In this tutorial, I will use
pptp as protocol to connect to VPN server using a username and password, with 128 bit
MPPE encryption. Variable as below:
OS: CentOS 6 64bit
VPN server: 209.85.227.26
VPN client IP: 209.85.227.27 - 209.85.227.30
VPN username: vpnuser
Password: myVPN$99
1. Install
ppp via yum:
2. Download and install
pptpd (the daemon for point-to-point tunneling).
You can find the correct package at this website http://poptop.sourceforge.net/yum/stable/packages/ :
( http://sourceforge.net/projects/poptop/files/pptpd/pptpd-1.3.4/,这里则需要编译)
$ cd /usr/local/src
$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
$ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm
|
3. Once installed, open
/etc/pptpd.conf using text editor and add following line:
localip 209.85.227.26
remoteip 209.85.227.27-30
|
4. Open
/etc/ppp/options.pptpd and add authenticate method, encryption and DNS resolver value:
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
|
5. Lets create user to access the VPN server. Open
/etc/ppp/chap-secrets and add the user as below:
The format is: [username] [space] [server] [space] [password] [space][IP addresses]
6. We need to allow IP packet forwarding for this server. Open
/etc/sysctl.conf via text editor and change line below:
7. Run following command to take effect on the changes:
8. Allow IP masquerading in
IPtables by executing following line:
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ service iptables save
$ service iptables restart
|
Update: Once you have done with step 8, check the rules at
/etc/sysconfig/iptables. Make sure that the POSTROUTING rules is above any REJECT rules.
9. Turn on the
pptpd service at startup and reboot the server:
$ chkconfig pptpd on
$ init 6
|
Once the server is online after reboot, you should now able to access the PPTP server from the VPN client. You can monitor
/var/log/messages for
ppp and
pptpd related log. Cheers!
from http://blog.secaserver.com/2011/10/install-vpn-pptp-server-centos-6/