配置PPTP服务器
1、验证内核是否加载了MPPE模块:
modprobe ppp-compress-18 && echo MPPE is ok
2、安装所需的软件包:
yum -y install ppp
rpm -ivh pptpd-1.4.0-2.el7.x86_64.rpm
3、配置PPP和PPTP的配置文件:
grep ^[^#] /etc/ppp/options.pptpd
vi /etc/ppp/options.pptpd
name pptpd
#refuse-pap
#refuse-chap
#refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
|
username pptpd passwd * |
vi /etc/pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.0.1
remoteip 192.168.0.207-217
|
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1 |
5、配置防火墙和NAT转发
yum install iptables-services
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service
开启包转发:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
service iptables save
service iptables restart
开放端口和gre协议:
iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
添加规则:
iptables -A INPUT -p gre -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -o eno16777736 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -i eno16777736 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
service iptables save
启动和查看服务:
systemctl start pptpd
systemctl enable pptpd
systemctl status pptpd
6.查看pptpd服务进程和端口:
#ps -ef | grep pptpd
root 25100 1 0 14:19 ? 00:00:00 /usr/sbin/pptpd -f
root 25463 24275 0 14:52 pts/0 00:00:00 grep --color=auto pptpd
# netstat -nutap | grep pptpd
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 25100/pptpd