By

文章目录

安装需要用的包

yum install -y pptpd iptables

配置PPTP的设置。首先配置/etc/ppp/options.pptpd文件,找到网络和路由设置,我们设置ms-dns8.8.8.88.8.4.4

1
2
3
4
5
6
7
8
9
10
11
# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
ms-dns 8.8.8.8
ms-dns 8.8.4.4

接下来,让我们创建PPTP VPN的用户,编辑/etc/ppp/chap-secrets。按照格式来创建用户,设置密码

1
2
3
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
vultr  pptpd  password  *

设置pptpd的守护进程,编辑/etc/pptpd.conf,把localip,remoteip的注释打开即可,注意localip并不是服务器真实的ip,remoteip,是VPN连接上后为用户分配的ip段,更详细的信息,在配置文件上有说明。这里提醒一下如果你需要链接很多设备,或者要把VPN分享给朋友,可以适当修改remoteip段

1
2
3
4
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

接下来,编辑/etc/sysctl.conf文件,允许IP forwarding,添加net.ipv4.ip_forward=1到文件结尾

1
2
3
4
5
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1

执行如下命令使其生效

sysctl -p

接下来配置iptables,这里提醒大家一下,centos7默认使用的防火墙是firewalld,我们先关闭掉

1
2
3
systemctl stop firewalld.service #停止firewall

systemctl disable firewalld.service #禁止firewall开机启动

设置 iptables service

yum -y install iptables-services

添加iptables规则

1
2
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 1723 -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE

保存配置

service iptables save

打开iptables配置文件确认

vi /etc/sysconfig/iptables

如下

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# Generated by iptables-save v1.4.21 on Mon Aug  8 09:12:16 2016
*nat
:PREROUTING ACCEPT [15:868]
:INPUT ACCEPT [15:868]
:OUTPUT ACCEPT [41:3514]
:POSTROUTING ACCEPT [41:3514]
-A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Aug  8 09:12:16 2016
# Generated by iptables-save v1.4.21 on Mon Aug  8 09:12:16 2016
*filter
:INPUT ACCEPT [369:39332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [365:71586]
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
COMMIT
# Completed on Mon Aug  8 09:12:16 2016

重启防火墙服务

1
2
3
systemctl restart iptables.service #重启防火墙使配置生效

systemctl enable iptables.service #设置防火墙开机启动

启动pptpd服务,并设置为开机自动启动

1
2
3
systemctl start pptpd.service

systemctl enable pptpd.service
文章目录