2017年5月



安装包:

1、下载ppp及pptpd安装包:

# wget  http://poptop.sourceforge.net/yum/stable/packages/ppp-2.4.4-14.1.rhel5.x86_64.rpm

# wget  http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm

2、安装ppp及pptpd:

先安装ppp

# rpm -ivh  ppp-2.4.4-14.1.rhel5.x86_64.rpm

*注:如果系统提示需要安装libpcap-0.9.4,请先下载安装libpcap-0.9.4

安装libpcap-0.9.4:

# wget http://vault.centos.org/5.11/os/x86_64/CentOS/libpcap-0.9.4-15.el5.x86_64.rpm

# rpm -ivh libpcap-0.9.4-15.el5.x86_64.rpm

最后安装pptpd

#rpm -ivh pptpd-1.4.0-1.rhel5.x86_64.rpm

3、配置pptpd:

# vi /etc/ppp/options.pptpd

在最后开启日志及DNS服务器地址

#nologfd

logfile /var/log/pptpd.log

ms-dns 8.8.8.8

ms-dns 8.8.4.4

:wq保存并退出

4、VPN拨号用户配置

# vi /etc/ppp/chap-secrets

配置格式为:拨号用户名    服务器类型   密码    分配IP(*为自动分配)

如:user     pptpd    123456    *

5、设置pptpd服务器IP及客户端分配地址池

localip 192.168.0.1
remoteip 192.168.0.2-254

:wq保存并退出

完成以上步骤,pptpd服务器已配置完成,可以实现拨号连接

6、启动pptpd服务

# service pptpd start

设置pptpd开机自动启动

# chkconfig pptpd on

7、开启服务器系统路由功能,支持包转发

vi /etc/sysctl.conf

增加一行,开启IP转发功能  net.ipv4.ip_forward = 1

注释一行,关闭SYN cookie功能 #net.ipv4.tcp_syncookies = 1

:wq保存并退出

8、配置防火墙

参考配置:

*nat
:PREROUTING ACCEPT [9983:654558]
:POSTROUTING ACCEPT [743:47159]
:OUTPUT ACCEPT [743:47159]
-A POSTROUTING -s 192.168.0.0/24 -j SNAT --to-source 123.456.789.0(服务器外网IP地址)
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:XMIRROR_DDOS - [0:0]
:XMIRROR_INPUT_CC - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1723 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i ppp+ -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
-A FORWARD -s 192.168.0.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356

#黑名单设置
-A INPUT -s 103.207.36.41 -j DROP
-A INPUT -s 116.31.116.16 -j DROP
COMMIT
# Completed on Sun Apr 2 01:12:45 2017

配置文件下载:iptables

9、开启自动建立ppp设备节点

vi /etc/rc.d/rc.local

在文件末尾加上 mknod /dev/ppp c 108 0

:wq保存退出

由于yum install aria2无法找到安装包,试了好几个源,都找不到,于是自己找了一些地址:

1、下载安装包:

# wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/aria2-1.16.4-1.el6.rf.x86_64.rpm

# wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/nettle-2.2-1.el6.rf.x86_64.rpm

# wget http://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el6/en/x86_64/rpmforge/RPMS/nettle-devel-2.2-1.el6.rf.x86_64.rpm

2、安装

安装aria2时会提示

error: Failed dependencies:
libnettle.so.4()(64bit) is needed by aria2-1.16.4-1.el6.rf.x86_64

所以,需要先安装nettle-2.2.1,依次执行以下安装命令即可:

# rpm -ivh nettle-2.2-1.el6.rf.x86_64.rpm

# rpm -ivh nettle-devel-2.2-1.el6.rf.x86_64.rpm

# rpm -ivh aria2-1.16.4-1.el6.rf.x86_64.rpm

3、测试(下载百度首页)

# aria2c http://www.baidu.com

05/23 00:00:13 [NOTICE] Download complete: /home/root/index.html

Download Results:
gid |stat|avg speed |path/URI
======+====+===========+=======================================================
678b8e|OK | 0.9MiB/s|/home/root/index.html

Status Legend:
(OK):download completed.