Board logo

标题: CentOS8配置VPN [打印本页]
作者: admin    时间: 2020-9-5 12:12     标题: CentOS8配置VPN

采用点到点隧道协议(Point to Point Tunneling Protocol) 操作系统的版本: 图片1.png 检查环境是否支持: [root@centos8 ~]# modprobe ppp-compress-18 && echo yes yes [root@centos8 ~]# ls /dev/net/tun && echo yes /dev/net/tun yes [root@centos8 ~]# ls /dev/ppp && echo yes /dev/ppp Yes 安装相关软件包: [root@centos8 ~]# dnf -y install ppp pptp net-tools gcc make wget [root@centos8 ~]# wget https://pic.ithothub.com/wp-content/uploads/2020/03/pptpd-1.4.0-2.el8.x86_64.rpm [root@centos8 ~]# dnf -y install pptpd-1.4.0-2.el8.x86_64.rpm 编辑 /etc/pptpd.conf 去到文件的最后,追加或修改:(这样子就可以了,不用管服务器的IP是什么!) localip 192.168.18.1 remoteip 192.168.18.2-254 图片2.png 编辑 /etc/ppp/options.pptpd 这里绝大多数参数只需维持原来的默认值即可,我们只需要改变其中的 ms-dns 选项,为 VPN 客户端指派 DNS 服务器地址: 修改(最好是复制粘贴后修改) ms-dns 8.8.8.8 ms-dns 114.114.114.114 图片3.png 修改 /etc/ppp/chap-secrets 这里面存放着 VPN 的用户名和密码,根据实际情况填写即可。如文件的注释所示,第一列是用户名,第二列是服务器名(默认写 pptpd 即可),第三列是密码,第四列是IP限制(不做限制则写 * ) 如下图:(无需创建系统用户) 图片4.png 开启路由转发: [root@centos8 ~]# echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf 使新配置生效: [root@centos8 ~]# sysctl -p net.ipv4.ip_forward = 1 iptables的安装可参考:CentOS8防火墙(netfilter) 先把防火墙规则清空: [root@centos8 ~]# iptables -t filter -F [root@localhost ~]# iptables -t filter -nL Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@localhost ~]# iptables -t nat -nL Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 添加防火墙规则:(服务器是单网卡 ens160 ,IP地址为 192.168.168.154 ) iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -s 192.168.18.0/24 -o ens160 -j SNAT --to-source 192.168.168.154 iptables -t nat -A POSTROUTING -o ens160 -j MASQUERADE [root@centos8 ~]# iptables -t filter -nL Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1723 ACCEPT 47 -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@centos8 ~]# iptables -t nat -nL Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.168.18.0/24 0.0.0.0/0 to:192.168.168.154 MASQUERADE all -- 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT) target prot opt source destination 保存防火墙规则: [root@centos8 ~]# iptables-save > /etc/sysconfig/iptables [root@centos8 ~]# cat /etc/sysconfig/iptables # Generated by iptables-save v1.8.4 on Wed Sep 2 10:08:53 2020 *security :INPUT ACCEPT [93:6662] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [80:12264] COMMIT # Completed on Wed Sep 2 10:08:53 2020 # Generated by iptables-save v1.8.4 on Wed Sep 2 10:08:53 2020 *raw :PREROUTING ACCEPT [94:6738] :OUTPUT ACCEPT [80:12264] COMMIT # Completed on Wed Sep 2 10:08:53 2020 # Generated by iptables-save v1.8.4 on Wed Sep 2 10:08:53 2020 *mangle :PREROUTING ACCEPT [94:6738] :INPUT ACCEPT [94:6738] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [80:12264] :POSTROUTING ACCEPT [80:12264] COMMIT # Completed on Wed Sep 2 10:08:53 2020 # Generated by iptables-save v1.8.4 on Wed Sep 2 10:08:53 2020 *nat :PREROUTING ACCEPT [3:482] :INPUT ACCEPT [2:406] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [3:228] -A POSTROUTING -s 192.168.18.0/24 -o ens160 -j SNAT --to-source 192.168.168.154 -A POSTROUTING -o ens160 -j MASQUERADE COMMIT # Completed on Wed Sep 2 10:08:53 2020 # Generated by iptables-save v1.8.4 on Wed Sep 2 10:08:53 2020 *filter :INPUT ACCEPT [61:4782] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [52:7724] -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT -A INPUT -p gre -j ACCEPT COMMIT # Completed on Wed Sep 2 10:08:53 2020 重启 iptables 服务: systemctl restart iptables 启动 pptpd 服务: systemctl start pptpd 开机自动开启pptpd服务: systemctl enable pptpd TCP 1723 是PPTP的默认端口: [root@centos8 ~]# netstat -anp |grep 1723 tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 1017/pptpd ###### 在Windows7客户端连接VPN 图片5.png 图片6.png C:\Users\jacky>ipconfig/all 图片7.png 图片8.png 相关文章: CentOS6.9配置VPN

图片附件: 图片1.png (2020-9-5 12:05, 9.09 KB) / 下载次数 188
http://blog.zhuohua.store/attachment.php?aid=11004&k=a0e80125ae6663321743b2356f7d7085&t=1714165544&sid=EEqPpe



图片附件: 图片2.png (2020-9-5 12:06, 13.34 KB) / 下载次数 177
http://blog.zhuohua.store/attachment.php?aid=11005&k=04210594af2dfd0c9e533c272c8c9f8c&t=1714165544&sid=EEqPpe



图片附件: 图片3.png (2020-9-5 12:07, 50.15 KB) / 下载次数 194
http://blog.zhuohua.store/attachment.php?aid=11006&k=3f34208729905cdfe3b31c4d704e6391&t=1714165544&sid=EEqPpe



图片附件: 图片4.png (2020-9-5 12:07, 20.5 KB) / 下载次数 171
http://blog.zhuohua.store/attachment.php?aid=11007&k=b9e65f8ed9e38c3e67e58b3931f8d3fc&t=1714165544&sid=EEqPpe



图片附件: 图片5.png (2020-9-5 12:09, 34.38 KB) / 下载次数 161
http://blog.zhuohua.store/attachment.php?aid=11008&k=2310f5a3a3f8cecf5c98cfa3e60f3038&t=1714165544&sid=EEqPpe



图片附件: 图片6.png (2020-9-5 12:09, 59.3 KB) / 下载次数 175
http://blog.zhuohua.store/attachment.php?aid=11009&k=38a6efa38744c47e8fcde7d1109cd296&t=1714165544&sid=EEqPpe



图片附件: 图片7.png (2020-9-5 12:10, 20.21 KB) / 下载次数 166
http://blog.zhuohua.store/attachment.php?aid=11010&k=67b7e9d8148f1f688c02e80e6fc292a6&t=1714165544&sid=EEqPpe



图片附件: 图片8.png (2020-9-5 12:10, 17.45 KB) / 下载次数 165
http://blog.zhuohua.store/attachment.php?aid=11011&k=ec4f555fee322563f5ff1a55b3a26e3b&t=1714165544&sid=EEqPpe





欢迎光临 blog.zhuohua.store (http://blog.zhuohua.store/) Powered by Discuz! 7.2