CentOS 6、7下pptp vpn一键安装脚本,安装如下:
wget http://mirrors.linuxeye.com/scripts/vpn_centos.sh
chmod +x ./vpn_centos.sh
./vpn_centos.sh
脚本内容如下(vpn_centos.sh):
#!/bin/bash
#
# Author: 安全龙
# Blog: www.anquanlong.com
#
# Installs a PPTP VPN-only system for CentOS
# Check if user is root
[ $(id -u) != “0” ] && { echo -e “33[31mError: You must be root to run this script33[0m”; exit 1; }
export PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
clear
[ ! -e ‘/usr/bin/curl’ ] && yum -y install curl
VPN_IP=`curl ipv4.icanhazip.com`
VPN_USER=”anquanlong”
VPN_PASS=”anquanlong”
VPN_LOCAL=”192.168.0.150″
VPN_REMOTE=”192.168.0.151-200″
while :; do echo
read -p “Please input username: ” VPN_USER
[ -n “$VPN_USER” ] && break
done
while :; do echo
read -p “Please input password: ” VPN_PASS
[ -n “$VPN_PASS” ] && break
done
clear
if [ -f /etc/redhat-release -a -n “`grep ‘ 7.’ /etc/redhat-release`” ];then
#CentOS_REL=7
if [ ! -e /etc/yum.repos.d/epel.repo ];then
cat > /etc/yum.repos.d/epel.repo << EOF
[epel]
name=Extra Packages for Enterprise Linux 7 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=0
EOF
fi
for Package in wget make openssl gcc-c++ ppp pptpd iptables iptables-services
do
yum -y install $Package
done
echo ‘net.ipv4.ip_forward = 1’ >> /etc/sysctl.conf
elif [ -f /etc/redhat-release -a -n “`grep ‘ 6.’ /etc/redhat-release`” ];then
#CentOS_REL=6
for Package in wget make openssl gcc-c++ iptables ppp
do
yum -y install $Package
done
sed -i ‘[email protected]_forward.*@net.ipv4.ip_forward = 1@g’ /etc/sysctl.conf
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install pptpd
else
echo -e “33[31mDoes not support this OS, Please contact the author! 33[0m”
exit 1
fi
echo “1” > /proc/sys/net/ipv4/ip_forward
sysctl -p /etc/sysctl.conf
[ -z “`grep ‘^localip’ /etc/pptpd.conf`” ] && echo “localip $VPN_LOCAL” >> /etc/pptpd.conf # Local IP address of your VPN server
[ -z “`grep ‘^remoteip’ /etc/pptpd.conf`” ] && echo “remoteip $VPN_REMOTE” >> /etc/pptpd.conf # Scope for your home network
if [ -z “`grep ‘^ms-dns’ /etc/ppp/options.pptpd`” ];then
cat >> /etc/ppp/options.pptpd << EOF
ms-dns 223.5.5.5 # Aliyun DNS Primary
ms-dns 114.114.114.114 # 114 DNS Primary
ms-dns 8.8.8.8 # Google DNS Primary
ms-dns 209.244.0.3 # Level3 Primary
ms-dns 208.67.222.222 # OpenDNS Primary
EOF
fi
echo “$VPN_USER pptpd $VPN_PASS *” >> /etc/ppp/chap-secrets
ETH=`route | grep default | awk ‘{print $NF}’`
[ -z “`grep ‘1723 -j ACCEPT’ /etc/sysconfig/iptables`” ] && iptables -I INPUT 4 -p tcp -m state –state NEW -m tcp –dport 1723 -j ACCEPT
[ -z “`grep ‘gre -j ACCEPT’ /etc/sysconfig/iptables`” ] && iptables -I INPUT 5 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o $ETH -j MASQUERADE
iptables -I FORWARD -p tcp –syn -i ppp+ -j TCPMSS –set-mss 1356
service iptables save
sed -i ‘s@^-A INPUT -j REJECT –reject-with icmp-host-prohibited@#-A INPUT -j REJECT –reject-with icmp-host-prohibited@’ /etc/sysconfig/iptables
sed -i ‘s@^-A FORWARD -j REJECT –reject-with icmp-host-prohibited@#-A FORWARD -j REJECT –reject-with icmp-host-prohibited@’ /etc/sysconfig/iptables
service iptables restart
chkconfig iptables on
service pptpd restart
chkconfig pptpd on
clear
echo -e “You can now connect to your VPN via your external IP 33[32m${VPN_IP}33[0m”
echo -e “Username: 33[32m${VPN_USER}33[0m”
echo -e “Password: 33[32m${VPN_PASS}33[0m”
手动安装,以下按步骤配置
1. 环境说明
面对天朝强大的GFW,我们能做的只有翻墙,下面列举安装翻墙软件的环境.
