PPTP environment deployment record under Centos

PPTP (Point-to-Point Tunneling Protocol) is a new technology used to allow remote users to dial-up to connect to a local ISP and securely access company resources remotely through the Internet. It can encapsulate PPP (Point-to-Point Protocol) frames into IP data packets so that they can be transmitted on the IP-based Internet. PPTP uses TCP (Transmission Control Protocol) connections to create, maintain, and terminate tunnels, and uses GRE (Generic Routing Encapsulation) to encapsulate PPP frames into tunnel data. The payload of the encapsulated PPP frame can be encrypted or compressed or both encrypted and compressed. Common PPTP is configured on the router, but the function of PPTP server can also be realized under linux. Let’s not talk about anything else, let’s directly record the V** environment process of deploying PPTP under Centos:

1 ) Verify PPP Use the cat command to check whether ppp is turned on. Generally, servers are turned on, except for special VPS hosts. [root@bastion-IDC ~]# cat /dev/ppp cat: /dev/ppp: No such device or address cat If the above result appears, it means that ppp is turned on, and pptp can be configured normally.

2 ) Install PPP [root@bastion-IDC ~]# yum -y install gcc gcc-c++ autoconf libjpeg libjpeg-devel libpng libpng-devel freetype freetype-devel libxml2 libxml2-devel zlib zlib-devel glibc glibc-devel glib2 glib2-devel bzip2 bzip2-devel ncurses ncurses-devel curl curl-devel e2fsprogs e2fsprogs-devel krb5 krb5-devel libidn libidn-devel openssl openssl-devel openldap openldap-devel nss_ldap openldap-clients openldap-servers [root@bastion-IDCy-~]# install ppp iptables iptables is generally available after the system is installed by default. The installation of iptables is for NAT, so that PPTP clients can access the Internet through the PPTP server.

3 ) Install PPTP (here choose rpm package installation, you can also choose source package installation) Download address: https://pan.baidu.com/s/1dFIGpyx Extract password: cefm [root@bastion-IDC ~]# rpm -ivh pptpd-1.3.4-2. el6.x86_64.rpm

4 ) Configuration pptp /etc/pptpd.conf is the basic configuration file of pptpd; [root@bastion-IDC ~]# vim /etc/pptpd.conf ....... option /etc/ppp/options.pptpd // Specify the location of the pptpd extended attribute configuration file options.pptpd logwtmp debug //Enable debugging mode, information and errors related to pptpd will be recorded in /var/logs/message, which is convenient for troubleshooting and debugging stimeout 30 //Set the client connection pptpd The longest connection waiting time for server (connection timeout time), 30 seconds localip 192.168.1.5 //pptp server-side IP, which can be set to any IP address bound to the server (for example, set the intranet ip here) remoteip 192.168. 100.101-150 //The IP address range obtained by the client after successfully connecting to the V** (it can be in the same internal network segment as the pptp server, but it is recommended not to set the same network segment as the PPTP server internal network)

[ root@bastion-IDC ~]# vim /etc/ppp/options.pptpd ...... name pptpd //The name of the pptpd server (this is very important, it will be used in adding V** account configuration below) debug //Turn on the debugging mode, and related information is also recorded in /var/logs/message. ms-dns 8.8.8.8 //Modify to the dns address assigned by the V** user ms-dns 8.8.4.4

5. Add V** account and password

[ root@bastion-IDC ~]# vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client    server  secret          IP addresses
xqsj pptpd xqsj@123*

Explanation: Add an account in one line. The 4 fields that need to be added for each account are: username, service, password, and assigned ip address (if the IP is *, it means random assignment, and the range of assignment is in pptp.conf Settings)

6 ) Turn on the ip routing and forwarding function of the system [root@bastion-IDC ~]# echo 1> /proc/sys/net/ipv4/ip_forward //Turn it on temporarily, and it will become invalid after restarting the server [root@bastion-IDC ~]# vim / etc/sysctl.conf //Permanently open... net.ipv4.ip_forward = 1 [root@bastion-IDC ~]# sysctl -p

7 ) Start the service [root@bastion-IDC ~]# /etc/init.d/pptpd start Starting pptpd: [OK] [root@bastion-IDC ~]# lsof -i:1723 //The default port of the PPTP service is 1723 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME pptpd 19714 root 6u IPv4 33130051 0t0 TCP *: pptp (LISTEN)

Configure the service to start automatically after booting [root@bastion-IDC ~]# chkconfig pptpd on

8 ) Configure iptables forwarding [root@bastion-IDC ~]# iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -j SNAT --to-source 133.110.186.55 //Ensure that the client can connect to V** Normal Internet access [root@bastion-IDC ~]# iptables -t filter -A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT [root@bastion-IDC ~]# /etc/ init.d/iptables save [root@bastion-IDC ~]# /etc/init.d/iptables restart The above command means: Let the ip address of the 192.168.100.0 segment (ie the remoteip address segment configured by pptpd.conf) pass The public IP 133.110.186.55 accesses the external network. Among them, 133.110.186.55 is the public IP address of the pptp deployment machine, otherwise the V** users who dialed up can only access the intranet. Open pptp service port 1723 access

9 ) Then you can create a new V** (encryption method is the default) connection on the client to test. (The following is the operation record under win10)

Check the ip information of the client after successful connection, whether it is normal to surf the Internet, etc.

Be sure to check the "Use the default gateway on the remote network" option to ensure that you can access the Internet normally after successfully connecting to the V**, and the exit ip is the external network ip of the PPTP server (and the firewall of the client is closed)