安装pptpd服务器
CentOS
Since the PPTP VPN daemon package is available in EPEL (Extra Package for Enterprise Linux) repository, we have to add the repository and then install pptp
sudo yum install epel-release
sudo yum install -y pptpd
添加域名服务器
Adding DNS Servers
sudo vi /etc/ppp/options.pptpd
Find the following line:
ms-dns 10.0.0.1
ms-dns 10.0.0.2
Change them to
ms-dns 223.5.5.5
ms-dns 223.6.6.6
223.5.5.5和223.6.6.6是国内常用的域名服务器
添加vpn用户账号
Adding VPN User Accounts
Open up /etc/ppp/chap-secrets file
sudo vi /etc/ppp/chap-secrets
Add user and password as follows. Use tab key to separate them.
user1 pptpd user1-password *
user2 pptpd user2-password *
分配ip地址
Allocating Private IP for VPN Server and Clients
Edit /etc/pptpd.conf file.
sudo vi /etc/pptpd.conf
Add the following lines to at the enf of file.
localip 10.0.0.1
remoteip 10.0.0.100-200
Save and close the file. localip is the IP for your VPN server. remoteip are for VPN clients.
使能ip定向
Enable IP Forwarding
In order for the VPN server to route packets between VPN client and the outside world, we need to enable IP forwarding. Thus, the VPN server becomes a router.
sudo vi /etc/sysctl.conf
Add the following line.
net.ipv4.ip_forward = 1
Save and close the file. then apply the changes with the below command. The -p option will load sysctl settings from /etc/sysctl.conf file. This command will preserve our settings between system reboots.
sudo sysctl -p
允许防火墙放行ip地址转化
Configure Firewall for IP Masquerading
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The above command append (-A) a rule to the end of of POSTROUTING chain of nat table. It will link your virtual private network with the Internet. And also hide your network from the outside world. So the Internet can only see your VPN server’s IP, but can’t see your VPN client’s IP. Just like your home router hide your private home network.
Your server’s ethernet card name may not be eth0. You can use ip address or ip link command to check that. In order to save this iptables rule permanently, you can put the above command in /etc/rc.local file, so the command will be executed on system boot by root automatically. By the way, you don’t have to add sudo to the commands in rc.local.
关于iptables的配置文档可以参考这里。
启动pptpd服务
Start PPTPD Daemon
sudo systemctl start pptpd or sudo service pptpd start
If you have Systemd on your server, then enable pptpd service on system boot:
配置pptpd服务为启动时自动运行的服务
sudo systemctl enable pptpd
Now set up your vpn client and you should be able to connect to your VPN server.
原文地址:https://www.linuxbabe.com/linux-server/setup-your-own-pptp-vpn-server-on-debian-ubuntu-centos