Centos 7下安装配置VPN服务器
来源:互联网 发布:捕捞季节指标公式源码 编辑:程序博客网 时间:2024/06/02 07:28
Centos 7下安装配置pptpd作为VPN服务器
一.依赖项检查
#yum install ppp iptables pptpd
二.开始安装
1.编辑pptpd.conf
#vim /etc/pptpd.conf
以下为改好的:
################################################################################ $Id: pptpd.conf,v 1.11 2011/05/19 00:02:50 quozl Exp $## Sample Poptop configuration file /etc/pptpd.conf## Changes are effective when pptpd is restarted.################################################################################ TAG: ppp# Path to the pppd program, default '/usr/sbin/pppd' on Linux##ppp /usr/sbin/pppd# TAG: option# Specifies the location of the PPP options file.# By default PPP looks in '/etc/ppp/options'#option /etc/ppp/options.pptpd# TAG: debug# Turns on (more) debugging to syslog##debug# TAG: stimeout# Specifies timeout (in seconds) on starting ctrl connection## stimeout 10# TAG: noipparam# Suppress the passing of the client's IP address to PPP, which is# done by default otherwise.##noipparam# TAG: logwtmp# Use wtmp(5) to record client connections and disconnections.#logwtmp# TAG: vrf <vrfname># Switches PPTP & GRE sockets to the specified VRF, which must exist# Only available if VRF support was compiled into pptpd.##vrf test# TAG: bcrelay <if># Turns on broadcast relay to clients from interface <if>##bcrelay eth1# TAG: delegate# Delegates the allocation of client IP addresses to pppd.## Without this option, which is the default, pptpd manages the list of# IP addresses for clients and passes the next free address to pppd.# With this option, pptpd does not pass an address, and so pppd may use# radius or chap-secrets to allocate an address.##delegate# TAG: connections# Limits the number of client connections that may be accepted.## If pptpd is allocating IP addresses (e.g. delegate is not# used) then the number of connections is also limited by the# remoteip option. The default is 100.#connections 100# TAG: localip# TAG: remoteip# Specifies the local and remote IP address ranges.## These options are ignored if delegate option is set.## Any addresses work as long as the local machine takes care of the# routing. But if you want to use MS-Windows networking, you should# use IP addresses out of the LAN address space and use the proxyarp# option in the pppd options file, or run bcrelay.## You can specify single IP addresses seperated by commas or you can# specify ranges, or both. For example:## 192.168.0.234,192.168.0.245-249,192.168.0.254## IMPORTANT RESTRICTIONS:## 1. No spaces are permitted between commas or within addresses.## 2. If you give more IP addresses than the value of connections,# it will start at the beginning of the list and go until it# gets connections IPs. Others will be ignored.## 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,# you must type 234-238 if you mean this.## 4. If you give a single localIP, that's ok - all local IPs will# be set to the given one. You MUST still give at least one remote# IP for each simultaneous client.#debug# (Recommended)localip 192.168.0.21remoteip 192.168.0.234-238,192.168.0.245# or#localip 192.168.0.234-238,192.168.0.245#remoteip 192.168.1.234-238,192.168.1.245
2.编辑options.pptpd
#vim /etc/ppp/options.pptpd
同样给出修改好的样例:
################################################################################ $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $## Sample Poptop PPP options file /etc/ppp/options.pptpd# Options used by PPP when a connection arrives from a client.# This file is pointed to by /etc/pptpd.conf option keyword.# Changes are effective on the next connection. See "man pppd".## You are expected to change this file to suit your system. As# packaged, it requires PPP 2.4.2 and the kernel MPPE module.################################################################################ Authentication# Name of the local system for authentication purposes# (must match the second field in /etc/ppp/chap-secrets entries)name pptpd# Strip the domain prefix from the username before authentication.# (applies if you use pppd with chapms-strip-domain patch)#chapms-strip-domain# Encryption# (There have been multiple versions of PPP with encryption support,# choose with of the following sections you will use.)# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o# {{{#refuse-pap#refuse-chap#refuse-mschap# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft# Challenge Handshake Authentication Protocol, Version 2] authentication.#require-mschap-v2# Require MPPE 128-bit encryption# (note that MPPE requires the use of MSCHAP-V2 during authentication)#require-mppe-128# }}}# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o# {{{#-chap#-chapms# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft# Challenge Handshake Authentication Protocol, Version 2] authentication.#+chapms-v2# Require MPPE encryption# (note that MPPE requires the use of MSCHAP-V2 during authentication)#mppe-40 # enable either 40-bit or 128-bit, not both#mppe-128#mppe-stateless# }}}# Network and Routing# If pppd is acting as a server for Microsoft Windows clients, this# option allows pppd to supply one or two DNS (Domain Name Server)# addresses to the clients. The first instance of this option# specifies the primary DNS address; the second instance (if given)# specifies the secondary DNS address.##这里是设置dns服务器地址,可根据个人设定##ms-dns 119.29.29.29 ms-dns 114.114.114.114# If pppd is acting as a server for Microsoft Windows or "Samba"# clients, this option allows pppd to supply one or two WINS (Windows# Internet Name Services) server addresses to the clients. The first# instance of this option specifies the primary WINS address; the# second instance (if given) specifies the secondary WINS address.#ms-wins 10.0.0.3#ms-wins 10.0.0.4# Add an entry to this system's ARP [Address Resolution Protocol]# table with the IP address of the peer and the Ethernet address of this# system. This will have the effect of making the peer appear to other# systems to be on the local ethernet.# (you do not need this if your PPTP server is responsible for routing# packets to the clients -- James Cameron)proxyarp# Normally pptpd passes the IP address to pppd, but if pptpd has been# given the delegate option in pptpd.conf or the --delegate command line# option, then pppd will use chap-secrets or radius to allocate the# client IP address. The default local IP address used at the server# end is often the same as the address of the server. To override this,# specify the local IP address here.# (you must not use this unless you have used the delegate option)#10.8.0.100# Logging# Enable connection debugging facilities.# (see your syslog configuration for where pppd sends to)debug# Print out all the option values which have been set.# (often requested by mailing list to verify options)#dump# Miscellaneous# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive# access.lock# Disable BSD-Compress compressionnobsdcomp# Disable Van Jacobson compression# (needed on some networks with Windows 9x/ME/XP clients, see posting to# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )novjnovjccomp# turn off logging to stderr, since this may be redirected to pptpd,# which may trigger a loopbacknologfd# put plugins here# (putting them higher up may cause them to sent messages to the pty)
3.编辑chap-secrets设置VPN的帐号密码
#vim /etc/ppp/chap-secrets
区分大小写,不解释……
# Secrets for authentication using CHAP# client server secret IP addresses vpn * "vpnpassword" *
三.配置系统参数
1.修改内核参数sysctl.conf
#vim /etc/sysctl.conf
在conf末尾添加下面的代码,使内核支持转发:
net.ipv4.ip_forward=1
运行下面的命令使内核修改生效
#sysctl -p
2.添加转发规则至iptables
#vim /etc/rc.d/rc.local
在文件末尾添加上
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
同时确保rc.local为可执行文件
#chmod +x /etc/rc.d/rc.local
3.设置pptpd自启动
#chkconfig --level 3 pptpd on
最后,重启机器就能生效
#reboot
第一次写博客,还有很多不懂的地方,先在此mark低,日后再改。
0 0
- Centos 7下安装配置VPN服务器
- CentOS 5.3 下快速安装配置 PPTP VPN 服务器
- CentOS 5.3 下快速安装配置 PPTP VPN 服务器
- CentOS 5.3 下快速安装配置 PPTP VPN 服务器
- CentOS 5.3 下快速安装配置 PPTP VPN 服务器
- CentOS 6.5 下PPTP VPN服务器安装
- Centos 6配置vpn服务器
- centos配置pptp VPN服务器
- centos 5.5 Linux 安装配置vpn服务器总结
- CentOS下配置VPN客户端
- win7 下配置VPN服务器
- Ubuntu下配置VPN服务器
- CentOS 7下FTP服务器的安装配置
- CentOS 7下FTP服务器的安装配置
- Centos服务器下安装配置SSL
- CentOS 6.5下tomcat服务器安装配置
- CentOS下Redis服务器安装配置
- CentOS下安装FTP服务器及配置
- 通过for循环 ,画出一个正方形、正三角形
- raw_input()与sys.stdin.readline()的区别
- 116.Jump Game-跳跃游戏(中等题)
- 点击弹出一个面板代码示例
- JavaScript的函数的使用
- Centos 7下安装配置VPN服务器
- 【题】【数学】NKOJ3805 距离
- 9.javaweb之基于注解的Hello World案例
- 在线化的现代农场云平台 未来农场
- MySQL索引
- C#排序算法的比较
- 图论 网络流 HDU 1532 最大流
- 创建并响应选项菜单
- 网络流学习