Pptpd on Centos 6
How to install pptpd server on Centos 6
NOTE than pptpd is potentially unsecure and the tunnel can be decrypted with well-known methods. it's simple to configure and use. But we will not recommend to use it in enterprise environments.
install pptpd
you can install rpm like this way:
rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm yum -y install pptpdBut it's recommended to add poptop repo first:
rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTPedit the file /etc/yum.repos.d/poptop.repo
for x64 systems:
[poptop] name=poptop CentOS baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/ gpgcheck=1 gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP enabled=1 priority=30for x86 systems:
[poptop] name=poptop CentOS baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/i386/ gpgcheck=1 gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP enabled=1 priority=30note: change rhel6 to rhel5 if you in centos5
after simply install using yum
yum install pptpdEdit IP setttings in /etc/pptpd.conf
localip 192.168.13.1
remoteip 192.168.13.101-200
Add users to file /etc/ppp/chap-secrets:
user1 pptpd p@sword1 "*"
Add dns in config file: /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Enable IP forwarding. Edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
Save changes
sysctl -pAdd these rules to firewall 3 examples:
1 with no interface specified - compatible with routers
iptables -t nat -A POSTROUTING -s vpnIP.Addr.2.3/255.255.255.0 -j SNAT --to-source eth0IPAddr iptables -A FORWARD -s vpnIP.Addr.2.3/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 13562 with MASQUERADING
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT3 without MASQUERADING
iptables -t nat -A POSTROUTING -s 192.168.13.0/24 -o eth0 -j SNAT --to ''<your_server_ip>'' iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPTsave and restart iptables
iptables-save >/etc/sysconfig/iptables service iptables restartStart PPTP VPN server
service pptpd startSet PPTP to start at boot:
chkconfig pptpd onand also iptables ,for sure
chkconfig iptables on
if you cant connect and you see nothing in logs ( tail -f /var/log/messages ) - check your FW rules. For example the rule #-A INPUT -j REJECT --reject-with icmp-host-prohibited will block incoming pptpd client connection