Erection pptp server centos

PPTP (Point to Point Tunneling Protocol, point-to-Point Tunneling Protocol)

 

The default port number: 1723

 

PPTP, the PPTF agreement. It is a PPP protocol on the basis of the development of a new enhanced security protocols, supports multiprotocol virtual private networks (VPN), you can use password authentication protocol (PAP), Extensible Authentication Protocol (EAP) and other methods to increase security. Allowing remote users by dialing into the ISP, through direct connection to Internet or other network secure access to the corporate network.

 

Point to Point Tunneling Protocol (PPTP) is a networking technology that supports multiprotocol virtual private networks, it works on the second floor. Through the agreement, remote users can use Microsoft Windows NT Workstation, Windows XP, and Windows 2000 and Windows2003, Windows7 operating systems and other systems with point to point protocol over secure access to the corporate network and dial-up connected to a local ISP, through Internet Security linked to the corporate network.

 

PPTP is a point to Point Tunneling Protocol, the separation of control and data packets, control packets using TCP control. PPTP uses the TCP protocol, intended to be used in a network that do not have firewall restrictions.

 

, PPTP server deployment operations:

 

Server

 

IP address

 

Description

 

Server05 (centos6.6)

 

192.168.10.65(vpn:10.0.0.1)

 

Vpn-server server

 

Windows-xp

 

192.168.10.69

 

Vpn-client client

 

Server06 (centos6.6)

 

192.168.10.66

 

Vpn-client client

 

1, check the system kernel supports MPPE patch

 

[root@server05 ~]# modprobe ppp-compress-18 && echo ok

 

# Display OK system supporting MPPE patch, if not support, first install kernel-devel install command: yum install kernel-devel

 

Open TUN/TAP 2, check whether the system supports

 

[root@server05 ~]# cat /dev/net/tun

 

Cat:/dev/net/tun:File descriptor in bad state # if you see this message, it means that by

 

3, check if the system is turn on PPP support

 

[root@server05 ~]# cat /dev/ppp

 

Cat:/dev/ppp:No such deviceor address # if you see this message, it means that by

 

Note: the above three articles must meet, you cannot install pptpvpn.

 

4, install PPTP dependent package PPP

 

[root@server05 ~]# yum install ppp

 

5, installed pptpd

 

[root@server05 ~]# yum installpptpd

 

6. edit the/etc/ppp/options.pptpd file.

 

[root@server05~]# vim /etc/ppp/options.pptpd
MS-DNS 172.16.1.5 intranet because DNS servers # me, so fill out the intranet DNS server address, if there is no internal network DNS needs to fill in the DNS address of the supplier;
Ms-dns172.16.1.7 # alternate DNS

 

7. edit the/etc/pptpd.conf file.

 

[root@server05 ~]# vim /etc/pptpd.conf
LocalIP IP address 10.0.0.1 #VPN dial-in user server, (also written as 10.0.0.1-100, so that each client corresponds to a separate server IP)

 

Remoteip 10.0.0.101-200 # VPN dial-in user clients are dynamically assigned address pool

 

8. set the VPN account password, edit the/etc/PPP/CHAP-secrets file.

 

[root@server05~]# vim /etc/ppp/chap-secrets
#client server secret IPaddresses
test pptpd 123456 *
testvpn pptpd 123456 *
# 1th column is a VPN client user name, and the 3rd is a VPN client password, the 4th column of the user who is logged on the host‘s IP address defined, * can be any IP address.

 

9. modify the kernel settings to support forwarding, edit/etc/sysctl.conf file.

 

[root@server05~]# vim /etc/sysctl.conf

 

NET.IPv4.ip_forward = 1 # net.IPv4.ip_forward value to 1

 

The modified configuration to take effect:

 

[root@server05~]# sysctl -p
# If an error:
error:”net.bridge.bridge-nf-call-ip6tables” is an unknown key
error: “net.bridge.bridge-nf-call-iptables”is an unknown key
error:”net.bridge.bridge-nf-call-arptables” is an unknown key

 

# Workaround

 

[root@server05 ~]# modprobe bridge

 

[Root@server05 ~]# lsmod |grep bridge # to view

 

[Root@server05 ~]# # reload configuration file

 

10, start the pptpd

 

[Root@server05 service ~]# service pptpd start # start

 

Starting pptpd: [ OK ]

 

[Root@server05 ~]# chkconfig pptpd on # add boot entries

 

[Root@server05 ~]# chkconfig–list pptpd # to view boot

 

[Root@server05 ~]# #pptpd service listens to port 1723
State Recv-Q Send-Q LocalAddress:Port Peer Address:Port
LISTEN 0 3 *:1723 *:*

 

11. set iptables policy

 

[Root@server05 ~]# # clear the iptables policy;

 

[Root@server05 ~]# 10.0.0.0/MASQUERADE # set the IPTABLESa forward strategy;

 

[Root@server05 ~]# serviceiptables save save # iptables settings

 

Second, the XP client tests (my server and test the machines are on the same local area network):

 

View IP addresses from the server side, you can also see the IP address of the client;

 

[root@server05 ~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:8d:6d:c9 brdff:ff:ff:ff:ff:ff
inet 192.168.10.65/24 brd 192.168.10.255scope global eth1
inet6 fe80::a00:27ff:fe8d:6dc9/64 scopelink
valid_lft forever preferred_lft forever
3: ppp0:<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc pfifo_fast stateUNKNOWN qlen 3
link/ppp
inet 10.0.0.1 peer 10.0.0.101/32 scopeglobal ppp0

 

[Root@server05 ~]# ping 10.0.0.101 # server-side and client-side communication;
PING 10.0.0.100 (10.0.0.100)56(84) bytes of data.
64 bytes from 10.0.0.100:icmp_seq=1 ttl=128 time=1.80 ms
64 bytes from 10.0.0.100:icmp_seq=2 ttl=128 time=3.02 ms
64 bytes from 10.0.0.100:icmp_seq=3 ttl=128 time=2.82 ms
64 bytes from 10.0.0.100:icmp_seq=4 ttl=128 time=1.93 ms
— 10.0.0.100 ping statistics—
4 packets transmitted, 4received, 0% packet loss, time 3286ms
rtt min/avg/max/mdev =1.807/2.398/3.027/0.535 ms

 

Third, the Linux client to connect to the VPN server:

 

[Root@server06 ~]# iptables f # empty default iptables rules

 

[Root@server06 ~]# install PPP PPTP PPTP-Setup # install the package

 

[Root@server06~]#pptpsetup–createtestvpn–server192.168.10.65–usernametest–password123456–encrypt–start# create a VPN connection called testvpn
Using interface ppp0
Connect: ppp0 <–>/dev/pts/1
CHAP authentication succeeded
MPPE 128-bit statelesscompression enabled
local IP address 10.0.0.100
remote IP address 10.0.0.1

 

[Root@server06 ~]# cat/etc/ppp/peers/testvpn # this file is the command to generate the VPN connection information in the previous step;