command:setup-vpn
Differences
This shows you the differences between two versions of the page.
| command:setup-vpn [2021/08/22 12:45] – created morgan0329 | command:setup-vpn [2021/08/22 12:46] (current) – morgan0329 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| + | ====== centos7搭建pptp的vpn ====== | ||
| + | 参考:https:// | ||
| + | < | ||
| + | 1查看是否支持: | ||
| + | [root@VM-34-255-centos ~]# modprobe ppp-compress-18 && echo yes | ||
| + | yes | ||
| + | [root@VM-34-255-centos ~]# cat /dev/ppp | ||
| + | cat: /dev/ppp: No such device or address | ||
| + | 2禁用firewalld防火墙和安装需要的包 | ||
| + | # | ||
| + | [root@VM-34-255-centos ~]# systemctl stop firewalld | ||
| + | [root@VM-34-255-centos ~]# systemctl disable firewalld | ||
| + | #增加epel yum源 | ||
| + | [root@VM-34-255-centos ~]# yum install epel-release -y | ||
| + | # | ||
| + | [root@VM-34-255-centos ~]# yum install ppp ppp-devel pptpd iptables iptables-services -y | ||
| + | |||
| + | 3修改配置文件 | ||
| + | vim / | ||
| + | localip 10.105.34.255 | ||
| + | remoteip 192.168.0.10-20 | ||
| + | |||
| + | vim / | ||
| + | # | ||
| + | name pptpd | ||
| + | refuse-pap | ||
| + | refuse-chap | ||
| + | refuse-mschap | ||
| + | require-mschap-v2 | ||
| + | require-mppe-128 | ||
| + | ms-dns 8.8.8.8 | ||
| + | ms-dns 114.114.114.114 | ||
| + | #proxyarp | ||
| + | lock | ||
| + | nobsdcomp | ||
| + | novj | ||
| + | novjccomp | ||
| + | nologfd | ||
| + | |||
| + | 4修改认证配置文件 | ||
| + | vim / | ||
| + | # client | ||
| + | test pptpd 123456 * | ||
| + | |||
| + | 5打开系统转发 并应用生效 | ||
| + | vim / | ||
| + | net.ipv4.ip_forward=1 | ||
| + | sysctl -p | ||
| + | |||
| + | 6、启动pptpd服务 | ||
| + | systemctl start pptpd | ||
| + | |||
| + | 7开放需要的端口(iptables和云服务器的安全组) | ||
| + | iptables -A INPUT -i lo -j ACCEPT | ||
| + | iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT | ||
| + | iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT | ||
| + | iptables -A INPUT -p tcp --dport 22 -j ACCEPT | ||
| + | iptables -A INPUT -p tcp --dport 80 -j ACCEPT | ||
| + | iptables -A INPUT -p tcp --dport 443 -j ACCEPT | ||
| + | iptables -A INPUT -p tcp --dport 1723 -j ACCEPT | ||
| + | iptables -A INPUT -p gre -j ACCEPT | ||
| + | |||
| + | service iptables save # | ||
| + | systemctl restart iptables | ||
| + | 记得打开了阿里云的安全组端口 | ||
| + | |||
| + | 8增加转发规则,和修改mtu的大小,为了可以连上vpn后上网 | ||
| + | # | ||
| + | iptables -t nat -A POSTROUTING -s 192.168.0.0/ | ||
| + | service iptables save # | ||
| + | systemctl restart iptables | ||
| + | |||
| + | # | ||
| + | vim / | ||
| + | ....... | ||
| + | |||
| + | ifconfig $1 mtu 1500 | ||
| + | |||
| + | exit 0 | ||
| + | |||
| + | systemctl restart pptpd # | ||
| + | |||
| + | |||
| + | 万一遇到问题: | ||
| + | tail -f / | ||
| + | systemctl status pptpd # | ||
| + | </ | ||