VPN service construction

First install the pptpd service, which is the software module of the VPN connection.

Type: yum install ppp iptables pptpd

 

After installation is complete

A: Edit pptpd.conf:

Enter: vim /etc/pptpd.conf

Find localip, remove the # in front of the field below, then save and exit.

 

localip 192.168.0.1

remoteip 192.168.0.234-238,192.168.0.245

 

 

 

B: Edit options.pptpd

 

vim /etc/ppp/options.pptpd

 

Search for ms-dns, remove the # in front of the two lines of ms-dns found, and modify it to the following fields

 

ms-dns 8.8.8.8

ms-dns 8.8.4.4

 

C: Then the account password to join the VPN, you need to edit the /etc/ppp/chap-secrets settings:

 

vim /etc/ppp/chap-secrets

 

Add a line and enter it in the following format:

 

Username pptpd Password * *represents the accessible IP address

 

Save and exit, configure the kernel.

 

D:

 

vim /etc/sysctl.conf

 

Add a line to this file: net.ipv4.ip_forward=1

 

Also add # in front of "net.ipv4.tcp_syncookies = 1":

 

# net.ipv4.tcp_syncookies = 1, then save and exit.

 

Enter: sysctl -p to make the settings just now take effect.

 

enter:

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source the public IP of your Silicon Valley server.

Please note that the last parameter is not the Chinese paragraph, but the IP address of your server. Go to Alibaba Cloud's management platform to see.

 

Then enter: chmod +x /etc/rc.d/rc.local

Edit system configuration: vi /etc/rc.d/rc.local

Add the iptables command just now. Save and exit.

 

Start the service of the vpn link: systemctl start pptpd

 

 

 

 

 

 

----------------------------------------------------------------------------------------------------------

 

 

iptables-save > iptables.bak

iptables-restore < iptables.bak

 

 

 

 

 

 

 

 

 

6. Modify the kernel settings to support forwarding. Edit the /etc/sysctl.conf file:

 

vi /etc/sysctl.conf

Change "net.ipv4.ip_forward" to 1:

 

net.ipv4.ip_forward=1

Also add # in front of "net.ipv4.tcp_syncookies = 1":

 

# net.ipv4.tcp_syncookies = 1

Save and exit, and execute the following command to take effect:

 

sysctl -p

7. Add iptables forwarding rules.

 

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 12.34.56.78

(OpenVZ, 12.34.56.78 is the public IP address of your VPS)

 

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE