查看当前系统发行版本
[root@localhost ~]# cat /etc/redhat-release CentOS release 6.4 (Final) [root@localhost ~]#
安装PPP包
[root@localhost ~]# yum install ppp
下载
[root@localhost ~]# wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.i686.rpm
查看pptpd二进制包安装路径
[root@localhost ~]# rpm -lpq pptpd-1.3.4-2.el6.i686.rpm warning: pptpd-1.3.4-2.el6.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY /etc/ppp/options.pptpd /etc/pptpd.conf /etc/rc.d/init.d/pptpd /usr/bin/vpnstats.pl /usr/bin/vpnuser /usr/lib/pptpd/pptpd-logwtmp.so /usr/sbin/bcrelay /usr/sbin/pptp-portslave /usr/sbin/pptpctrl /usr/sbin/pptpd /usr/share/doc/pptpd-1.3.4 /usr/share/doc/pptpd-1.3.4/AUTHORS /usr/share/doc/pptpd-1.3.4/COPYING /usr/share/doc/pptpd-1.3.4/ChangeLog /usr/share/doc/pptpd-1.3.4/INSTALL /usr/share/doc/pptpd-1.3.4/README /usr/share/doc/pptpd-1.3.4/README.bcrelay /usr/share/doc/pptpd-1.3.4/README.cvs /usr/share/doc/pptpd-1.3.4/README.inetd /usr/share/doc/pptpd-1.3.4/README.logwtmp /usr/share/doc/pptpd-1.3.4/README.portslave /usr/share/doc/pptpd-1.3.4/README.slirp /usr/share/doc/pptpd-1.3.4/TODO /usr/share/doc/pptpd-1.3.4/samples /usr/share/doc/pptpd-1.3.4/samples/chap-secrets /usr/share/doc/pptpd-1.3.4/samples/options.pptpd /usr/share/doc/pptpd-1.3.4/samples/pptpd.conf /usr/share/man/man5/pptpd.conf.5.gz /usr/share/man/man8/pptpctrl.8.gz /usr/share/man/man8/pptpd.8.gz [root@localhost ~]#
安装pptp安装包
[root@localhost ~]# rpm -ivh pptpd-1.3.4-2.el6.i686.rpm warning: pptpd-1.3.4-2.el6.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY Preparing... ########################################### [100%] 1:pptpd ########################################### [100%] [root@localhost ~]#
设置服务器端虚拟接口IP地址和客户端IP地址池
[root@localhost ~]# cp /etc/pptpd.conf /etc/pptpd.conf.backup [root@localhost ~]# vi /etc/pptpd.conf localip 10.0.192.1 remoteip 10.0.192.100-200
设置拨号账户用户名与密码
[root@localhost ~]# cd /etc/ppp/ [root@localhost ppp]# cp chap-secrets chap-secrets.backup [root@localhost ppp]# vi chap-secrets harvey pptpd 78903456 *
第一列:用户名
第二列:服务器名称(与/etc/ppp/options.pptpd中对应)
第三列:密码
第四列:限定连接用户的IP地址
设定客户端DNS
[root@localhost ppp]# vi options.pptpd ms-dns 8.8.8.8 ms-dns 8.8.4.4
查看并设置pptpd服务开机启动状态
[root@localhost ppp]# chkconfig --list pptpd pptpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off [root@localhost ppp]# chkconfig --level 35 pptpd on
启动pptpd服务器
[root@localhost ppp]# service pptpd start Starting pptpd: [ OK ] [root@localhost ppp]#
确认服务已运行且监听1723端口
[root@localhost ppp]# netstat -ltn |grep 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN [root@localhost ppp]#
设置IP包转发
临时设置
[root@localhost ppp]# echo 1 > /proc/sys/net/ipv4/ip_forward
开机设置
[root@localhost ppp]# vi /etc/sysctl.conf net.ipv4.ip_forward = 1
使用Windows作为客户端连接pptpd服务器
新建拨号连接
拨号连接向导
输入VPN服务器的IP地址
点击新建的VPN拨号连接,输入用户名密码后点连接
拨号连接成功
查看本机拨号连接获得的IP地址
查看服务器端PPP网关接口状态
拨号连接后成功后,使用ping www.facebook.com超时,显示无法正常访问被限制网站
防火墙转发设置
[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth0 -s 10.0.192.0/24 -j SNAT --to 174.139.2.162
[root@localhost ~]# iptables save
Bad argument `save'
Try `iptables -h' or 'iptables --help' for more information.
[root@localhost ~]#
[root@localhost ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@hvpn ~]#
[root@localhost ~]# /etc/init.d/iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@localhost ~]#
[root@localhost ~]# service pptpd restart
Shutting down pptpd: [ OK ]
Starting pptpd: [ OK ]
Warning: a pptpd restart does not terminate existing
connections, so new connections may be assigned the same IP
address and cause unexpected results. Use restart-kill to
destroy existing connections during a restart.
[root@localhost ~]#
查看已生效的转发策略
[root@localhost ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
num target prot opt source destination
1 SNAT all — 10.0.192.0/24 0.0.0.0/0 to:174.139.2.162
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@localhost ~]#
在服务器添加防火墙转发规则以后再次ping www.facebook.com显示可以正常访问被限制网站
iptables -I INPUT -p gre -j ACCEPT
相关下载:
(1)pptpd 1.3.4-2 rhel6 x86 rpm package (2) pptpd 1.3.4-2 rhel6 x86_64 rpm package