Install PPTP
1)rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
2) rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
3)yum install ppp pptpd
Configure PPTP
1) Change the nameserevr info in /etc/ppp/options.pptpd. The default settings are already optimal, but you must specify which server to use DNS to resolve domain names
Collect the namservers from resolve.conf
vi /etc/ppp/options.pptpd
Try (Find command in the toolbar) string #ms-dns. Then replace it with this statement:
ms-dns xx.xx.xx.xx(your NS IP)
2) Now edit the main configuration /etc/pptpd.conf, replace localip and remoteip in pptpd.conf.
localip 10.10.11.3 (local IP of VPN server)
remoteip 10.10.11.149-199 (IP range that needs to assign to the clients connected to the server)
3) Add Vpn users in /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
testuser * pass *
4) Edit the sysctl file to enable Forwarding:
vi /etc/sysctl.conf
Find the “net.ipv4.ip_forward” and uncomment it by removing the “#”:
net.ipv4.ip_forward=1
You can either restart the system or issue this command for the setting to take affect:
sysctl -p
5) Allow IP masquerading in IPtables by executing following line:
Below rule will route all connections from VPN client machine to 10.10.0.0/16 via eth1(private interface)
iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -d 10.10.0.0/16 -o eth1 -j MASQUERADE
Below rule will route all connections from VPN client machine to any network other than 10.10.0.0/16 via eth0(public interface)
iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
Also make sure nessessary kernel modules are loaded for the working of pptp
[root@vpn ~]# lsmod |grep ppp
ppp_mppe 4328 0
ppp_async 4975 0
crc_ccitt 1023 1 ppp_async
ppp_generic 16864 2 ppp_mppe,ppp_async
slhc 3613 1 ppp_generic
[root@vpn ~]#
Also open port 1723 if firewall is blocking it. 6) Restart the pptpd for the settings to take affect:
/etc/init.d/pptpd restart
chkconfig pptpd on
Configure Client Machine
1.Log on to any windows box in the network.
2.Click on my network place option.
3.Select create new connection
4.Select connect to the network at my workplace.
5.click on next,select virtual private network connection.
6.click on next.select select Do not dial initial connection.
7.click on next.enter the vpn server ip add.
8.click on next.finish
9.right click on your vpn network.select connect.
10.it will popup user name and passwd.
11.enetr the vpn username and passwd.
12. vpn will get connect to your company network.
1)rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
2) rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
3)yum install ppp pptpd
Configure PPTP
1) Change the nameserevr info in /etc/ppp/options.pptpd. The default settings are already optimal, but you must specify which server to use DNS to resolve domain names
Collect the namservers from resolve.conf
vi /etc/ppp/options.pptpd
Try (Find command in the toolbar) string #ms-dns. Then replace it with this statement:
ms-dns xx.xx.xx.xx(your NS IP)
2) Now edit the main configuration /etc/pptpd.conf, replace localip and remoteip in pptpd.conf.
localip 10.10.11.3 (local IP of VPN server)
remoteip 10.10.11.149-199 (IP range that needs to assign to the clients connected to the server)
3) Add Vpn users in /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
testuser * pass *
4) Edit the sysctl file to enable Forwarding:
vi /etc/sysctl.conf
Find the “net.ipv4.ip_forward” and uncomment it by removing the “#”:
net.ipv4.ip_forward=1
You can either restart the system or issue this command for the setting to take affect:
sysctl -p
5) Allow IP masquerading in IPtables by executing following line:
Below rule will route all connections from VPN client machine to 10.10.0.0/16 via eth1(private interface)
iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -d 10.10.0.0/16 -o eth1 -j MASQUERADE
Below rule will route all connections from VPN client machine to any network other than 10.10.0.0/16 via eth0(public interface)
iptables -t nat -A POSTROUTING -s 10.10.0.0/16 -o eth0 -j MASQUERADE
Also make sure nessessary kernel modules are loaded for the working of pptp
[root@vpn ~]# lsmod |grep ppp
ppp_mppe 4328 0
ppp_async 4975 0
crc_ccitt 1023 1 ppp_async
ppp_generic 16864 2 ppp_mppe,ppp_async
slhc 3613 1 ppp_generic
[root@vpn ~]#
Also open port 1723 if firewall is blocking it. 6) Restart the pptpd for the settings to take affect:
/etc/init.d/pptpd restart
chkconfig pptpd on
Configure Client Machine
1.Log on to any windows box in the network.
2.Click on my network place option.
3.Select create new connection
4.Select connect to the network at my workplace.
5.click on next,select virtual private network connection.
6.click on next.select select Do not dial initial connection.
7.click on next.enter the vpn server ip add.
8.click on next.finish
9.right click on your vpn network.select connect.
10.it will popup user name and passwd.
11.enetr the vpn username and passwd.
12. vpn will get connect to your company network.
No comments:
Post a Comment