部署pptp服务

为什么要部署？

我们的服务器是存在与内网中，但是我们想要在家里也想链接到这台服务器怎么办呢？所以我们就需要vpn服务，而pptp是最简单的一种

linux服务器环境

[root@m02 ~]# cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core) 
[root@m02 ~]# uname -r
3.10.0-693.el7.x86_64

配置内核转发：

在/etc/sysctl,conf中添加如下参数，虽然centos7系统内核文件做了更改，但该文件中配置内核参数也会生效

net.ipv4.ip_forward = 1

安装pptp（linux）

yum -y install pptpd

配置文件的关键点按照自己的需求按照配置文件修改就ok

vim /etc/pptpd.conf
localip 10.0.0.9
remoteip 192.168.0.234-238
# 添加本机公网IP（localip），分配VPN用户的内网网段（remoteip）

注分配内网网段注意点：
1.避开内网服务器使用的或预备使用的IP
2.想好有多少客户端，该服务上限100人（IP）
启动pptp服务:

[root@m02 ~]# systemctl start pptpd.service
[root@m02 ~]# systemctl status pptpd.service
● pptpd.service - PoPToP Point to Point Tunneling Server
   Loaded: loaded (/usr/lib/systemd/system/pptpd.service; disabled; vendor preset: disabled)
   Active: active (running) since Thu 2017-11-16 11:03:00 CST; 6h ago
 Main PID: 2487 (pptpd)
   CGroup: /system.slice/pptpd.service
           ├─2487 /usr/sbin/pptpd -f
           ├─3075 pptpd [10.0.0.1:8D2C - 0300]
           └─3076 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200 10.0.0.62:172.16...

Nov 16 12:02:26 m02 pptpd[3075]: CTRL: Starting call (launching pppd, opening GRE)
Nov 16 12:02:26 m02 pppd[3076]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 16 12:02:26 m02 pppd[3076]: pppd 2.4.5 started by root, uid 0
Nov 16 12:02:26 m02 pppd[3076]: Using interface ppp0
Nov 16 12:02:26 m02 pppd[3076]: Connect: ppp0 <--> /dev/pts/2
Nov 16 12:02:26 m02 pppd[3076]: peer from calling number 10.0.0.1 authorized
Nov 16 12:02:26 m02 pppd[3076]: MPPE 128-bit stateless compression enabled
Nov 16 12:02:28 m02 pppd[3076]: found interface eth1 for proxy arp
Nov 16 12:02:28 m02 pppd[3076]: local  IP address 10.0.0.62
Nov 16 12:02:28 m02 pppd[3076]: remote IP address 172.16.1.100

账号与密码的配置文件:

[root@m02 ~]# cat /etc/ppp/chap-secrets 
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
test * 123456 *

日志审计，记录所有人员的登录和离线信息：

记录登录信息，修改登录的脚本：/etc/ppp/ip-up

#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-up.local instead

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

LOGDEVICE=$6
REALDEVICE=$1

[ -f /etc/sysconfig/network-scripts/ifcfg-${LOGDEVICE} ] && /etc/sysconfig/network-scripts/if
up-post --realdevice ${REALDEVICE} ifcfg-${LOGDEVICE}

/etc/ppp/ip-up.ipv6to4 ${LOGDEVICE}

[ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"

echo "$PEERNAME 分配IP: $5 登录IP: $6 登录时间: `date -d today +%F_%T`" >> /var/log/pptpd.log

exit 0

修改离线（下线）脚本:/etc/ppp/ip-down

#!/bin/bash
# This file should not be modified -- make local changes to
# /etc/ppp/ip-down.local instead

PATH=/sbin:/usr/sbin:/bin:/usr/bin
export PATH

LOGDEVICE=$6
REALDEVICE=$1

/etc/ppp/ip-down.ipv6to4 ${LOGDEVICE}

[ -x /etc/ppp/ip-down.local ] && /etc/ppp/ip-down.local "$@"

/etc/sysconfig/network-scripts/ifdown-post --realdevice ${REALDEVICE} \
    ifcfg-${LOGDEVICE}

echo "$PEERNAME 下线IP: $6 下线时间: `date -d today +%F_%T`" >> /var/log/pptpd.log

exit 0

posted on 2017-11-16 17:47 ExzaiTin 阅读(1233) 评论(0) 收藏举报

刷新页面返回顶部

ExzaiTin

部署pptp服务

导航

公告