Erection pptp server centos

PPTP (Point to Point Tunneling Protocol, point-to-Point Tunneling Protocol)


The default port number: 1723


PPTP, the PPTF agreement. It is a PPP protocol on the basis of the development of a new enhanced security protocols, supports multiprotocol virtual private networks (VPN), you can use password authentication protocol (PAP), Extensible Authentication Protocol (EAP) and other methods to increase security. Allowing remote users by dialing into the ISP, through direct connection to Internet or other network secure access to the corporate network.


Point to Point Tunneling Protocol (PPTP) is a networking technology that supports multiprotocol virtual private networks, it works on the second floor. Through the agreement, remote users can use Microsoft Windows NT Workstation, Windows XP, and Windows 2000 and Windows2003, Windows7 operating systems and other systems with point to point protocol over secure access to the corporate network and dial-up connected to a local ISP, through Internet Security linked to the corporate network.


PPTP is a point to Point Tunneling Protocol, the separation of control and data packets, control packets using TCP control. PPTP uses the TCP protocol, intended to be used in a network that do not have firewall restrictions.


, PPTP server deployment operations:




IP address




Server05 (centos6.6)


Vpn-server server




Vpn-client client


Server06 (centos6.6)


Vpn-client client


1, check the system kernel supports MPPE patch


[root@server05 ~]# modprobe ppp-compress-18 && echo ok


# Display OK system supporting MPPE patch, if not support, first install kernel-devel install command: yum install kernel-devel


Open TUN/TAP 2, check whether the system supports


[root@server05 ~]# cat /dev/net/tun


Cat:/dev/net/tun:File descriptor in bad state # if you see this message, it means that by


3, check if the system is turn on PPP support


[root@server05 ~]# cat /dev/ppp


Cat:/dev/ppp:No such deviceor address # if you see this message, it means that by


Note: the above three articles must meet, you cannot install pptpvpn.


4, install PPTP dependent package PPP


[root@server05 ~]# yum install ppp


5, installed pptpd


[root@server05 ~]# yum installpptpd


6. edit the/etc/ppp/options.pptpd file.


[root@server05~]# vim /etc/ppp/options.pptpd
MS-DNS intranet because DNS servers # me, so fill out the intranet DNS server address, if there is no internal network DNS needs to fill in the DNS address of the supplier;
Ms-dns172.16.1.7 # alternate DNS


7. edit the/etc/pptpd.conf file.


[root@server05 ~]# vim /etc/pptpd.conf
LocalIP IP address #VPN dial-in user server, (also written as, so that each client corresponds to a separate server IP)


Remoteip # VPN dial-in user clients are dynamically assigned address pool


8. set the VPN account password, edit the/etc/PPP/CHAP-secrets file.


[root@server05~]# vim /etc/ppp/chap-secrets
#client server secret IPaddresses
test pptpd 123456 *
testvpn pptpd 123456 *
# 1th column is a VPN client user name, and the 3rd is a VPN client password, the 4th column of the user who is logged on the host‘s IP address defined, * can be any IP address.


9. modify the kernel settings to support forwarding, edit/etc/sysctl.conf file.


[root@server05~]# vim /etc/sysctl.conf


NET.IPv4.ip_forward = 1 # net.IPv4.ip_forward value to 1


The modified configuration to take effect:


[root@server05~]# sysctl -p
# If an error:
error:”net.bridge.bridge-nf-call-ip6tables” is an unknown key
error: “net.bridge.bridge-nf-call-iptables”is an unknown key
error:”net.bridge.bridge-nf-call-arptables” is an unknown key


# Workaround


[root@server05 ~]# modprobe bridge


[Root@server05 ~]# lsmod |grep bridge # to view


[Root@server05 ~]# # reload configuration file


10, start the pptpd


[Root@server05 service ~]# service pptpd start # start


Starting pptpd: [ OK ]


[Root@server05 ~]# chkconfig pptpd on # add boot entries


[Root@server05 ~]# chkconfig–list pptpd # to view boot


[Root@server05 ~]# #pptpd service listens to port 1723
State Recv-Q Send-Q LocalAddress:Port Peer Address:Port
LISTEN 0 3 *:1723 *:*


11. set iptables policy


[Root@server05 ~]# # clear the iptables policy;


[Root@server05 ~]# # set the IPTABLESa forward strategy;


[Root@server05 ~]# serviceiptables save save # iptables settings


Second, the XP client tests (my server and test the machines are on the same local area network):


View IP addresses from the server side, you can also see the IP address of the client;


[root@server05 ~]# ip addr
1: lo:<LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd00:00:00:00:00:00
inet scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP>mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:8d:6d:c9 brdff:ff:ff:ff:ff:ff
inet brd global eth1
inet6 fe80::a00:27ff:fe8d:6dc9/64 scopelink
valid_lft forever preferred_lft forever
3: ppp0:<POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc pfifo_fast stateUNKNOWN qlen 3
inet peer scopeglobal ppp0


[Root@server05 ~]# ping # server-side and client-side communication;
PING ( bytes of data.
64 bytes from ttl=128 time=1.80 ms
64 bytes from ttl=128 time=3.02 ms
64 bytes from ttl=128 time=2.82 ms
64 bytes from ttl=128 time=1.93 ms
— ping statistics—
4 packets transmitted, 4received, 0% packet loss, time 3286ms
rtt min/avg/max/mdev =1.807/2.398/3.027/0.535 ms


Third, the Linux client to connect to the VPN server:


[Root@server06 ~]# iptables f # empty default iptables rules


[Root@server06 ~]# install PPP PPTP PPTP-Setup # install the package


[Root@server06~]#pptpsetup–createtestvpn–server192.168.10.65–usernametest–password123456–encrypt–start# create a VPN connection called testvpn
Using interface ppp0
Connect: ppp0 <–>/dev/pts/1
CHAP authentication succeeded
MPPE 128-bit statelesscompression enabled
local IP address
remote IP address


[Root@server06 ~]# cat/etc/ppp/peers/testvpn # this file is the command to generate the VPN connection information in the previous step;