sock5:
1、yum -y install pam-devel openldap-devel cyrus-sasl-devel gcc automake make openssl openssl-devel
2、wget -O ss5.tar.gz http://sourceforge.net/projects/ss5/files/ss5/3.8.9-2/ss5-3.8.9-2.tar.gz(下载最新版地址:wget -O ss5.tar.gz http://sourceforge.net/projects/ss5/files/latest/download?source=files)
3、tar zxvf ss5.tar.gz && cd ss5-3.8.9/
4、./configure && make && make install
5、vi /etc/opt/ss5/ss5.conf
去掉下面两行前面的‘#’,如果需要设置用户名和密码,需要把第一行第4列和第二行第2列的‘-’替换为‘u’
#auth 0.0.0.0/0 - -
#permit - 0.0.0.0/0 - 0.0.0.0/0
6、service ss5 start
7、备注:默认端口为1080,如需更改可配置/etc/sysconfig/ss5。如需设置用户名和密码,可配置/etc/opt/ss5.passwd
8、防火墙设置(/etc/sysconfig/iptables)
-A INPUT -p tcp -m state --state NEW -m tcp --dport 1080 -j ACCEPT
pptp:
准备(任选一种)
手动下载 方式
http://poptop.sourceforge.net/yum/stable/packages/
rpm -ivh pptp.xxx.rpm ppp.xxx.rpm (下载的rpm)
配置yum源方式
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp/pptp-release-current.noarch.rpm
yum install ppp pptpd
开启路由转发
1、vim /etc/sysctl.conf
修改
net.ipv4.ip_forward = 1
执行:
/sbin/sysctl -p 让修改的内核参数生效
2、vim /etc/ppp/options.pptpd
修改:
ms-dns 4.2.2.1 当地能用的dns
ms-dns 4.2.2.2
3、vim /etc/pptpd.conf
修改 :
localip 10.8.8.1 为vpn管道的ip (VPN主机IP)
remoteip 10.8.8.2-245 为给客户端连接分配的ip地址范围
开机启动、运行
1、chkconfig pptpd on
2、service pptpd start
添加账号
1、vim /etc/ppp/chap-secrets
添加 :
vpnuser01 pptpd123456*
vpnuser02 pptpd123456*
vpnuser03 pptpd123456*
vpnuser04 pptpd123456*
依次是:用户名,服务名,密码,允许的ip。
服务名在options.pptpd的name定义,默认为pptpd
iptables 配置(注意同一类型 ACCEPT 放在 REJECT之前)
1、iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
2、iptables -A POSTROUTING -t nat -s 10.8.8.0/24 -o eth0 -j MASQUERADE
3、service iptables restart
# Generated by iptables-save v1.4.7 on Fri Aug 21 14:56:36 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [225:28120]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p gre -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -s 10.8.8.0/24 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.8.0/24 -o eth0 -j ACCEPT
-A FORWARD -d 10.8.8.0/24 -i eth0 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Fri Aug 21 14:56:36 2015
# Generated by iptables-save v1.4.7 on Fri Aug 21 14:56:36 2015
*nat
:PREROUTING ACCEPT [64:9976]
:POSTROUTING ACCEPT [3:228]
:OUTPUT ACCEPT [3:228]
-A POSTROUTING -s 10.8.8.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Fri Aug 21 14:56:36 2015