Pptpd on Centos 6

How to install pptpd server on Centos 6

NOTE than pptpd is potentially unsecure and the tunnel can be decrypted with well-known methods. it's simple to configure and use. But we will not recommend to use it in enterprise environments.

install pptpd

you can install rpm like this way:

rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
yum -y install pptpd

But it's recommended to add poptop repo first:

rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP

edit the file /etc/yum.repos.d/poptop.repo

for x64 systems:

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

for x86 systems:

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/i386/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

note: change rhel6 to rhel5 if you in centos5

after simply install using yum

yum install pptpd

Edit IP setttings in /etc/pptpd.conf

localip 192.168.13.1
remoteip 192.168.13.101-200

Add users to file /etc/ppp/chap-secrets:

user1 pptpd p@sword1 "*"

Add dns in config file: /etc/ppp/options.pptpd

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Enable IP forwarding. Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Save changes

sysctl -p

Add these rules to firewall 3 examples:

1 with no interface specified - compatible with routers

iptables -t nat -A POSTROUTING -s vpnIP.Addr.2.3/255.255.255.0 -j SNAT --to-source eth0IPAddr
iptables -A FORWARD -s vpnIP.Addr.2.3/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS  --set-mss 1356

2 with MASQUERADING

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

3 without MASQUERADING

iptables -t nat -A POSTROUTING -s 192.168.13.0/24 -o eth0 -j SNAT --to ''<your_server_ip>''
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

save and restart iptables

iptables-save >/etc/sysconfig/iptables
service iptables restart

Start PPTP VPN server

service pptpd start

Set PPTP to start at boot:

chkconfig pptpd on

and also iptables ,for sure

chkconfig iptables on


if you cant connect and you see nothing in logs ( tail -f /var/log/messages ) - check your FW rules. For example the rule #-A INPUT -j REJECT --reject-with icmp-host-prohibited will block incoming pptpd client connection

 


Was this answer helpful?

 Print this Article