Build list:
Centos7 (I use Tencent Cloud server here)
ppp and pptpd packages
iptables (I use iptables here)
win10 client (use for connection test)
1. Check if it supports
[root@VM_centos ~]# modprobe ppp-compress-18 && echo yes
yes
[root@VM_centos ~]# cat /dev/ppp cat: /dev/ppp: No such device or address
2. Disable firewalld firewall and install required packages
#Stop and disable firewalld
[root@VM_centos ~]# systemctl stop firewalld
[root@VM_centos ~]# systemctl disable firewalld
#Add epel yum source
[root@VM_centos ~]# yum install epel-release -y
#Install the required packages
[root@VM_centos ~]# yum install ppp ppp-devel pptpd iptables iptables-services -y
3. Modify the configuration file pptpd.conf option.pptpd
[root@VM_centos ~]# vim /etc/pptpd.conf
#Find here and remove the previous comment localip xxx.xxx.xxx.xxx
#Intranet ip address (the eth0 network card address of the cloud server, not the server public network address) remoteip 192.168.0.10-20
#Customize the network segment assigned to the client
[root@VM_centos ~]# vim /etc/ppp/options.pptpd
#Modify to the following parameters
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 114.114.114.114
proxyarp lock
nobsdcomp
novj
novjccomp
nologfd
logfile /var/log/pptpd.log
4. Modify the user authentication configuration file chap-secrets
[root@VM_centos ~]# vim /etc/ppp/chap-secrets
#Add user format: username pptpd password*
# Secrets for authentication using CHAP
# client server secret IP addresses test pptpd 123456 *
5. Open system ipv4 and forward sysctl.conf
[root@VM_centos ~]# vim /etc/sysctl.conf
#If there is this item, modify the value to 1 and add a new one net.ipv4.ip_forward=1
#Apply effective
[root@VM_centos ~]# sysctl -p
6. Start pptpd service
[root@VM_centos ~]# systemctl start pptpd
7. Open the required ports (iptables and cloud server security group), after this step, you can test whether you can connect
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
#Save rules
[root@VM_centos ~]# service iptables save
#Restart to take effect
[root@VM_centos ~]# systemctl restart iptables
8. Increase forwarding rules and modify the size of mtu, in order to be able to connect to the Internet and go online
#Note that the network segment here is the same as the network segment of the above configuration file, and eth0 is the same as the name of the local network card (the local machine only has eth0 and lo)
[root@VM_centos ~]# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
#Save rules
[root@VM_centos ~]# service iptables save
#Restart to take effect [root@VM_centos ~]# systemctl restart iptables
#Modify the default value of MTU 1396 to 1500, add a sentence before exit 0
[root@VM_centos ~]# vim /etc/ppp/ip-up ....... ifconfig $1 mtu 1500 exit 0
#Restart the pptpd service
[root@VM_centos ~]# systemctl restart pptpd