安装VPN服务

1. 更新yum源

# 编写Shell脚本，执行脚本更新[root@vpn ~]# vim install-centos7-yum-repo.sh
#
#  install-centos7-yum-pero.sh
#
#  Created by zhaodg on 15-04-26.
#  Copyright (c) 2014ๅนด zhaodg. All rights reserved.
#

#!/bin/bash
#rm -rf /etc/yum.repos.d/epel.repo

cat << EOF >> /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - \$basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=\$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/\$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
[epel-source]
name=Extra Packages for Enterprise Linux 7 - \$basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=\$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1
EOF

yum makecache

[root@vpn ~]# sh install-centos7-yum-repo.sh

2. 安装pptpd服务

# 编写Shell脚本，执行脚本后完成安装
[root@vpn ~]# vim install-pptpd.sh
#
#  install-pptpd.sh
#
#  Created by zhaodg on 15-04-26.
#  Copyright (c) 2015年 zhaodg. All rights reserved.
#  Update by chenyongqiang on 2021

#!/bin/bash

# clean
yum -y remove pptpd ppp > /dev/null

iptables --flush POSTROUTING --table nat
iptables --flush FORWARD

rm -rf /etc/pptpd.conf
rm -rf /etc/ppp
rm -rf /dev/ppp

# install component
yum -y install make openssl gcc-c++ ppp iptables pptpd iptables-services > /dev/null

# /etc/ppp/chap-secrets# 设置默认用户和用户密码
username='chenyq'
pass='Huawei@123'
#if [ "$1" != "" ]
#  then username=$1
#elif [ "$2" != "" ]
#  then pass=$2
#fi
echo "${username} pptpd ${pass} *" >> /etc/ppp/chap-secrets

# 以下IP地址按实际IP地址填写
# /etc/pptpd.conf
echo "localip 192.168.0.1" >> /etc/pptpd.conf
echo "remoteip 192.168.0.234-238,192.168.0.245" >> /etc/pptpd.conf

# /etc/ppp/options.pptpd
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 8.8.4.4" >> /etc/ppp/options.pptpd

# /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p > /dev/null # 使内核转发生效

iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356
#iptables -t nat -A POSTROUTING -s 172.16.36.0/24 -j SNAT --to-source `ifconfig | grep 'inet' | grep 'netmask' | grep 'broadcast' | grep -v '127.0.0.1' | cut -d: -f2 | awk 'NR==1 {print $2}'`
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
/usr/libexec/iptables/iptables.init save > /dev/null

mknod /dev/ppp c 108 0
chmod +x /etc/rc.d/rc.local
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo \"1\">/proc/sys/net/ipv4/ip_forward" >> /etc/rc.local

echo "iptables -A INPUT -p tcp  --dport 1723 -j ACCEPT" >> /etc/rc.local
echo "iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT" >> /etc/rc.local
echo "iptables -A INPUT -p gre -j ACCEPT" >> /etc/rc.local
echo "iptables -A OUTPUT  -p gre -j ACCEPT" >> /etc/rc.local

echo "iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356" >> /etc/rc.local
echo "iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE" >> /etc/rc.local

systemctl restart iptables
systemctl restart pptpd

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

# 开机自动启动
systemctl enable pptpd > /dev/null
#chkconfig pptpd on > /dev/null

echo "VPN service is installed, your VPN username is ${username}, VPN password is ${pass}"

[root@vpn ~]# sh install-pptpd.sh

3. win主机连接vpn