最後更新: 2015-06-29
Centos 6 上安裝
- rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
- rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noar...
- yum install ppp pptpd -y
設定:
# 設定 IP
/etc/pptpd.conf
option /etc/ppp/options.pptpd
# Use wtmp(5) to record client connections and disconnections.
logwtmp
# Turns on broadcast relay to clients from interface <if>
#bcrelay eth0
# Delegates the allocation of client IP addresses to pppd
# 用左佢 localip 及 remoteip 會無效
#delegate
# Limits the number of client connections
connections 100
localip 192.168.1.1
remoteip 192.168.1.234-238,192.168.1.245
# 為 Client 設定 DNS
echo "ms-dns 192.168.1.1" >> /etc/ppp/options.pptpd
一行一個 DNS Server
ms-dns 192.168.1.1 ms-dns 8.8.8.8
* 沒有這 setting, window client 會無左 DNS Server
# 加 User
echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets
chap-secrets format
# Dialin format: <remote name> <our name> <password> <allowed IP addresses> joe server password 192.168.0.221
啟動:
chkconfig pptpd on
service pptpd restart
透過 PPTP 出 WAN (NAT)
/etc/sysctl.conf
net.ipv4.ip_forward = 1
修改 /etc/sysconfig/iptables, 加入
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart
Firewall 設定
-A INPUT -m tcp -p tcp --dport 1723 -j ACCEPT -A INPUT -m tcp -p tcp -i ppp+ -j ACCEPT -A FORWARD -i ppp+ -j ACCEPT -A FORWARD -o ppp+ -j ACCEPT
Troubleshoot
<1>
log
Jun 29 11:35:27 vpn01 pptpd[27498]: CTRL: Client x.x.x.x control connection started
Jun 29 11:35:27 vpn01 pptpd[27498]: CTRL: Starting call (launching pppd, opening GRE)
Jun 29 11:35:27 vpn01 pppd[27499]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jun 29 11:35:27 vpn01 pppd[27499]: pppd 2.4.5 started by root, uid 0
Jun 29 11:35:27 vpn01 pppd[27499]: Using interface ppp0
Jun 29 11:35:27 vpn01 pppd[27499]: Connect: ppp0 <--> /dev/pts/0
... wait ...
Jun 29 11:35:57 vpn01 pppd[27499]: LCP: timeout sending Config-Requests
Jun 29 11:35:57 vpn01 pppd[27499]: Connection terminated.
Jun 29 11:35:57 vpn01 pppd[27499]: Modem hangup
Jun 29 11:35:57 vpn01 pppd[27499]: Exit.
Jun 29 11:35:57 vpn01 pptpd[27498]: GRE: read(fd=6,buffer=805a480,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Jun 29 11:35:57 vpn01 pptpd[27498]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Jun 29 11:35:57 vpn01 pptpd[27498]: CTRL: Client x.x.x.x control connection finished
WLAN box was most likely not handling GRE (protocol 47) correctly
* GRE/PPTP box under Tracking/NAT helpers
- nf_conntrack_pptp
- nf_conntrack_proto_gre
DOC
http://pptpclient.sourceforge.net/howto-diagnosis.phtml#lcp_timeout
<2>