首页 » VPS 知识 » 浏览内容

CentOS 5.5下搭建pptp VPN


2012-11-20 00:39:04 3,410 0 发表评论 字体: 作者:C.K.

体验版 88 元,个人版 128 元,多用户版 288元个人版160元升级到多用户版。

1、检查VPS是否有必要的支持。如果检查结果没有这些支持的话,是无法安装pptp的。
当然Buyvm的用户可以直接跳过。

modprobe ppp-compress-18 && echo ok

如果显示“ok”表明通过。不过接下来还需要做另一个检查:

cat /dev/net/tun

显示结果为下面的文本,表明通过:

cat: /dev/net/tun: File descriptor in bad state

上述两条只需一条通过,即可安装pptp。如果还有其它问题,或者请你的服务商来解决这个问题。

2、安装ppp和iptables。

yum install -y ppp iptables

3、安装pptp。

rpm -ivh https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm (32位系统使用)
  • rpm -ivh https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.x86_64.rpm (64位系统使用)
  • 有些小盆友喜欢先wget再执行rpm,没必要多此一举。

    4、配置pptp。

    首先我们要编辑/etc/pptpd.conf文件:

    vim /etc/pptpd.conf

    把下面字段前面的#去掉即可:

    localip 192.168.0.1
  • remoteip 192.168.0.234-238,192.168.0.245
  • 接下来再编辑/etc/ppp/options.pptpd:

    vim /etc/ppp/options.pptpd

    去掉ms-dns前面的#,并修改成如下字段:

    ms-dns 8.8.8.8
  • ms-dns 8.8.4.4
  • 5、设置pptp VPN账号密码。

    我们需要编辑/etc/ppp/chap-secrets这个文件:

    vim /etc/ppp/chap-secrets

    直接输入如下字段,zhujimi可以换成其他字段:

    zhujimi pptpd zhujimi *

    6、修改内核设置,使其支持转发。

    编辑/etc/sysctl.conf文件:

    vim /etc/sysctl.conf
  • 将“net.ipv4.ip_forward”改为1
  • net.ipv4.ip_forward=1
  • 同时在“net.ipv4.tcp_syncookies = 1”前面加# :
  • # net.ipv4.tcp_syncookies = 1
  • 保存退出,并执行下面的命令来生效它:
  • sysctl -p
  • 7、添加iptables转发规则。

    iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT –to-source 12.34.56.78
  • (OpenVZ,12.34.56.78为你的VPS的公网IP地址)
  • #iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
  • (XEN)
  • 保存iptables转发规则:

    /etc/init.d/iptables save

    重启iptables:

    /etc/init.d/iptables restart

    8、重启pptp服务。

    /etc/init.d/pptpd restart

    9、设置开机自动运行服务。

    chkconfig pptpd on
  • chkconfig iptables on
  • 如果出现错误619则输入命令

    mknod /dev/ppp c 108 0

    这样就大功告成了,赶快到Windows下建立一个VPN连接,IP填写自己的服务器IP,用户名和密码填写自己设置好的用户名和密码,点击“连接”,成功后就可以使用服务器去浏览网页啦!

    注意:如果虚拟机内核不支持MPPE的话,无法使用加密,用WINDOWS默认VPN连接会显示“证书信任错误”。

    解决方法:修改/etc/ppp/options.pptpd注释掉require-mppe-128这行,然后windows的vpn拨号的属性改为可选加密,再次连接就成功了。

