系统使用centos 7 最小化。
修改内核参数
sed -i -e "/net.ipv4.ip_forward/d" /etc/sysctl.conf
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sed -i -e "/net.ipv4.conf.all.accept_redirects/d" /etc/sysctl.conf
echo "net.ipv4.conf.all.accept_redirects=0" >> /etc/sysctl.conf
sed -i -e "/net.ipv4.conf.all.send_redirects/d" /etc/sysctl.conf
echo "net.ipv4.conf.all.send_redirects=0" >> /etc/sysctl.conf
sed -i -e "/net.ipv4.conf.default.rp_filter/d" /etc/sysctl.conf
echo "net.ipv4.conf.default.rp_filter=0" >> /etc/sysctl.conf
sed -i -e "/net.ipv4.conf.default.accept_source_route/d" /etc/sysctl.conf
echo "net.ipv4.conf.default.accept_source_route=0" >> /etc/sysctl.conf
sed -i -e "/net.ipv4.conf.default.send_redirects/d" /etc/sysctl.conf
echo "net.ipv4.conf.default.send_redirects=0" >> /etc/sysctl.conf
sed -i -e "/net.ipv4.icmp_ignore_bogus_error_responses/d" /etc/sysctl.conf
echo "net.ipv4.icmp_ignore_bogus_error_responses=1" >> /etc/sysctl.conf
sysctl -p
cat /etc/sysctl.d/*.conf /etc/sysctl.conf | sysctl -e -p -
#安装
yum -y install python pip
pip install sstp-server
#配置文件
cat /etc/ppp/options.sstpd
name sstpd
require-mschap-v2
nologfd
nodefaultroute
ms-dns 8.8.8.8
ms-dns 8.8.4.4
证书
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: you_address
Email Address []:
#运行
sstpd -p 443 -c my.cert -k my.key --local 192.168.0.254 --remote 192.168.0.0/24
SSTP 主要是证书申请。有点难度,其他的都简单。
