环境:centos6.6,带有CSF的服务器;该安装方法也适用于XEN、KVM虚拟化结构VPS

首先编辑 /etc/csf/csf.conf ,打开1723、1356端口;

vi /etc/csf/csfpre.sh

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
iptables -A INPUT -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth1 -p ALL -j ACCEPT
iptables -A FORWARD -i eth1 -o ppp+ -p ALL -j ACCEPT
iptables -t nat -A POSTROUTING -s 172.16.22.0/24 -j SNAT --to-source ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'
iptables -A FORWARD -p tcp --syn -s 172.16.22.0/24 -j TCPMSS --set-mss 1356

创建 csfore.sh 设置防火墙开启转发等;注意代码中 eth1 为公网IP网卡

创建安装PPTP一键脚本
vi /root/pptpd6.sh

yum remove pptpd ppp -y
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -f /etc/pptpd.conf
rm -f /etc/ppp
arch=uname -m
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers dkms kernel_ppp_mppe ppp
wget https://www.cnweed.com/usr/uploads/2015/08/pptpd-1.4.0-1.el6.$arch.rpm
rpm -Uvh pptpd-1.4.0-1.el6.$arch.rpm

mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "localip 172.16.22.254" >> /etc/pptpd.conf
echo "remoteip 172.16.22.1-253" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd

pass=openssl rand 6 -base64
if [ "$1" != "" ]
  then pass=$1
fi

echo "vpn pptpd ${pass} *" >> /etc/ppp/chap-secrets

#iptables -t nat -A POSTROUTING -s 172.16.22.0/24 -j SNAT --to-source ifconfig  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 { print $1}'
#iptables -A FORWARD -p tcp --syn -s 172.16.22.0/24 -j TCPMSS --set-mss 1356
#service iptables save
#chkconfig iptables on
chkconfig pptpd on
#service iptables restart
service pptpd start

echo ""
echo "VPN service installed successfully, your VPN username is vpn, VPN password is ${pass}"
echo "Please visit: http://www.cnweed.com"
echo ""

保存。然后 csf -r 重启CSF防火墙,以及sh /root/pptpd6.sh 安装脚本

chmod 755 /root/pptpd6.sh
csf -r
sh /root/pptpd6.sh

注:如果ip_forward没有打开,可以直接修改/etc/sysctl.conf

net.ipv4.ip_forward=1

修改之后运行 sysctrl -p 使其生效

标签: 管理维护, Linux

添加新评论