[root@li402-211 PPTP]# zgrep MPPE /proc/config.gz

cat /dev/net/tun

modprobe ppp-compress-18 && echo ok

strings '/usr/sbin/pppd' |grep -i mppe | wc --lines

yum install -y ppp iptables 

wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm 

rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm

vi /etc/pptpd.conf

###############################################################################

# $Id: pptpd.conf,v 1.10 2006/09/04 23:30:57 quozl Exp $

#

# Sample Poptop configuration file /etc/pptpd.conf

#

# Changes are effective when pptpd is restarted.

###############################################################################

 

# TAG: ppp

# Path to the pppd program, default '/usr/sbin/pppd' on Linux

#

#ppp /usr/sbin/pppd

 

# TAG: option

# Specifies the location of the PPP options file.

# By default PPP looks in '/etc/ppp/options'

#

option /etc/ppp/options.pptpd

 

# TAG: debug

# Turns on (more) debugging to syslog

#

#debug

 

# TAG: stimeout

# Specifies timeout (in seconds) on starting ctrl connection

#

# stimeout 10

 

# TAG: noipparam

#       Suppress the passing of the client's IP address to PPP, which is

#       done by default otherwise.

#

#noipparam

 

# TAG: logwtmp

# Use wtmp(5) to record client connections and disconnections.

#

#logwtmp

 

# TAG: bcrelay <if>

# Turns on broadcast relay to clients from interface <if>

#

#bcrelay eth1

 

# TAG: delegate

# Delegates the allocation of client IP addresses to pppd.

#

#       Without this option, which is the default, pptpd manages the list of

#       IP addresses for clients and passes the next free address to pppd.

#       With this option, pptpd does not pass an address, and so pppd may use

#       radius or chap-secrets to allocate an address.

#

#delegate

 

# TAG: connections

#       Limits the number of client connections that may be accepted.

#

#       If pptpd is allocating IP addresses (e.g. delegate is not

#       used) then the number of connections is also limited by the

#       remoteip option.  The default is 100.

#connections 100

 

# TAG: localip

# TAG: remoteip

# Specifies the local and remote IP address ranges.

#

# These options are ignored if delegate option is set.

#

#       Any addresses work as long as the local machine takes care of the

#       routing.  But if you want to use MS-Windows networking, you should

#       use IP addresses out of the LAN address space and use the proxyarp

#       option in the pppd options file, or run bcrelay.

#

# You can specify single IP addresses seperated by commas or you can

# specify ranges, or both. For example:

#

# 192.168.0.234,192.168.0.245-249,192.168.0.254

#

# IMPORTANT RESTRICTIONS:

#

# 1. No spaces are permitted between commas or within addresses.

#

# 2. If you give more IP addresses than the value of connections,

#    it will start at the beginning of the list and go until it

#    gets connections IPs.  Others will be ignored.

#

# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,

#    you must type 234-238 if you mean this.

#

# 4. If you give a single localIP, that's ok - all local IPs will

#    be set to the given one. You MUST still give at least one remote

#    IP for each simultaneous client.

#

# (Recommended)

localip 192.168.10.1

remoteip 192.168.10.10-254

# or

#localip 192.168.0.234-238,192.168.0.245

#remoteip 192.168.1.234-238,192.168.1.245

vi /etc/ppp/options.pptpd

###############################################################################

# $Id: options.pptpd,v 1.11 2005/12/29 01:21:09 quozl Exp $

#

# Sample Poptop PPP options file /etc/ppp/options.pptpd

# Options used by PPP when a connection arrives from a client.

# This file is pointed to by /etc/pptpd.conf option keyword.

# Changes are effective on the next connection.  See "man pppd".

#

# You are expected to change this file to suit your system.  As

# packaged, it requires PPP 2.4.2 and the kernel MPPE module.

###############################################################################

 

 

# Authentication

 

