CentOS release 5.4 (Final) 配置PPTP VPN服务器（初步）

废话不多说，直接上配置过程：

1、测试配置环境是否允许：

[root@localhost ~]# modprobe ppp-compress-18 && echo ok
ok
[root@localhost ~]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
[root@localhost ~]# ppp <tab>
pppd             pppoe-discovery  pppoe-sniff
pppdump          pppoe-relay      pppstats
pppoe            pppoe-server     ppp-watch
[root@localhost ~]# iptables <tab>
iptables          iptables-restore  iptables-save

[root@localhost ~]# cat /etc/issue
CentOS release 5.4 (Final)
Kernel \r on an \m
[root@localhost ~]# uname -a
Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux

2、安装pptpd服务器软件：
[root@localhost ~]# wget http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm
--2013-06-25 01:26:56--  http://acelnmp.googlecode.com/files/pptpd-1.3.4-1.rhel5.1.i386.rpm
Resolving acelnmp.googlecode.com... 173.194.72.82, 2404:6800:4008:c01::52
Connecting to acelnmp.googlecode.com|173.194.72.82|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 81566 (80K) [application/x-rpm]
Saving to: `pptpd-1.3.4-1.rhel5.1.i386.rpm'

100%[======================================>] 81,566       211K/s   in 0.4s

2013-06-25 01:26:57 (211 KB/s) - `pptpd-1.3.4-1.rhel5.1.i386.rpm' saved [81566/81566]

[root@localhost ~]# rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm
warning: pptpd-1.3.4-1.rhel5.1.i386.rpm: Header V3 DSA signature: NOKEY, key ID 862acc42
Preparing...                ########################################### [100%]
   1:pptpd                  ########################################### [100%]

3、开始配置相应文件：
[root@localhost ~]# cp /etc/pptpd.conf /etc/pptpd.conf.bak
[root@localhost ~]# vi /etc/pptpd.conf
[root@localhost ~]# tail -n 3 /etc/pptpd.conf
### add or modify those lines
localip 10.10.100.1,192.168.1.22
remoteip 10.10.100.100-254
[root@localhost ~]# ifconfig eth0 |grep addr
eth0      Link encap:Ethernet  HWaddr 00:0C:29:69:5D:61
          inet addr:192.168.1.22  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe69:5d61/64 Scope:Link
          Interrupt:67 Base address:0x2024
[root@localhost ~]# cat /etc/resolv.conf
nameserver 202.101.172.46
nameserver 202.101.172.35
search localdomain
[root@localhost ~]# cp /etc/ppp/options.pptpd /etc/ppp/options.pptpd.bak
[root@localhost ~]# vi /etc/ppp/options.pptpd
[root@localhost ~]# tail -n 2 /etc/ppp/options.pptpd
ms-dns 202.101.172.46
ms-dns 202.101.172.35
[root@localhost ~]# vi /etc/ppp/chap-secrets
[root@localhost ~]# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
leekwen pptpd   leekwen 10.10.100.130
test    pptpd   leekwen *
[root@localhost ~]# vi /etc/sysctl.conf
[root@localhost ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 0
[root@localhost ~]# grep ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -w
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
[root@localhost ~]# vi /etc/sysconfig/iptables
#Add those lines for pptpd  Start
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 47 -j ACCEPT
-A RH-Firewall-1-INPUT -p gre -j ACCEPT
-A POSTROUTING -s 10.10.100.0/255.0.0.0 -j SNAT --to-source 10.10.100.1
#Add those lines for pptpd  End
[root@localhost ~]# /etc/init.d/iptables restart
Flushing firewall rules:                                            [  OK  ]
Setting chains to policy ACCEPT: nat filter                [  OK  ]
Unloading iptables modules:                                  [  OK  ]
Applying iptables firewall rules:                              [  OK  ]
Loading additional iptables modules: ip_conntrack_netbios_n   [  OK  ]
[root@localhost ~]# /etc/init.d/pptpd start
Starting pptpd:                                             [  OK  ]

4、测试PPTP VPN 服务器：

查看VPN连接后的相关信息：

如果连接后，客户机无法上网，请更改VPN的连接设置：

[root@localhost ~]# tail -f /var/log/messages

Jun 25 18:28:53 localhost pptpd[26723]: CTRL: Client 192.168.1.23 control connection started
Jun 25 18:28:53 localhost pptpd[26723]: CTRL: Starting call (launching pppd, opening GRE)
Jun 25 18:28:53 localhost pppd[26724]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jun 25 18:28:53 localhost pppd[26724]: pppd 2.4.4 started by root, uid 0
Jun 25 18:28:53 localhost pppd[26724]: Using interface ppp0
Jun 25 18:28:53 localhost pppd[26724]: Connect: ppp0 <--> /dev/pts/1
Jun 25 18:28:56 localhost pptpd[26723]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
Jun 25 18:28:56 localhost pppd[26724]: MPPE 128-bit stateless compression enabled
Jun 25 18:28:57 localhost pppd[26724]: Cannot determine ethernet address for proxy ARP
Jun 25 18:28:57 localhost pppd[26724]: local  IP address 10.10.100.1
Jun 25 18:28:57 localhost pppd[26724]: remote IP address 10.10.100.130

------  Ctrl+C 中断  -------------

[root@localhost ~]# ifconfig ppp0

ppp0      Link encap:Point-to-Point Protocol
          inet addr:10.10.100.1   P-t-P:10.10.100.130   Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1396  Metric:1
          RX packets:151 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:11845 (11.5 KiB)  TX bytes:94 (94.0 b)