Centos 7下安装配置VPN服务器

Centos 7下安装配置pptpd作为VPN服务器

一.依赖项检查

#yum install ppp iptables pptpd

二.开始安装

1.编辑pptpd.conf

#vim /etc/pptpd.conf

以下为改好的：

################################################################################ $Id: pptpd.conf,v 1.11 2011/05/19 00:02:50 quozl Exp $## Sample Poptop configuration file /etc/pptpd.conf## Changes are effective when pptpd is restarted.################################################################################ TAG: ppp#       Path to the pppd program, default '/usr/sbin/pppd' on Linux##ppp /usr/sbin/pppd# TAG: option#       Specifies the location of the PPP options file.#       By default PPP looks in '/etc/ppp/options'#option /etc/ppp/options.pptpd# TAG: debug#       Turns on (more) debugging to syslog##debug# TAG: stimeout#       Specifies timeout (in seconds) on starting ctrl connection## stimeout 10# TAG: noipparam#       Suppress the passing of the client's IP address to PPP, which is#       done by default otherwise.##noipparam# TAG: logwtmp#       Use wtmp(5) to record client connections and disconnections.#logwtmp# TAG: vrf <vrfname>#       Switches PPTP & GRE sockets to the specified VRF, which must exist#       Only available if VRF support was compiled into pptpd.##vrf test# TAG: bcrelay <if>#       Turns on broadcast relay to clients from interface <if>##bcrelay eth1# TAG: delegate#       Delegates the allocation of client IP addresses to pppd.##       Without this option, which is the default, pptpd manages the list of#       IP addresses for clients and passes the next free address to pppd.#       With this option, pptpd does not pass an address, and so pppd may use#       radius or chap-secrets to allocate an address.##delegate# TAG: connections#       Limits the number of client connections that may be accepted.##       If pptpd is allocating IP addresses (e.g. delegate is not#       used) then the number of connections is also limited by the#       remoteip option.  The default is 100.#connections 100# TAG: localip# TAG: remoteip#       Specifies the local and remote IP address ranges.##       These options are ignored if delegate option is set.##       Any addresses work as long as the local machine takes care of the#       routing.  But if you want to use MS-Windows networking, you should#       use IP addresses out of the LAN address space and use the proxyarp#       option in the pppd options file, or run bcrelay.##       You can specify single IP addresses seperated by commas or you can#       specify ranges, or both. For example:##               192.168.0.234,192.168.0.245-249,192.168.0.254##       IMPORTANT RESTRICTIONS:##       1. No spaces are permitted between commas or within addresses.##       2. If you give more IP addresses than the value of connections,#          it will start at the beginning of the list and go until it#          gets connections IPs.  Others will be ignored.##       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,#          you must type 234-238 if you mean this.##       4. If you give a single localIP, that's ok - all local IPs will#          be set to the given one. You MUST still give at least one remote#          IP for each simultaneous client.#debug# (Recommended)localip 192.168.0.21remoteip 192.168.0.234-238,192.168.0.245# or#localip 192.168.0.234-238,192.168.0.245#remoteip 192.168.1.234-238,192.168.1.245

2.编辑options.pptpd

#vim /etc/ppp/options.pptpd

同样给出修改好的样例：

################################################################################ $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $## Sample Poptop PPP options file /etc/ppp/options.pptpd# Options used by PPP when a connection arrives from a client.# This file is pointed to by /etc/pptpd.conf option keyword.# Changes are effective on the next connection.  See "man pppd".## You are expected to change this file to suit your system.  As# packaged, it requires PPP 2.4.2 and the kernel MPPE module.################################################################################ Authentication# Name of the local system for authentication purposes# (must match the second field in /etc/ppp/chap-secrets entries)name pptpd# Strip the domain prefix from the username before authentication.# (applies if you use pppd with chapms-strip-domain patch)#chapms-strip-domain# Encryption# (There have been multiple versions of PPP with encryption support,# choose with of the following sections you will use.)# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o# {{{#refuse-pap#refuse-chap#refuse-mschap# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft# Challenge Handshake Authentication Protocol, Version 2] authentication.#require-mschap-v2# Require MPPE 128-bit encryption# (note that MPPE requires the use of MSCHAP-V2 during authentication)#require-mppe-128# }}}# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o# {{{#-chap#-chapms# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft# Challenge Handshake Authentication Protocol, Version 2] authentication.#+chapms-v2# Require MPPE encryption# (note that MPPE requires the use of MSCHAP-V2 during authentication)#mppe-40        # enable either 40-bit or 128-bit, not both#mppe-128#mppe-stateless# }}}# Network and Routing# If pppd is acting as a server for Microsoft Windows clients, this# option allows pppd to supply one or two DNS (Domain Name Server)# addresses to the clients.  The first instance of this option# specifies the primary DNS address; the second instance (if given)# specifies the secondary DNS address.##这里是设置dns服务器地址，可根据个人设定##ms-dns 119.29.29.29 ms-dns 114.114.114.114# If pppd is acting as a server for Microsoft Windows or "Samba"# clients, this option allows pppd to supply one or two WINS (Windows# Internet Name Services) server addresses to the clients.  The first# instance of this option specifies the primary WINS address; the# second instance (if given) specifies the secondary WINS address.#ms-wins 10.0.0.3#ms-wins 10.0.0.4# Add an entry to this system's ARP [Address Resolution Protocol]# table with the IP address of the peer and the Ethernet address of this# system.  This will have the effect of making the peer appear to other# systems to be on the local ethernet.# (you do not need this if your PPTP server is responsible for routing# packets to the clients -- James Cameron)proxyarp# Normally pptpd passes the IP address to pppd, but if pptpd has been# given the delegate option in pptpd.conf or the --delegate command line# option, then pppd will use chap-secrets or radius to allocate the# client IP address.  The default local IP address used at the server# end is often the same as the address of the server.  To override this,# specify the local IP address here.# (you must not use this unless you have used the delegate option)#10.8.0.100# Logging# Enable connection debugging facilities.# (see your syslog configuration for where pppd sends to)debug# Print out all the option values which have been set.# (often requested by mailing list to verify options)#dump# Miscellaneous# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive# access.lock# Disable BSD-Compress compressionnobsdcomp# Disable Van Jacobson compression# (needed on some networks with Windows 9x/ME/XP clients, see posting to# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )novjnovjccomp# turn off logging to stderr, since this may be redirected to pptpd,# which may trigger a loopbacknologfd# put plugins here# (putting them higher up may cause them to sent messages to the pty)

3.编辑chap-secrets设置VPN的帐号密码

#vim /etc/ppp/chap-secrets

区分大小写，不解释……

# Secrets for authentication using CHAP# client        server      secret              IP addresses  vpn           *        "vpnpassword"           *

三.配置系统参数

1.修改内核参数sysctl.conf

#vim /etc/sysctl.conf

在conf末尾添加下面的代码，使内核支持转发：

net.ipv4.ip_forward=1

运行下面的命令使内核修改生效

#sysctl -p

2.添加转发规则至iptables

#vim /etc/rc.d/rc.local

在文件末尾添加上

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

同时确保rc.local为可执行文件

#chmod +x /etc/rc.d/rc.local

3.设置pptpd自启动

#chkconfig --level 3 pptpd on

最后，重启机器就能生效

#reboot

第一次写博客，还有很多不懂的地方，先在此mark低，日后再改。