Pptpd on Centos 6

How to install pptpd server on Centos 6

NOTE than pptpd is potentially unsecure and the tunnel can be decrypted with well-known methods. it's simple to configure and use. But we will not recommend to use it in enterprise environments.

install pptpd

you can install rpm like this way:

rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
yum -y install pptpd

But it's recommended to add poptop repo first:

rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP

edit the file /etc/yum.repos.d/poptop.repo

for x64 systems:

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

for x86 systems:

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/i386/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

note: change rhel6 to rhel5 if you in centos5

after simply install using yum

yum install pptpd

Edit IP setttings in /etc/pptpd.conf

localip 192.168.13.1
remoteip 192.168.13.101-200

Add users to file /etc/ppp/chap-secrets:

user1 pptpd p@sword1 "*"

Add dns in config file: /etc/ppp/options.pptpd

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Enable IP forwarding. Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Save changes

sysctl -p

Add these rules to firewall 3 examples:

1 with no interface specified - compatible with routers

iptables -t nat -A POSTROUTING -s vpnIP.Addr.2.3/255.255.255.0 -j SNAT --to-source eth0IPAddr
iptables -A FORWARD -s vpnIP.Addr.2.3/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS  --set-mss 1356

2 with MASQUERADING

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

3 without MASQUERADING

iptables -t nat -A POSTROUTING -s 192.168.13.0/24 -o eth0 -j SNAT --to ''<your_server_ip>''
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

save and restart iptables

iptables-save >/etc/sysconfig/iptables
service iptables restart

Start PPTP VPN server

service pptpd start

Set PPTP to start at boot:

chkconfig pptpd on

and also iptables ,for sure

chkconfig iptables on


if you cant connect and you see nothing in logs ( tail -f /var/log/messages ) - check your FW rules. For example the rule #-A INPUT -j REJECT --reject-with icmp-host-prohibited will block incoming pptpd client connection

 


Was this answer helpful?

 Print this Article

Also Read

Forward (redirect/nat) traffic with iptables

If you want to redirect/nat some traffic to IP 2.2.2.2 via IP 1.1.1.1, it simply can be done...

Adding a new disk drive to Centos 6

Installing a new HDD The disk drives in Centos is named hd* or sd*. In system with only one...

NFS on Centos 6

How to install NFS on Centos 6 yum install nfs-utils nfs-utils-lib Set nfs to start...

Create OpenVPN client

The following instructions are for those VPSGet customers who have installed OpenVPN...

DDoS

Diagnostic To display how many http connections are open at the moment, enter: netstat |...