6月 242013
 

查看当前系统发行版本

[root@localhost ~]# cat /etc/redhat-release
 CentOS release 6.4 (Final)
[root@localhost ~]#

安装PPP包

[root@localhost ~]# yum install ppp

下载

[root@localhost ~]# wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.i686.rpm

查看pptpd二进制包安装路径

[root@localhost ~]# rpm -lpq pptpd-1.3.4-2.el6.i686.rpm
 warning: pptpd-1.3.4-2.el6.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY
 /etc/ppp/options.pptpd
 /etc/pptpd.conf
 /etc/rc.d/init.d/pptpd
 /usr/bin/vpnstats.pl
 /usr/bin/vpnuser
 /usr/lib/pptpd/pptpd-logwtmp.so
 /usr/sbin/bcrelay
 /usr/sbin/pptp-portslave
 /usr/sbin/pptpctrl
 /usr/sbin/pptpd
 /usr/share/doc/pptpd-1.3.4
 /usr/share/doc/pptpd-1.3.4/AUTHORS
 /usr/share/doc/pptpd-1.3.4/COPYING
 /usr/share/doc/pptpd-1.3.4/ChangeLog
 /usr/share/doc/pptpd-1.3.4/INSTALL
 /usr/share/doc/pptpd-1.3.4/README
 /usr/share/doc/pptpd-1.3.4/README.bcrelay
 /usr/share/doc/pptpd-1.3.4/README.cvs
 /usr/share/doc/pptpd-1.3.4/README.inetd
 /usr/share/doc/pptpd-1.3.4/README.logwtmp
 /usr/share/doc/pptpd-1.3.4/README.portslave
 /usr/share/doc/pptpd-1.3.4/README.slirp
 /usr/share/doc/pptpd-1.3.4/TODO
 /usr/share/doc/pptpd-1.3.4/samples
 /usr/share/doc/pptpd-1.3.4/samples/chap-secrets
 /usr/share/doc/pptpd-1.3.4/samples/options.pptpd
 /usr/share/doc/pptpd-1.3.4/samples/pptpd.conf
 /usr/share/man/man5/pptpd.conf.5.gz
 /usr/share/man/man8/pptpctrl.8.gz
 /usr/share/man/man8/pptpd.8.gz
 [root@localhost ~]#

安装pptp安装包

[root@localhost ~]# rpm -ivh pptpd-1.3.4-2.el6.i686.rpm
warning: pptpd-1.3.4-2.el6.i686.rpm: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY
Preparing...                ########################################### [100%]
1:pptpd                  ########################################### [100%]
[root@localhost ~]#

设置服务器端虚拟接口IP地址和客户端IP地址池

[root@localhost ~]# cp /etc/pptpd.conf /etc/pptpd.conf.backup
[root@localhost ~]# vi /etc/pptpd.conf
localip 10.0.192.1
remoteip 10.0.192.100-200

设置拨号账户用户名与密码

[root@localhost ~]# cd /etc/ppp/
[root@localhost ppp]# cp chap-secrets chap-secrets.backup
[root@localhost ppp]# vi chap-secrets
harvey          pptpd           78903456                *

第一列:用户名
第二列:服务器名称(与/etc/ppp/options.pptpd中对应)centos-pptp-01
第三列:密码
第四列:限定连接用户的IP地址

设定客户端DNS

[root@localhost ppp]# vi options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

查看并设置pptpd服务开机启动状态

[root@localhost ppp]# chkconfig --list pptpd
pptpd           0:off   1:off   2:off   3:off   4:off   5:off   6:off
[root@localhost ppp]# chkconfig --level 35 pptpd on

启动pptpd服务器

[root@localhost ppp]# service pptpd start
Starting pptpd:                                            [  OK  ]
[root@localhost ppp]#

确认服务已运行且监听1723端口

[root@localhost ppp]# netstat -ltn |grep 1723
tcp        0      0 0.0.0.0:1723                0.0.0.0:*                   LISTEN
[root@localhost ppp]#

设置IP包转发
临时设置

[root@localhost ppp]# echo 1 > /proc/sys/net/ipv4/ip_forward

开机设置

[root@localhost ppp]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

使用Windows作为客户端连接pptpd服务器

新建拨号连接

centos-pptp-02

拨号连接向导

centos-pptp-03 centos-pptp-04 centos-pptp-05 centos-pptp-06

输入VPN服务器的IP地址

centos-pptp-07 centos-pptp-08

点击新建的VPN拨号连接,输入用户名密码后点连接

centos-pptp-09

拨号连接成功

centos-pptp-10

查看本机拨号连接获得的IP地址

centos-pptp-11

查看服务器端PPP网关接口状态

centos-pptp-12

拨号连接后成功后,使用ping www.facebook.com超时,显示无法正常访问被限制网站

centos-pptp-13

防火墙转发设置

[root@localhost ~]# iptables -t nat -A POSTROUTING -o eth0 -s 10.0.192.0/24 -j SNAT --to 174.139.2.162
[root@localhost ~]# iptables save
Bad argument `save'
Try `iptables -h' or 'iptables --help' for more information.
[root@localhost ~]#
[root@localhost ~]# /etc/init.d/iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]
[root@hvpn ~]#
[root@localhost ~]# /etc/init.d/iptables restart
iptables: Flushing firewall rules:                         [  OK  ]
iptables: Setting chains to policy ACCEPT: nat             [  OK  ]
iptables: Unloading modules:                               [  OK  ]
iptables: Applying firewall rules:                         [  OK  ]
[root@localhost ~]#
[root@localhost ~]# service pptpd restart
Shutting down pptpd:                                       [  OK  ]
Starting pptpd:                                            [  OK  ]
Warning: a pptpd restart does not terminate existing
connections, so new connections may be assigned the same IP
address and cause unexpected results.  Use restart-kill to
destroy existing connections during a restart.
[root@localhost ~]#

查看已生效的转发策略

[root@localhost ~]# service iptables status
Table: nat
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    SNAT       all  —  10.0.192.0/24        0.0.0.0/0           to:174.139.2.162

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

[root@localhost ~]#

 

在服务器添加防火墙转发规则以后再次ping www.facebook.com显示可以正常访问被限制网站

centos-pptp-14

iptables -I INPUT -p gre -j ACCEPT

相关下载:
(1)pptpd 1.3.4-2 rhel6 x86 rpm package (2) pptpd 1.3.4-2 rhel6 x86_64 rpm package

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据