Difference between revisions of "Install VPN PPTPD on RHEL 7"
From Hawk Wiki
(Created page with " ===Verify your RHEL version=== <pre> # cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core) </pre> ===Build and Install=== You can grab the latest release from http:/...") |
|||
| (5 intermediate revisions by the same user not shown) | |||
| Line 5: | Line 5: | ||
CentOS Linux release 7.0.1406 (Core) | CentOS Linux release 7.0.1406 (Core) | ||
</pre> | </pre> | ||
| − | ===Build and Install=== | + | ===Build and Install (Not working)=== |
You can grab the latest release from http://sourceforge.net/projects/poptop/files/pptpd/ | You can grab the latest release from http://sourceforge.net/projects/poptop/files/pptpd/ | ||
<pre> | <pre> | ||
| Line 19: | Line 19: | ||
For some reason, this doesn't install pptpd.conf. | For some reason, this doesn't install pptpd.conf. | ||
I need to find alternatives. | I need to find alternatives. | ||
| + | |||
| + | ===Install From Repo (Works)=== | ||
| + | <pre> | ||
| + | rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm | ||
| + | yum install pptpd | ||
| + | </pre> | ||
| + | |||
| + | ===Setup pptpd=== | ||
| + | See https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp | ||
| + | |||
| + | or | ||
| + | |||
| + | http://www.ewdisonthen.com/how-to-setup-pptp-vpn-server-on-linux-tutorial-07577.php | ||
| + | <pre> | ||
| + | vim /etc/pptpd.conf | ||
| + | # Add | ||
| + | localip 10.0.0.1 | ||
| + | remoteip 10.0.0.100-200 | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | vim /etc/ppp/pptpd-options | ||
| + | # Add | ||
| + | ms-dns 8.8.8.8 | ||
| + | ms-dns 8.8.4.4 | ||
| + | </pre> | ||
| + | |||
| + | <pre> | ||
| + | vim /etc/sysctl.conf | ||
| + | # Add | ||
| + | net.ipv4.ip_forward = 1 | ||
| + | # Run | ||
| + | sysctl -p | ||
| + | #verify it's listening the port | ||
| + | netstat -alpn | grep 1723 | ||
| + | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save | ||
| + | |||
| + | </pre> | ||
| + | |||
| + | ===Setup iptable forwarding=== | ||
| + | Make a file ppt.sh and paste contents below | ||
| + | <pre> | ||
| + | #/bin/bash | ||
| + | iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT | ||
| + | iptables -A INPUT -i eth0 -p gre -j ACCEPT | ||
| + | iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE | ||
| + | iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE | ||
| + | iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT | ||
| + | iptables --append FORWARD --in-interface eth0 -j ACCEPT | ||
| + | iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT | ||
| + | iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT | ||
| + | # this line will constrain the MTU to solve some strange problems with MTU inconsistency. | ||
| + | iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356 | ||
| + | iptables-save | ||
| + | </pre> | ||
Latest revision as of 18:28, 14 January 2016
Contents
Verify your RHEL version
# cat /etc/redhat-release CentOS Linux release 7.0.1406 (Core)
Build and Install (Not working)
You can grab the latest release from http://sourceforge.net/projects/poptop/files/pptpd/
#Before doing this, make sure you installed Development Tools yum group install "Development Tools" yum install ppp ppp-devel wget http://downloads.sourceforge.net/project/poptop/pptpd/pptpd-1.4.0/pptpd-1.4.0.tar.gz tar -xvzf pptpd-1.4.0.tar.gz cd pptpd-1.4.0 ./configure make && make install
For some reason, this doesn't install pptpd.conf. I need to find alternatives.
Install From Repo (Works)
rpm -Uvh https://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm yum install pptpd
Setup pptpd
See https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp
or
http://www.ewdisonthen.com/how-to-setup-pptp-vpn-server-on-linux-tutorial-07577.php
vim /etc/pptpd.conf # Add localip 10.0.0.1 remoteip 10.0.0.100-200
vim /etc/ppp/pptpd-options # Add ms-dns 8.8.8.8 ms-dns 8.8.4.4
vim /etc/sysctl.conf # Add net.ipv4.ip_forward = 1 # Run sysctl -p #verify it's listening the port netstat -alpn | grep 1723 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
Setup iptable forwarding
Make a file ppt.sh and paste contents below
#/bin/bash iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT # this line will constrain the MTU to solve some strange problems with MTU inconsistency. iptables -I FORWARD -p tcp --syn -i ppp+ -j TCPMSS --set-mss 1356 iptables-save
