centos 搭建vpn

检查是否支持pptp

[root@yuhai ~]# modprobe ppp-compress-18 && echo yes
yes

添加pptpd的源并安装

rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm

安装iptables；ppp；pptp

[root@yuhai ~]# yum install -y ppp*
。。。。。。。。过程省略
[root@yuhai ~]# yum install -y pptpd*
。。。。。。。。过程省略
[root@yuhai ~]# yum install -y iptables
。。。。。。。。过程省略

编辑pptp服务的配置文件：

[root@yuhai ~]# vim /etc/pptpd.conf 
。。。。。。中间省略
在最后添加2行
localip  59.188.254.84                 #这台服务器的IP
remoteip 192.168.11.11-22              #客户端所分配的ip范围

添加用户名与密码

[root@yuhai ~]#  vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user pptpd passwd *        #*是代表随机  也可以指定分配IP

查看当前服务器的DNS

[root@yuhai ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 203.98.129.1
nameserver 203.98.129.2

修改ppp的DNS

[root@yuhai ~]# vim /etc/ppp/options.pptpd 
。。。无关的省略
注销66与67行并修改为当前服务器的DNS
ms-dns  203.98.129.1
ms-dns  203.98.129.2
。。。无关的省略

重启pptp服务

[root@yuhai ~]# service pptpd restart
Shutting down pptpd:                                       [Failed]
Starting pptpd:                                            [  OK  ]
Warning: a pptpd restart does not terminate existing 
connections,so new connections may be assigned the same IP 
address and cause unexpected results.  Use restart-kill to 
destroy existing connections during a restart.

查看端口号

[root@yuhai ~]# netstat -alp |grep 4173
tcp        0      0 *:pptp                      *:*                         LISTEN      4173/pptpd

查看Linux当前是否禁止转发数据包

[root@yuhai ~]# less /proc/sys/net/ipv4/ip_forward   #当前为1 表示允许转发数据包，q键退出
1
/proc/sys/net/ipv4/ip_forward (END)

如果当前不是1则修改为1并写入开机脚本永久生效

[root@yuhai ~]# echo "1" > /proc/sys/net/ipv4/ip_forward  
[root@yuhai ~]# vim /etc/rc.d/rc.local 
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
/opt/linux_ic/setme
echo "1" > /proc/sys/net/ipv4/ip_forward

iptables创建一个新的NAT转发规则

[root@yuhai ~]# iptables -t nat -A POSTROUTING -s 192.168.11.0/24 -j SNAT --to-source 59.188.254.84
192.168.11.0/24   #分配给客户的的IP范围
59.188.254.84    #服务器的IP地址

保存iptables转发规则

[root@yuhai ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

重启iptables

[root@yuhai ~]# /etc/init.d/iptables restart
iptables: Setting chains to policy ACCEPT: nat mangle filte[  OK  ]
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]

设置iptables以及pptpd都为开机启动

[root@yuhai ~]# chkconfig iptables on
[root@yuhai ~]# chkconfig pptpd on

现在可以连接VPN了

原文链接：https://www.f2er.com/centos/378096.html

猜你在找的CentOS相关文章