因為linode是新的,且centos系列不熟,參考網路上說要安裝pptpd,但是yum 一直搜不到 pptpd
# yum search pptp
Loaded plugins: fastestmirror
Repodata is over 2 weeks old. Install yum-cron? Or run: yum makecache fast
Loading mirror speeds from cached hostfile
* base: mirrors.linode.com
* extras: mirrors.linode.com
* updates: mirrors.linode.com
====================================================== N/S matched: pptp ======================================================
pptp.x86_64 : Point-to-Point Tunneling Protocol (PPTP) Client
pptp-setup.x86_64 : PPTP Tunnel Configuration Script
Name and summary matches only, use "search all" for everything.
解法:
安裝epel-release
# yum install epel-release
最後yum搜尋得到pptpd了,
# yum search pptp
...
NetworkManager-pptp.x86_64 : NetworkManager VPN plugin for PPTP
NetworkManager-pptp-gnome.x86_64 : NetworkManager VPN plugin for PPTP - GNOME files
pptp.x86_64 : Point-to-Point Tunneling Protocol (PPTP) Client
pptp-setup.x86_64 : PPTP Tunnel Configuration Script
pptpd.x86_64 : PoPToP Point to Point Tunneling Server
pptpd-sysvinit.noarch : PoPToP Point to Point Tunneling Server
因為linode的centos 7 原本就有裝ppp和iptables了,所以只需要裝pptpd就好
安裝pptpd
# yum install pptpd
編輯/etc/pptpd.conf
# vim /etc/pptpd.conf
將最底下localip和remoteip 的註解拿掉
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
編輯/etc/ppp/options.pptpd
# vim /etc/ppp/options.pptpd
搜尋 ms-dns,加入下面這兩行
ms-dns 8.8.8.8
ms-dns 8.8.4.4
編輯 /etc/ppp/chap-secrets,設定帳號密碼
# vim /etc/ppp/chap-secrets
username pptpd password *
編輯/etc/sysctl.conf
# vim /etc/sysctl.conf
加入
net.ipv4.ip_forward=1
然後改變設定
# sysctl -p
設定iptables
# iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
# iptables -A INPUT -i eth0 -p gre -j ACCEPT
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
# iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
# service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
# service iptables restart
Redirecting to /bin/systemctl restart iptables.service
Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
重啟pptpd
# service pptpd restart
Redirecting to /bin/systemctl restart pptpd.service
最後用手機連vpn後打開http://www.iplocationfinder.com/,檢測翻牆有沒有成功
重開機啟動pptpd服務後連不上
http://linux.it.net.cn/CentOS/fast/2014/1102/7635.html
With RHEL 7 / CentOS 7, firewalld was introduced to manage iptables. IMHO, firewalld is more suited for workstations than for server environments.
It is possible to go back to a more classic iptables setup. First, stop and mask the firewalld service:
RHEL 7/CentOS 7 firewalld是被做為管理iptables,述我直言,firewalld比較適合工作站而不是服務器環境。
這有可能把他調回傳統的iptables設定
查firewalld狀態
# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled)
Active: inactive (dead)
啟動iptables報錯
# systemctl start iptables
Failed to issue method call: Unit iptables.service failed to load: No such file or directory.
stop和mask firewalld服務
# systemctl stop firewalld
# systemctl mask firewalld
安裝search iptables-services
# yum install iptables-services
開機時啟動iptables的服務
systemctl enable iptables
儲存防火牆設定
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
啟動iptables服務(這次無報錯)
# systemctl start iptables.service
某天iPhone手機連不上PPTP服務
在CentOS 7 server查pptpd的log
方法1
# journalctl -f
方法2
# tail -f /var/log/messages
有看到 CTRL: PTY read or GRE write failed (pty,gre)=(6,7) 錯誤, 但是查這篇 https://www.lidaren.com/archives/1229 後,試著把 /etc/pptpd.conf 的 logwtmp 註解掉,但手機仍然連不上
結果:
使用Windows7電腦連上了,看來是手機的問題
參考資料:
https://www.photonvps.com/billing/knowledgebase.php?action=displayarticle&id=58 How to setup VPN server (PPTP on CentOS, RedHat and Ubuntu)?
沒有留言:
張貼留言