Last active
September 27, 2023 04:40
-
-
Save yyang/8298541b19594bd09402 to your computer and use it in GitHub Desktop.
centos 7 pptpd firewalld
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# | |
# pptpd installation script on my own CentOS 7 box. | |
# inspired by: https://www.digitalocean.com/community/questions/how-to-install-pptp-vpn-on-centos-7 | |
# and http://unix.stackexchange.com/questions/150837/redhat-centos-7-firewalld-best-practice-for-pptp-or-l2tp-ipsec-rules | |
# | |
# Author: 2015 Steve Yang <[email protected]> | |
# The script comes with ABSOLUTELY NO WARRANTY. | |
# Install pptpd | |
rpm -Uvh http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-1.noarch.rpm | |
yum -y install ppp pptpd | |
# pptpd settings | |
echo 'localip 10.10.0.1' >> /etc/pptpd.conf | |
echo 'remoteip 10.10.0.100-199' >> /etc/pptpd.conf | |
echo 'ms-dns 8.8.8.8' >> /etc/ppp/options.pptpd | |
echo 'ms-dns 8.8.4.4' >> /etc/ppp/options.pptpd | |
echo 'USERNAME pptpd PASSWORD *' >> /etc/ppp/chap-secrets | |
# system ipv4 forward | |
sysctl_file=/etc/sysctl.conf | |
if grep -xq 'net.ipv4.ip_forward' $sysctl_file; then | |
sed -i.bak -r -e "s/^.*net.ipv4.ip_forward.*/net.ipv4.ip_forward = 1/" $sysctl_file | |
else | |
echo 'net.ipv4.ip_forward = 1' >> $sysctl_file | |
fi | |
sysctl -p | |
# firewalld | |
zone=public | |
firewall-cmd --permanent --new-service=pptp | |
cat >/etc/firewalld/services/pptp.xml<<EOF | |
<?xml version="1.0" encoding="utf-8"?> | |
<service> | |
<port protocol="tcp" port="1723"/> | |
</service> | |
EOF | |
firewall-cmd --permanent --zone=$zone --add-service=pptp | |
firewall-cmd --permanent --zone=$zone --add-masquerade | |
firewall-cmd --reload | |
# start pptpd | |
systemctl start pptpd | |
systemctl enable pptpd.service |
the firewalld part works perfectly for me on Centos 7.
There is no protocol 47(GRE) accept. https://github.com/t-woerner/firewalld/issues/30 for example
is there any other settings on centos 7?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The first command doesn't work
So you can change that to
rpm -Uvh http://linux.mirrors.es.net/fedora-epel//epel-release-latest-7.noarch.rpm