The method in linux to configure the pptp server configuration
- 2020-05-15 03:19:03
- OfStack
1. Verify whether the kernel loads the MPPE module:
modprobe ppp-compress-18 && echo MPPE is ok
2. Install the required software package:
yum -y install ppp
wget ftp://rpmfind.net/linux/epel/7/x86_64/p/pptpd-1.4.0-2.el7.x86_64.rpm
rpm -ivh pptpd-1.4.0-2.el7.x86_64.rpm
3. Configuration files of PPP and PPTP:
grep ^[^#] /etc/ppp/options.pptpd
vi /etc/ppp/options.pptpd
name pptpd
#refuse-pap
#refuse-chap
#refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
vi /etc/ppp/chap-secrets
username pptpd passwd *
vi /etc/pptpd.conf
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.0.1
remoteip 192.168.0.207-217
4. Open the kernel's IP forwarding function:
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p
5. Configure firewall and NAT forwarding
yum install iptables-services
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl enable iptables.service
systemctl start iptables.service
Open packet forwarding:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
service iptables save
service iptables restart
Open port and gre protocol:
iptables -A INPUT -p tcp -m state --state NEW,RELATED,ESTABLISHED -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
Add rules:
iptables -A INPUT -p gre -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 192.168.0.0/24 -o eno16777736 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -i eno16777736 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eno16777736 -j MASQUERADE
service iptables save
Launch and view services:
systemctl start pptpd
systemctl enable pptpd
systemctl status pptpd
6. View pptpd service processes and ports:
#ps -ef | grep pptpd
root 25100 1 0 14:19 ? 00:00:00 /usr/sbin/pptpd -f
root 25463 24275 0 14:52 pts/0 00:00:00 grep --color=auto pptpd
# netstat -nutap | grep pptpd
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 25100/pptpd