a. Check whether the system supports PPTP before installation
modprobe ppp-compress-18&& echo success
Should output: success
yum install kernel-devel
b. Whether to enable TUN/TAP
cat /dev/net/tun
It should output: cat: /dev/net/tun: File descriptor in bad state
c. Whether to open ppp
cat /dev/ppp
It should output: cat: /dev/ppp: No such device or address
If the environment does not meet the above three conditions, it means that pptp is probably not supported. Exception: Linode's xen and kvm servers also support pptp. It may be that the linode kernel is customized, not an external ko module, which is inconsistent with the original CentOS.
a. First install epel source
yum install epel-release
b. Install pptp related packages
yum install ppp pptpd net-tools iptables-services
a. The main configuration file /etc/pptpd.conf
Add the following two lines at the end, which are the virtual network segment gateway of the pptp service and the address range assigned to the client.
localip 192.168.9.1
remoteip 192.168.9.101-199
b. pptpd configuration file /etc/ppp/options.pptpd, add two lines at the end, for the dns service for the virtual network segment, you can use the dns server address provided by the host.
ms-dns 100.100.2.136
ms-dns 100.100.2.138
If it is an overseas server such as linode, you can use Google’s public dns server address
ms-dns 8.8.8.8
ms-dns 8.8.4.4
c. Set the username and password of the pptpd V** server, edit the file /etc/ppp/chap-secrets, one set of accounts per line, the file defaults to a short description. An example of a line of account line is as follows, with 4 fields separated by spaces: the first and third fields are the user name and password, and the other two fields are asterisks
user1 *111222333*
d. The server allows ip forwarding kernel, edit the configuration file /etc/sysctl.conf, add the following line
net.ipv4.ip_forward=1
ln -s /usr/lib/systemd/system/pptpd.service /etc/systemd/system/multi-user.target.wants/
ln -s /usr/lib/systemd/system/iptables.service /etc/systemd/system/multi-user.target.wants
a. iptables configuration, configure virtual network segment NAT support. If the pptp client does not need to go online, you can ignore this step.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
, Note that eth0 is the device name of the local network card, modify it according to the actual situation; or set NAT according to the virtual network segment, as follows
iptables -t nat -I POSTROUTING -s 192.168.9.0/24-o eth0 -j MASQUERADE
b. Open pptp port 1723, allowing forwarding
iptables -I INPUT 7-m state --state NEW -p tcp --dport 1723-j ACCEPT
iptables -P FORWARD ACCEPT
c. Save iptables rules
service iptables save
a. If you connect to pptp under windows, if you encounter a 519 error, it is because the kernel module ip_nat_pptp is missing, and you can load it by running modprobe ip_nat_pptp, but it’s best to set it to automatically load at boot: create a new file /etc/modules-load.d/ip_nat_pptp.conf contains the following line
ip_nat_pptp
b. You may need to rebuild the ppp file:
rm /dev/ppp
mknod /dev/ppp c 1080
c. Alibaba Cloud machines also need to modify mtu: modify the file /etc/ppp/ip-up, and add a line before exit 0:
ifconfig $1 mtu 1500
d. The security zone in the Alibaba Cloud console looks similar to firewall or iptables, and the corresponding ports should be opened.
sysctl -p
systemctl start pptpd
Or simply reboot to restart the machine
Recommended Posts