Create a gist now

Instantly share code, notes, and snippets.

@yyang /centos7.sh
Last active Dec 10, 2017

Embed
centos 7 pptpd firewalld
#!/bin/sh
#
# pptpd installation script on my own CentOS 7 box.
# inspired by: https://www.digitalocean.com/community/questions/how-to-install-pptp-vpn-on-centos-7
# and http://unix.stackexchange.com/questions/150837/redhat-centos-7-firewalld-best-practice-for-pptp-or-l2tp-ipsec-rules
#
# Author: 2015 Steve Yang <me@iyyang.com>
# The script comes with ABSOLUTELY NO WARRANTY.
# Install pptpd
rpm -Uvh http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-1.noarch.rpm
yum -y install ppp pptpd
# pptpd settings
echo 'localip 10.10.0.1' >> /etc/pptpd.conf
echo 'remoteip 10.10.0.100-199' >> /etc/pptpd.conf
echo 'ms-dns 8.8.8.8' >> /etc/ppp/options.pptpd
echo 'ms-dns 8.8.4.4' >> /etc/ppp/options.pptpd
echo 'USERNAME pptpd PASSWORD *' >> /etc/ppp/chap-secrets
# system ipv4 forward
sysctl_file=/etc/sysctl.conf
if grep -xq 'net.ipv4.ip_forward' $sysctl_file; then
sed -i.bak -r -e "s/^.*net.ipv4.ip_forward.*/net.ipv4.ip_forward = 1/" $sysctl_file
else
echo 'net.ipv4.ip_forward = 1' >> $sysctl_file
fi
sysctl -p
# firewalld
zone=public
firewall-cmd --permanent --new-service=pptp
cat >/etc/firewalld/services/pptp.xml<<EOF
<?xml version="1.0" encoding="utf-8"?>
<service>
<port protocol="tcp" port="1723"/>
</service>
EOF
firewall-cmd --permanent --zone=$zone --add-service=pptp
firewall-cmd --permanent --zone=$zone --add-masquerade
firewall-cmd --reload
# start pptpd
systemctl start pptpd
systemctl enable pptpd.service
@blueandhack

This comment has been minimized.

Show comment
Hide comment
@blueandhack

blueandhack Oct 23, 2015

The first command doesn't work
So you can change that to rpm -Uvh http://linux.mirrors.es.net/fedora-epel//epel-release-latest-7.noarch.rpm

The first command doesn't work
So you can change that to rpm -Uvh http://linux.mirrors.es.net/fedora-epel//epel-release-latest-7.noarch.rpm

@wanyancan

This comment has been minimized.

Show comment
Hide comment
@wanyancan

wanyancan Mar 17, 2016

the firewalld part works perfectly for me on Centos 7.

the firewalld part works perfectly for me on Centos 7.

@voron

This comment has been minimized.

Show comment
Hide comment
@voron

voron Mar 25, 2016

There is no protocol 47(GRE) accept. https://github.com/t-woerner/firewalld/issues/30 for example

voron commented Mar 25, 2016

There is no protocol 47(GRE) accept. https://github.com/t-woerner/firewalld/issues/30 for example

@amanualt

This comment has been minimized.

Show comment
Hide comment
@amanualt

amanualt Nov 8, 2017

is there any other settings on centos 7?

amanualt commented Nov 8, 2017

is there any other settings on centos 7?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment