Use of the PPTP service poses security risks. For more information, click here. The following description of configuring PPTP VPN in CentOS is only for your reference. Perform operations based on your actual needs and with consideration of the resulting impact and problems.
Contents:
Configure the PPTP server
Install software
Run the
yum install -y ppp pptpd
command to install the software.
Configure pptpd files
Open the configuration file vi /etc/pptpd.conf and delete # before the following two command lines. Save and exit.
#localip 192.168.0.1
#remoteip 192.168.0.234-238
Note: localip 192.168.0.1 is the IP address of the VPN gateway and remoteip 192.168.0.2-200 is the IP address segment obtained by VPN dialup. You can make adjustment according to your needs.
Open the configuration file vi /etc/ppp/options.pptpd and delete # before the following two command lines. Save and exit.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
Note: 223.5.5.5 and 223.6.6.6 are the public DNS service addresses of Alibaba Cloud. You can change them to other public DNS service addresses according to your needs.
Run the
vi /etc/ppp/chap-secrets
command to set the pptpd user name and password, as shown in the following figure.# Secrets for authentication using CHAP
# client server secret IP addresses
Add accounts according to your needs. Only one account can be added to each line. Each account must be added in the format of “user name” “pptpd” “password” “IP address”, where each item is separated by a space. Save and exit. See the following example: test pptpd 123456 10.0.0.1.
Add
ifconfig ppp0 mtu 1472
to the following command line to set the maximum transmission unit (MTU). See the following figure./etc/ppp/ip-up. ipv6to4 ${LOGDEVICE}
[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
Modify the kernel settings
Open the vi /etc/sysctl.conf configuration file, change
net.ipv4.ip_forward=0
tonet.ipv4.ip_forward=1
, save and exit. Then run thesysctl -p
command to make the modification effective.Add iptables forwarding rules.
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j MASQUERADE
Run the following commands to save the settings and restart the firewall:
/etc/init.d/iptables save
/etc/init.d/iptables restart
Configure the PPTP service
Run the
/etc/init.d/pptpd restart
command to restart the PPTP service.Note: Because PPTP has not yet started running, the message “Shutting down pptpd [FAILED]” is prompted and an alarm is generated when you run the
/etc/init.d/pptpd restart
command to restart the PPTP service. You can ignore the message and alarm and run the preceding command again. Then the message and alarm will disappear.Run the following command to make pptpd and iptables autorun:
chkconfig pptpd on
chkconfig iptables on
The PPTP VPN server is successfully installed. Go to the Network and Sharing Center to set a new connection or network. Then you can access a network by a VPN connection.
Configure the CentOS PPTP VPN client
Run the
yum install -y ppp pptp pptp-setup
command to install the software package.Run the following command to connect to the VPN server:
pptpsetup --create test --server IP--username (user name) --password (password) --encrypt --start
Note: Enter the actual IP address, user name, and password used to log on to the VPN server.
When the system prompts that the client address 192.168.0.234 has been allocated, run the
ifconfig
command to display the ppp0 network adapter.Run the
ip route replace default dev ppp0
command to add the default route.
After the default route is successfully added, you can access the Internet.
FAQs
The browser cannot open the web page
Symptom: The PPTP VPN can be connected and the website domain is pingable, but no web page can be opened in the browser.
Analysis: The MTU setting is incorrect.
Solution A: Run the
ifconfig ppp0 mtu 1472
command on the CentOS server with VPN configured.Note: Solution A only takes effect temporarily. To fix the problem once and for all, see Solution B.
Solution B:
Add
ifconfig ppp0 mtu 1472
to the /etc/ppp/ip-up file.$ vi /etc/ppp/ip-up
......
[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"
Click Control Panel > Network > Network and Sharing Center to test the troubleshooting results.
The obtained IP address is incorrect
Symptom: The client successfully connects to VPN but the obtained IP address is incorrect. The obtained IP address is not the one allocated by the VPN server but is the IP address of the intranet adapter of ECS, see the following figure:
Analysis: When this problem occurs, follow these steps for troubleshooting (assume that the VPN client is named as testvpn):
Solution:
Add the noipdefault parameter to the
/etc/ppp/peers/testvpn
configuration file on the ppp client.Run the following commands to restart the client. The correct IP address can be obtained after VPN is successfully reconnected.
poff testvpn
pon testvpn
Note: When the client restarts, the noipdefault parameter may be overwritten by parameters transferred from the server. If this problem occurs, check the server configuration.
You can log on to Alibaba Cloud community for free consultation, or contact Alibaba Cloud Marketplace sellers for help.