安裝PPTPD及相關服務
yum install -y rp-pppoe gcc pptp pptp-setup ppp ppp-devel
安裝方式有二種:
RPM安裝(要依照Linux的版本安裝)
例如Fedora 14 (32bit)
wget http://poptop.sourceforge.net/yum/stable/fc14/i386/pptpd-1.3.4-2.fc14.i686.rpm
rpm -ivh pptpd-1.3.4-2.fc14.i686.rpm
Fedora 14 (64bit)
wget http://poptop.sourceforge.net/yum/stable/fc14/x86_64/pptpd-1.3.4-2.fc14.x86_64.rpm
rpm -ivh pptpd-1.3.4-2.fc14.x86_64.rpm
YUM安裝(要依照Linux的版本安裝)
rpm -ivh http://poptop.sourceforge.net/yum/stable/fc14/pptp-release-current.noarch.rpm
yum install pptpd
下載並安裝核心模組
wget http://sourceforge.net/projects/poptop/files/mppe%20module%20builder/kernel_ppp_mppe-1.0.2%20dkms-2.0.6/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm/download
wget http://downloads.sourceforge.net/project/poptop/mppe%20module%20builder/kernel_ppp_mppe-1.0.2%20dkms-2.0.6/kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fpoptop%2Ffiles%2Fmppe%2520module%2520builder%2Fkernel_ppp_mppe-1.0.2%2520dkms-2.0.6%2F&ts=1341655470&use_mirror=nchc
wget http://downloads.sourceforge.net/project/poptop/mppe%20module%20builder/kernel_ppp_mppe-1.0.2%20dkms-2.0.6/dkms-2.0.6-1.noarch.rpm?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fpoptop%2Ffiles%2Fmppe%2520module%2520builder%2Fkernel_ppp_mppe-1.0.2%2520dkms-2.0.6%2F&ts=1341655518&use_mirror=nchc
rpm -ivh dkms-2.0.6-1.noarch.rpm
rpm -ivh kernel_ppp_mppe-1.0.2-3dkms.noarch.rpm
若沒有按照版本安裝會有類似以下錯誤:
Error! Bad return status for module build on kernel: 3.4.2-1.fc16.x86_64 (x86_64)
Consult the make.log in the build directory
/var/lib/dkms/kernel_ppp_mppe/1.0.2/build/ for more information.
Error! Could not locate ppp_generic.ko for module kernel_ppp_mppe in the DKMS tree.
You must run a dkms build for kernel 3.4.2-1.fc16.x86_64 (x86_64) first.
========================================================
設定PPTPD
設定Client看到的伺服器IP,以及DHCP分發的IP範圍
vi /etc/pptpd.conf
加入以下:
localip 10.0.0.1
remoteip 10.0.0.10-100
—————————————————-
設定pptpd的加密方式和發給Client的DNS
vi /etc/ppp/options.pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 168.95.1.1
—————————————————-
設定帳號密碼(若使用ppp撥號(xDSL),撥號的帳密也會在這裡)
格式為:
帳號、使用的服務、密碼、接受的IP(通常為*號)
中間用空格隔開
vi /etc/ppp/chap-secrets
內容大致為:
# client server secret IP addresses
“[email protected]” * “your password”
test pptpd 12345 *
—————————————————-
設定系統IP轉發
vi /etc/sysctl.conf
修改
net.ipv4.ip_forward = 1
讓系統重新載入設定值
sysctl -p
—————————————————-
設定防火牆
主要是設定讓PPTP的Client能夠NAT上網
請依照對外連線的網路卡代號取代掉ppp0
ppp+的代表用來連接VPN Client的網卡,不需更動
vi /etc/sysconfig/iptables
*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
# 其他要開啟服務的port依照格式寫在這裡
#—-vpn—-
-A INPUT -i ppp0 -p tcp –dport 1723 -j ACCEPT
-A INPUT -i ppp0 -p gre -j ACCEPT
-A FORWARD -i ppp+ -o ppp0 -j ACCEPT
-A FORWARD -i ppp0 -o ppp+ -j ACCEPT
#—-vpn—-
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited
COMMIT
—————————————————-
重啟防火牆(Fedora 14以上使用)
systemctl restart iptables.service
systemctl restart ip6tables.service
重啟防火牆(Fedora 14含以下使用)
/etc/init.d/iptables restart
========================================================
啟動PPTPD等服務
啟動PPTPD服務
/etc/init.d/pptpd start
重啟PPTPD服務
/etc/init.d/pptpd restart
斷除所有VPN連線
/etc/init.d/pptpd restart-kill
查看相關的Log
tail -n 30 /var/log/messages
查看連線情況
netstat -an | grep :1723 | sort
========================================================