环境:
主机平台:AWS EC2
平台系统:CentOS6.5 64位
需要软件:ppp、pptpd
检查:
检查服务器是否有必要的支持。如果检查结果没有这些支持的话,是不能安装pptp的。执行指令:
# modprobe ppp-compress-18 && echo ok
这条执行执行后,显示“ok”则表明通过。不过接下来还需要做另一个检查,输入指令:
# cat /dev/net/tun
如果这条指令显示结果为"cat: /dev/net/tun: File descriptor in bad state",则表明通过:
上述两条只要下面一条通过,就能安装pptp。如果还有其它问题,或者请你的服务商来解决这个问题。
安装:
# yum install ppp #安装ppp # wget http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/pptpd-1.4.0-1.el6.x86_64.rpm #64位下载地址 # wget http://poptop.sourceforge.net/yum/stable/rhel6/i386/pptpd-1.4.0-1.el6.i686.rpm #32位下载地址 # yum localinstall pptpd-1.4.0-1.el6.x86_64.rpm #安装pptpd
配置:
1、编辑/etc/pptpd.conf文件,找到“locapip”和“remoteip”这两个配置项。
locapip表示VPN服务器自己的本地IP地址;
remoteip表示VPN客户端连到服务器上将会被分配的IP地址范围。
# vi /etc/pptpd.conf localip 192.168.11.1 remoteip 192.168.11.2-238,192.168.11.254
2、再编辑文件/etc/ppp/options.pptpd
# vi /etc/ppp/options.pptpd ms-dns 8.8.8.8 ms-dns 8.8.4.4 #按自己实际情况添加
3、添加VPN客户端帐号和口令
# vi /etc/ppp/chap-secrets # Secrets for authentication using CHAP # client server secret IP addresses test pptpd 123456 *
这里,我们创建了一个vpn用户:test,口令:123456。一个帐号一行,可以添加多个帐号。
4、修改内核文件,使系统支持转发
# vi /etc/sysctl.conf net.ipv4.ip_forward = 1
然后执行下列命令,使其生效:
# sysctl -p
5、防火墙设置(很重要)
# /sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.11.0/24 -j MASQUERADE # /sbin/iptables -I INPUT -p tcp --dport 1723 -j ACCEPT # /sbin/iptables -I INPUT -p tcp --dport 47 -j ACCEPT # /sbin/iptables -I INPUT -p tcp --dport 53 -j ACCEPT # /sbin/iptables -I INPUT -p udp --dport 53 -j ACCEPT # /etc/rc.d/init.d/iptables save # /etc/rc.d/init.d/iptables restart
6、启动VPN服务器
# /etc/init.d/pptpd restart
至此VPN服务器搭建完成了
最后别忘记在EC2的管理界面(Management Console)中,打开TCP的1723端口,这是pptpd的默认连接端口。
附:
Allow Only One Connection per User
By default, a user can make multiple connections to the pptpd server. To restrict one connection per user, create two script files in the /etc/ppp directory. When the same user logs in twice, the first connection will be disconnected. This is actually done on the ppp level, not with the pptpd.
The first file is /etc/ppp/auth-up
#!/bin/sh
# get the username/ppp line number from the parameters
PPPLINE=$1
USER=$2
# create the directory to keep pid files per user
mkdir -p /var/run/pptpd-users
# if there is a session already for this user, terminate the old one
if [ -f /var/run/pptpd-users/$USER ]; then
kill -HUP `cat /var/run/pptpd-users/$USER`
rm /var/run/pptpd-users/$USER
fi
# write down the username in the ppp line file
echo $USER > /var/run/pptpd-users/$PPPLINE.new
The second file is /etc/ppp/ip-up.local
#!/bin/sh
REALDEVICE=$1
# Get the username from the ppp line record file
USER=`cat /var/run/pptpd-users/$REALDEVICE.new`
# Copy the ppp line pid
cp "/var/run/$REALDEVICE.pid" /var/run/pptpd-users/$USER
# remove the ppp line record file
rm "/var/run/pptpd-users/$REALDEVICE.new"
The method presented here may not be the best one, but it works for me. (If you have a better way, please let me know.)
参考地址:http://poptop.sourceforge.net/dox/skwok/poptop_ads_howto_12.htm#oneconnection
评论列表:
相关文章
树莓派系列(十二):树莓派VPN代理之搭建IKEv2服务器2016-11-29
linux下pptp客户端连接vpn2014-11-26
新起之秀: Bstrill,值得一试的高性能VPN2014-11-19
CentOS 下安装配置 socks5 代理服务器2014-08-28