    Last login: Fri Nov  2 05:43:15 2012 from 202.101.72.85
  • [root@li388-228 ~]# cat /etc/issue
  • CentOS release 5.6 (Final)
  • Kernel \r on an \m
  • [root@li388-228 ~]# cat /dev/ppp
  • cat: /dev/ppp: No such device or address
  • [root@li388-228 ~]# cat /dev/net/tun
  • cat: /dev/net/tun: File descriptor in bad state
  • [root@li388-228 ~]# modprobe ppp-compress-18 && echo ok
  • FATAL: Module ppp_mppe not found.
  • [root@li388-228 ~]# cat /dev/net/tun
  • cat: /dev/net/tun: File descriptor in bad state
  • [root@li388-228 ~]# iptables -L
  • Chain INPUT (policy ACCEPT)
  • target     prot opt source               destination        
  • ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:pptp
  • ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ni-ftp
  • ACCEPT     gre  --  anywhere             anywhere            
  • Chain FORWARD (policy ACCEPT)
  • target     prot opt source               destination        
  • Chain OUTPUT (policy ACCEPT)
  • target     prot opt source               destination        
  • [root@li388-228 ~]# yum install -y ppp
  • Loaded plugins: fastestmirror
  • Loading mirror speeds from cached hostfile
  •  * base: ftp.jaist.ac.jp
  •  * extras: ftp.jaist.ac.jp
  •  * updates: ftp.jaist.ac.jp
  • Setting up Install Process
  • Package ppp-2.4.4-2.el5.i386 already installed and latest version
  • Nothing to do
  • You have new mail in /var/spool/mail/root
  • [root@li388-228 ~]# rpm -ivh https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm
  • Retrieving https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm
  • error: skipping https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm - transfer failed - Unknown or unexpected error
  • You have new mail in /var/spool/mail/root
  • [root@li388-228 ~]# rpm -ivh https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm
  • Retrieving https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm
  • error: skipping https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm - transfer failed - Unknown or unexpected error
  • [root@li388-228 ~]# wget https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm
  • --2012-11-19 09:17:52--  https://acelnmp.googlecode.com/files/pptpd-1.3.4-2.rhel5.i386.rpm
  • Resolving acelnmp.googlecode.com... 74.125.31.82, 2404:6800:4008:c00::52
  • Connecting to acelnmp.googlecode.com|74.125.31.82|:443... connected.
  • HTTP request sent, awaiting response... 200 OK
  • Length: 82778 (81K) [application/x-rpm]
  • Saving to: `pptpd-1.3.4-2.rhel5.i386.rpm.1'
  • 100%[======================================>] 82,778       172K/s   in 0.5s    
  • 2012-11-19 09:17:53 (172 KB/s) - `pptpd-1.3.4-2.rhel5.i386.rpm.1' saved [82778/82778]
  • [root@li388-228 ~]# rpm -ivh pptpd-1.3.4-2.rhel5.i386.rpm
  • warning: pptpd-1.3.4-2.rhel5.i386.rpm: Header V3 DSA signature: NOKEY, key ID 862acc42
  • Preparing...                ########################################### [100%]
  •        package pptpd-1.3.4-2.rhel5.i386 is already installed
  • [root@li388-228 ~]# ls
  • pptpd-1.3.4-2.rhel5.i386.rpm    zijidelu_install     zijidelu_install.tar.gz
  • pptpd-1.3.4-2.rhel5.i386.rpm.1  zijidelu_install.sh
  • [root@li388-228 ~]# sysctl -p
  • net.ipv4.ip_forward = 1
  • net.ipv4.conf.default.rp_filter = 1
  • net.ipv4.conf.default.accept_source_route = 0
  • kernel.sysrq = 0
  • kernel.core_uses_pid = 1
  • kernel.msgmnb = 65536
  • kernel.msgmax = 65536
  • kernel.shmmax = 4294967295
  • kernel.shmall = 268435456
  • kernel.shmmax = 67108864
  • kernel.shmall = 32768
  • fs.file-max = 65535
  • net.ipv4.ip_forward = 1
  • net.ipv4.tcp_fin_timeout = 30
  • net.ipv4.tcp_max_syn_backlog = 10240
  • net.ipv4.tcp_keepalive_time = 180
  • net.ipv4.tcp_synack_retries = 3
  • net.ipv4.tcp_syn_retries = 3
  • net.ipv4.tcp_max_orphans = 8192
  • net.ipv4.tcp_max_tw_buckets = 8192
  • net.ipv4.tcp_window_scaling = 0
  • net.ipv4.tcp_sack = 0
  • net.ipv4.tcp_timestamps = 0
  • net.ipv4.tcp_syncookies = 1
  • net.ipv4.tcp_tw_reuse = 1
  • net.ipv4.tcp_tw_recycle = 1
  • net.ipv4.icmp_echo_ignore_all = 0
  • net.nf_conntrack_max = 655360
  • net.netfilter.nf_conntrack_tcp_timeout_established = 1200
  • [root@li388-228 ~]# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
  • [root@li388-228 ~]# /etc/init.d/iptables save
  • Saving firewall rules to /etc/sysconfig/iptables: [  OK  ]
  • [root@li388-228 ~]# /etc/init.d/iptables restart
  • Flushing firewall rules: [  OK  ]
  • Setting chains to policy ACCEPT: security raw nat mangle filter [FAILED]
  • Unloading iptables modules: [  OK  ]
  • Applying iptables firewall rules: [  OK  ]
  • Loading additional iptables modules: ip_conntrack_netbios_ns [FAILED]
  • [root@li388-228 ~]# /etc/init.d/pptpd restart
  • Shutting down pptpd: [  OK  ]
  • Starting pptpd: [  OK  ]
  • Warning: a pptpd restart does not terminate existing
  • connections, so new connections may be assigned the same IP
  • address and cause unexpected results.  Use restart-kill to
  • destroy existing connections during a restart.
  • [root@li388-228 ~]# chkconfig pptpd on
  • [root@li388-228 ~]# chkconfig iptables on
  • [root@li388-228 ~]# mknod /dev/ppp c 108 0
  • mknod: `/dev/ppp': File exists
  • [root@li388-228 ~]#
  • 该内容仅限于会员浏览,请 登录注册

      网站统计 Statistics

      • 创建时间: 2005年1月3日 距今5014 天
      • 日志总数: 2461
      • 评论总数: 630
      • 标签总数: 654
      • 链接总数: 273
      • 最后更新: 2018-8-31 17:57:04
      • 您是本站第 13948189 位访客

      广告区 Guǎng Gào