PPTP VPN 配置

检查是否支持PPTP

[root@iZt4newzwl5axiunurprquZ ~]# modprobe ppp-compress-18 && echo ok 
ok

安装

rpm -ivh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install ppp pptpd iptables

配置

  1. 分配IP
    vim /etc/pptpd.conf

    最后增加

    #客户端ip分配范围
    localip 192.168.16.1
    remoteip 192.168.16.10-15
  2. 账号
    vim  /etc/ppp/chap-secrets

    修改成如下

    # client        server     secret                  IP addresses
    "dawnco"        pptpd    "qaz"                      "*"
    #用户名       类型        密码                       分配的ip  *  表示随即分配
  3. DNS
    vim /etc/ppp/options.pptpd

    新增/修改

    ms-dns 8.8.8.8
    ms-dns 8.8.4.4
  4. 开启转发
    vim /etc/sysctl.conf

    新增

    net.ipv4.ip_forward=1

    运行下面命令使内核修改生效:

    sysctl -p
  5. 设置防火墙
    vim /usr/lib/firewalld/services/pptpd.xml
    <?xml version="1.0" encoding="utf-8"?>
    <service>
       <short>pptpd</short>
       <description>PPTP</description>
       <port protocol="tcp" port="1723"/>
    </service>
  6. 设置转发规则
    firewall-cmd --permanent --zone=public --add-port=80/tcp
    firewall-cmd --permanent --zone=public --add-port=8388/tcp
    firewall-cmd --permanent --zone=public --add-port=443/tcp
    firewall-cmd --permanent --zone=public --add-port=22/tcp
    firewall-cmd --permanent --zone=public --add-port=21/tcp
    firewall-cmd --permanent --zone=public --add-port=47/tcp
    firewall-cmd --permanent --zone=public --add-port=1723/tcp
    #
    firewall-cmd --permanent --zone=public --add-service=pptpd
    firewall-cmd --add-masquerade
    firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
    firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 0 -p gre -j ACCEPT
    firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i ppp+ -o eth0 -j ACCEPT
    firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i eth0 -o ppp+ -j ACCEPT
    firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o eth0 -j MASQUERADE -s 192.168.16.0/24

    重启并开机启动

    firewall-cmd --reload
    systemctl restart pptpd
    systemctl enable pptpd.service
    systemctl enable firewalld

问题处理

  1. 问题1

    Jun 25 10:41:49 AliYun pptpd[13835]: GRE: read(fd=6,buffer=55d87eb67480,len=8196) from PTY f
    ailed: status = -1 error = Input/output error, usually caused by unexpected termination of p
    ppd, check option syntax and pppd logs
    Jun 25 10:41:49 AliYun pptpd[13835]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
    Jun 25 10:41:49 AliYun pptpd[13835]: CTRL: Client x.x.x.x control connection finished
    Jun 25 10:42:10 AliYun pptpd[13730]: CTRL: Couldn't write packet to client.
    Jun 25 10:42:10 AliYun pptpd[13730]: CTRL: Error sending GRE, aborting call

    修改

    vim /etc/ppp/options.pptpd

    去掉 debug 和 dump 前的 #

  2. 日志显示
    Jul  2 08:39:53 iZj6ca3h0xhsuadr9za60eZ pppd[20902]: Cannot determine ethernet address for prox
    y ARP

    可能 firewalld 没启动 启动

    systemctl start firewalld

发表评论

电子邮件地址不会被公开。 必填项已用*标注

Captcha Code