1、验证内核是否加载了MPPE模块:
modprobe ppp-compress-18 && echo MPPE is ok
2、安装所需的软件包:
yum -y install ppp
wget ftp://rpmfind.net/linux/epel/7/x86_64/p/pptpd-1.4.0-2.el7.x86_64.rpm
rpm -ivh pptpd-1.4.0-2.el7.x86_64.rpm
3、配置PPP和PPTP的配置文件:
grep ^[^#] /etc/ppp/options.pptpd
vi /etc/ppp/options.pptpd
|
name pptpd #refuse-pap #refuse-chap #refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 ms-dns 8.8.4.4 proxyarp lock nobsdcomp novj novjccomp nologfd |
vi /etc/ppp/chap-secrets
| username pptpd passwd * |
vi /etc/pptpd.conf
|
option /etc/ppp/options.pptpd logwtmp localip 192.168.0.1 remoteip 192.168.0.207-217 |
4、打开内核的IP转发功能:
vi /etc/sysctl.conf
| net.ipv4.ip_forward = 1 |
/sbin/sysctl -p
5、配置防火墙和NAT转发
yum install iptables-services
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service
开启包转发:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
service iptables save
service iptables restart
开放端口和gre协议:
iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
添加规则:
iptables -A INPUT -p gre -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -o eno16777736 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -i eno16777736 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
service iptables save
启动和查看服务:
systemctl start pptpd
systemctl enable pptpd
systemctl status pptpd
6.查看pptpd服务进程和端口:
#ps -ef | grep pptpd
root 25100 1 0 14:19 ? 00:00:00 /usr/sbin/pptpd -f
root 25463 24275 0 14:52 pts/0 00:00:00 grep --color=auto pptpd
# netstat -nutap | grep pptpd
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 25100/pptpd