# Name of the local system for authentication purposes 

# (must match the second field in /etc/ppp/chap-secrets entries)

name pptpd

 

# Strip the domain prefix from the username before authentication.

# (applies if you use pppd with chapms-strip-domain patch)

#chapms-strip-domain

 

 

# Encryption

# (There have been multiple versions of PPP with encryption support,

# choose with of the following sections you will use.)

 

 

# BSD licensed ppp-2.4.2 upstream with MPPE only, kernel module ppp_mppe.o

# {{{

refuse-pap

refuse-chap

refuse-mschap

# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft

# Challenge Handshake Authentication Protocol, Version 2] authentication.

require-mschap-v2

# Require MPPE 128-bit encryption

# (note that MPPE requires the use of MSCHAP-V2 during authentication)

require-mppe-128

# }}}

 

 

# OpenSSL licensed ppp-2.4.1 fork with MPPE only, kernel module mppe.o

# {{{

#-chap

#-chapms

# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft

# Challenge Handshake Authentication Protocol, Version 2] authentication.

#+chapms-v2

# Require MPPE encryption

# (note that MPPE requires the use of MSCHAP-V2 during authentication)

#mppe-40 # enable either 40-bit or 128-bit, not both

#mppe-128

#mppe-stateless

# }}}

 

 

# Network and Routing

 

# If pppd is acting as a server for Microsoft Windows clients, this

# option allows pppd to supply one or two DNS (Domain Name Server)

# addresses to the clients.  The first instance of this option

# specifies the primary DNS address; the second instance (if given)

# specifies the secondary DNS address.

#ms-dns 10.0.0.1

#ms-dns 10.0.0.2

 

ms-dns 106.182.34.20

ms-dns 106.182.35.20

ms-dns 106.182.36.20

 

# If pppd is acting as a server for Microsoft Windows or "Samba"

# clients, this option allows pppd to supply one or two WINS (Windows

# Internet Name Services) server addresses to the clients.  The first

# instance of this option specifies the primary WINS address; the

# second instance (if given) specifies the secondary WINS address.

#ms-wins 10.0.0.3

#ms-wins 10.0.0.4

 

# Add an entry to this system's ARP [Address Resolution Protocol]

# table with the IP address of the peer and the Ethernet address of this

# system.  This will have the effect of making the peer appear to other

# systems to be on the local ethernet.

# (you do not need this if your PPTP server is responsible for routing

# packets to the clients -- James Cameron)

proxyarp

 

# Normally pptpd passes the IP address to pppd, but if pptpd has been

# given the delegate option in pptpd.conf or the --delegate command line

# option, then pppd will use chap-secrets or radius to allocate the

# client IP address.  The default local IP address used at the server

# end is often the same as the address of the server.  To override this,

# specify the local IP address here.

# (you must not use this unless you have used the delegate option)

#10.8.0.100

 

 

# Logging

 

# Enable connection debugging facilities.

# (see your syslog configuration for where pppd sends to)

#debug

 

# Print out all the option values which have been set.

# (often requested by mailing list to verify options)

#dump

 

 

# Miscellaneous

 

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive

# access.

lock

 

# Disable BSD-Compress compression

nobsdcomp 

 

# Disable Van Jacobson compression 

# (needed on some networks with Windows 9x/ME/XP clients, see posting to

# poptop-server on 14th April 2005 by Pawel Pokrywka and followups,

# http://marc.theaimsgroup.com/?t=111343175400006&r=1&w=2 )

novj

novjccomp

 

# turn off logging to stderr, since this may be redirected to pptpd, 

# which may trigger a loopback

nologfd

idle 2592000

# put plugins here 

# (putting them higher up may cause them to sent messages to the pty)

vi /etc/ppp/chap-secrets

service pptpd start

sysctl -w net.ipv4.ip_forward=1

/sbin/service iptables start

iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT --to-source 106.182.53.211 

/etc/init.d/iptables save 

/etc/init.d/iptables restart