一、远端服务器操作
1.安装pptp服务
]# rpm -i
http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
]# yum -y install pptpd
2.配置pptp服务
]# vi /etc/pptpd.conf
===> option /etc/ppp/options.pptpd
===> logwtmp
===> localip 远端IP
===> remoteip 172.16.111.101-201
]# vi /etc/ppp/options.pptpd
===> name pptpd
===> refuse-pap
===> refuse-chap
===> refuse-mschap
===> require-mschap-v2
===> require-mppe-128
===> proxyarp
===> lock
===> nobsdcomp
===> novj
===> novjccomp
===> nologfd
===> ms-dns 8.8.8.8
===> ms-dns 8.8.4.4
===> #debug
===> #dump
3.设定用户名和密码
]# vi etc/ppp/chap-secrets
===> VPNUSER pptpd VPNPASS *
4.开启NAT
]# vi /etc/sysctl.conf
===> net.ipv4.ip_forward = 1
]# sysctl -p
]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
5.开启pptpd服务
]# chkconfig pptpd on
]# /etc/init.d/pptpd start
二、本地服务器操作
1.载入nf_nat_pptp和ip_gre模块
]# vi
/etc/sysconfig/modules/nf_nat_pptp.modules
===> #!/bin/sh
===> exec /sbin/modprobe ip_gre >/dev/null
2>&1
===> exec /sbin/modprobe nf_nat_pptp >/dev/null
2>&1
2.将TCP 1723和GRE包转到远端服务器
]# vi /etc/sysctl.conf
===> net.ipv4.ip_forward = 1
]# sysctl -p
]# iptables -A INPUT -p tcp -m tcp --dport 1723 -j
ACCEPT
]# iptables -A INPUT -p gre -j ACCEPT
]# iptables -A PREROUTING -d 本地IP/32 -p tcp -m tcp --dport
1723 -j DNAT --to-destination 远端IP
]# iptables -A POSTROUTING -d 远端IP/32 -p tcp -m tcp --dport
1723 -j MASQUERADE
]# iptables -A PREROUTING -d 本地IP/32 -p gre -j DNAT
--to-destination 远端IP
]# iptables -A POSTROUTING -d 远端IP/32 -p gre -j
MASQUERADE
OK了,打完收工。
