VPN: PPTP сервер и клиент на CentOS 6

192.168.1.20 - vpn server
192.168.1.25 - vpn client

Server

Автоматизированная установка на сервере:
https://bitbucket.org/sysadm-ru/scripts/src/master/scripts/vpn/pptp/PPTP_for_CentOS_6.5_installation_script_for_SERVER.sh


Ручная установка:


# rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
# yum -y install pptpd



-- ip сервера
# echo "localip 10.0.0.1" >> /etc/pptpd.conf

-- диапазон ip клиетов
# echo "remoteip 10.0.0.100-200" >> /etc/pptpd.conf




# echo "username1 pptpd userpass1 *" >> /etc/ppp/chap-secrets




DNS configuration
# echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
# echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd




# chkconfig --level 345 pptpd on 
# service pptpd restart

# lsof -i TCP:1723
COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
pptpd   1234 root    6u  IPv4  25289      0t0  TCP *:pptp (LISTEN)





# cp /etc/sysctl.conf /etc/sysctl.conf.bkp
# vi /etc/sysctl.conf


net.ipv4.ip_forward = 0
меняю на 
net.ipv4.ip_forward = 1

# sysctl -p



Create a NAT rule for iptables
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save


If you would also like your PPTP clients to talk to each other, add the following iptables rules: 
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT





Client


# yum install -y pptp


# modprobe ppp_mppe



# vi /etc/ppp/peers/pptpserver 

pty "pptp 192.168.1.20 --nolaunchpppd"
name username1
password userpass1
remotename PPTP
require-mppe-128


# pppd call pptpserver






# less /var/log/messages
Jan 19 16:50:48 gitclient pppd[1169]: local  IP address 10.0.0.100
Jan 19 16:50:48 gitclient pppd[1169]: remote IP address 10.0.0.1




# ifconfig ppp0
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.0.0.100  P-t-P:10.0.0.1  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1496  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:60 (60.0 b)  TX bytes:66 (66.0 b)




# ping 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=35.8 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=66.4 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=22.7 ms


# ping -I ppp0 10.0.0.1



# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.0.0.1        0.0.0.0         255.255.255.255 UH    0      0        0 ppp0
192.168.1.20    0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0
0.0.0.0         192.168.1.1     0.0.0.0         UG    0      0        0 eth0




# ip route add 10.0.0.0/8 dev ppp0










Почитать:
https://www.digitalocean.com/community/articles/how-to-setup-your-own-vpn-with-pptp