【Linux】CentOS 6如何配置VPN客户端

0xAA55

1、安装ppp和pptp

# yum -y install ppp pptp

2、配置你的VPN用户名和密码

# vi /etc/ppp/chap-secrets

添加一行内容，格式如下：

用户名 PPTP 密码 *

比如我的用户名是foo，密码是2b2b2b2b2b，那么我的chap-secrets文件里面应该就有这样的一行内容：

foo PPTP 2b2b2b2b2b *

3、添加VPN连接配置。

#vi /etc/ppp/peers/配置名

这个“配置名”可以改成任意你喜欢的名字，最好全英文，不能有空格。比如bar。
然后在这个里面，输入以下的内容：

1. pty "pptp 你的VPN服务器的地址 --nolaunchpppd"
   
2. name 你的用户名
   
3. remotename PPTP
   
4. require-mppe-128
   
5. file /etc/ppp/options.pptp
   
6. ipparam 配置名

复制代码

其中的“require-mppe-128”意为你需要mppe-128的加密。

4、播VPN连接。

运行以下命令：

# modprobe nf_conntrack_pptp
# pppd call 连接名

然后通过监视/var/log/messages来观察它的连接情况。

1. Jan 16 01:10:23 ip-xxx-xxx-xxx-xxx pppd[28736]: pppd 2.4.5 started by ec2-user, uid 0
   
2. Jan 16 01:10:23 ip-xxx-xxx-xxx-xxx pppd[28736]: Using interface ppp0
   
3. Jan 16 01:10:23 ip-xxx-xxx-xxx-xxx pppd[28736]: Connect: ppp0 <--> /dev/pts/0
   
4. Jan 16 01:10:23 ip-xxx-xxx-xxx-xxx pptp[28739]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
   
5. Jan 16 01:10:24 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
   
6. Jan 16 01:10:24 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
   
7. Jan 16 01:10:24 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
   
8. Jan 16 01:10:25 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
   
9. Jan 16 01:10:25 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
   
10. Jan 16 01:10:25 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 43295).
    
11. Jan 16 01:10:25 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_disp:pptp_ctrl.c:950]: PPTP_SET_LINK_INFO received from peer_callid 0
    
12. Jan 16 01:10:25 ip-xxx-xxx-xxx-xxx pptp[28752]: anon log[ctrlp_disp:pptp_ctrl.c:953]:   send_accm is 00000000, recv_accm is FFFFFFFF
    
13. Jan 16 01:10:25 ip-xxx-xxx-xxx-xxx pptp[28752]: anon warn[ctrlp_disp:pptp_ctrl.c:956]: Non-zero Async Control Character Maps are not supported!
    
14. Jan 16 01:10:26 ip-xxx-xxx-xxx-xxx pppd[28736]: CHAP authentication succeeded
    
15. Jan 16 01:10:26 ip-xxx-xxx-xxx-xxx pppd[28736]: MPPE 128-bit stateless compression enabled
    
16. Jan 16 01:10:27 ip-xxx-xxx-xxx-xxx pppd[28736]: local  IP address xxx.xxx.xxx.xxx
    
17. Jan 16 01:10:27 ip-xxx-xxx-xxx-xxx pppd[28736]: remote IP address 192.168.xxx.1

复制代码

这其中你能看到你被分配了一个IP地址了，就证明你成功连上了VPN。

5、设置静态路由表，让你的包裹经过你的VPN发出。

这个请参考route命令。

# ip route add 0.0.0.0/0 via 192.168.1.254 dev ppp0

这句会让所有的包裹经过VPN发出。

6、断开连接的方法：

# killall pppd