Centos7 PPTP 架设

杂谈 评论关闭

首先修改Yum源

1、运行下面的命令编辑yum源:

vi /etc/yum.repos.d/epel.repo

2、按i进入编辑模式,粘贴下面的代码:

[epel]
name=Extra Packages for Enterprise Linux 7 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 – $basearch – Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 – $basearch – Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

 

更新yum缓存

yum makecache

 

安装PPTPD PPP IPTABLES(已有不用安装)

yum install ppp iptables pptpd

编辑pptpd.conf:

vi /etc/pptpd.conf

找到IP和范围:

localip 192.168.0.1
remoteip 192.168.0.234238,192.168.0.245
编辑options.pptpd:
vi /etc/ppp/options.pptpd
搜索ms-dns:
修改为8.8.8.8 和8.8.4.4
接下来编辑/etc/ppp/chap-secrets设置VPN的帐号密码:
vi /etc/ppp/chapsecrets   ; 添加格式:用户名 pptpd 密码 *
接下来修改内核参数,运行下面的命令编辑sysctl.conf:
vi /etc/sysctl.conf       修改net.ipv4.ip_forward=1
使命令生效:
sysctl p
添加下面的iptables转发规则:

Centos 7 的iptables默认规则中就有

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

添加的规则一定要在这条规则的前面,所以用插入的方法添加规则

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -I INPUT 5 -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
iptables -I INPUT 6 -p tcp -m state --state NEW -m tcp --dport 47 -j ACCEPT
iptables -I INPUT 7 -p gre -m state --state NEW -j ACCEPT
iptables -I FORWARD 2 -i ppp+ -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -I FORWARD 3 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.0.6.0/24 -o eth0 -j MASQUERADE

service iptables save保存规则。
下面启用PPTPD:
/etc/init.d/pptpd start
修改启动项使得开机启动PPTP:
chkconfig pptpd on
 简单说明:
-A INPUT -s 59.57.251.34 -p tcp -m tcp –dport 22 -j ACCEPT
-s x.x.x.x:源IP为x.x.x.x
-p tcp:tcp协议
-m tcp:使用 tcp 扩展模块的功能 (tcp扩展模块提供了 –dport等功能)
-dport 22:目标端口为22
-j ACCEPT:接受请求

分享到:

评论已关闭。