美国VPS、美国云主机、Linode VPS
CentOS 5.6
pptpd 1.3.4
因为pptpd需要MPPE的支持,所以首先检测系统是否符已经编译了MPPE,执行如下shell,如果返回CONFIG_PPP_MPPE=y表示可以安装pptpd,如果没有请更换版本.
zgrep MPPE /proc/config.gz
2. 安装安装pptpd
pptpd需要iptables支持,所以需要安装iptables.如果您的服务器上已经安装了iptables,默认系统一般都已经安装成功,那么只安装pptpd.
由于pptp没有存放在CentOS的源中,所以用yum命令安装返回的是找不到安装包.
安装pptp需要使用rpm命令直接从网站上下载并安装,这里要注意的是,pptp分为32bit版和64bit版,大家可以根据需要下载.
rpm -ivh http://acelnmp.googlecode.com/fi … -1.rhel5.1.i386.rpm
rpm -ivh http://acelnmp.googlecode.com/fi … .rhel5.1.x86_64.rpm
3.设置pptpd解析用的dns(把ms-dns前的#号去掉,#号代表注释,填上opendns的服务器地址)
vi /etc/ppp/options.pptpd
ms-dns 208.67.222.222
ms-dns 208.67.220.220
4.设置拨号时候用的:用户名、拨号方式、用户密码、来源ip地址(用户名和密码可以随便设置,拨号方式只能填pptpd,来源ip用*号代表不限制)
vi /etc/ppp/chap-secrets
linuxeye pptpd 123456 *
5.设置本地ip和远端ip(本地ip就是你等一下建立拨号后分配给你的,远端ip是分配给服务器的)
vi /etc/pptpd.conf
localip 192.168.1.1
remoteip 192.168.1.2-20
6.设置ip转发状态为生效,然后立即载入(和第9步的NAT转发有关)
vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
/sbin/sysctl -p
7.启动pptpd服务,并且设置为开机启动
/sbin/service pptpd start
chkconfig pptpd on
8.启动iptables规则,设置NAT转发,然后保存
/sbin/service iptables start
/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 192.168.1.0/24 -j MASQUERADE
service iptables save
配置过程中问题如下:
1. 启动防火墙报错Setting chains to policy ACCEPT: security raw nat mangle fi[FAILED]
问题主要是iptables版本和内核对不上导致的,linode使用的是自己修改过的内核.
第一个问题的修复需要在/etc/init.d/iptables,找到set_policy函数,添加一个security选项,如下123-128行.
120 for i in $tables; do
121 echo -n “$i ”
122 case “$i” in
123 security)
124 $IPTABLES -t security -P INPUT $policy
125 && $IPTABLES -t security -P OUTPUT $policy
126 && $IPTABLES -t security -P FORWARD $policy
127 || let ret+=1
128 ;;
129 raw)
130 $IPTABLES -t raw -P PREROUTING $policy
131 && $IPTABLES -t raw -P OUTPUT $policy
132 || let ret+=1
133 ;;
2. 配置好后,一直不能拨号成功
开始在公司一直不能拨号成功,然后用手机成功,Google后发现是PPTP穿透没有开启,这个一定要开启。
暂无评论内容