 10.175.249.241
/sbin/iptables -t nat -A POSTROUTING -s 10.175.249.0/24 -o eth1 -j SNAT –to-source 58.96.183.250
/sbin/iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Destination network VPN‘s internal network is 10.175.249.0/24,VPN server has 2 network cards, one card even private networks(eth0), IP is 10.175.249.241, the other connecting public network (eth1), the IP address is 58.96.183.250. This normally involvednetwork routing.
9. this time is not on the connection because iptables intercept client VPN connections, connections are not allowed, so I had toopen the appropriate ports.
Specific port you can check yourself, I is the default, if you have not changed it will be the default.
iptables -I INPUT -p tcp –dport 1723 -j ACCEPT
iptables -I INPUT -p tcp –dport 47 -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
10. to be safe, you should restart pptpd and iptables services entered into force.
systemctl restart iptables
systemctl restart pptpd
11.VPN server build is complete.