#!/bin/sh

PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH

rpm -Uvh http://poptop.sourceforge.net/yum/beta/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm

echo "option /etc/ppp/options.pptpd
logwtmp
localip 172.16.0.1
remoteip 172.16.0.2-127" > /etc/pptp.conf

echo "name pptpd

refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
lock
nobsdcomp 
novj
novjccomp
nologfd
mtu 1400" > /etc/ppp/options.pptpd

sed -i 's/-A FORWARD -j DROP/-A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1240/' /etc/sysconfig/iptables
sed -i 's/-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT/-A FORWARD -i ppp+ -j ACCEPT\n-A FORWARD -o ppp+ -j ACCEPT\n-A RH-Firewall-1-INPUT -i ppp+ -j ACCEPT\n-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 1723 -j ACCEPT\n-A RH-Firewall-1-INPUT -p 47 -j ACCEPT\n\n-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT/' /etc/sysconfig/iptables
echo "*nat
-A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 172.16.0.0/24 -o eth1 -j MASQUERADE

COMMIT
" >> /etc/sysconfig/iptables

sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/' /etc/sysctl.conf
sysctl -p
service pptpd start
chkconfig pptpd on