Pptpd on Centos 6

How to install pptpd server on Centos 6

NOTE than pptpd is potentially unsecure and the tunnel can be decrypted with well-known methods. it's simple to configure and use. But we will not recommend to use it in enterprise environments.

install pptpd

you can install rpm like this way:

rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
yum -y install pptpd

But it's recommended to add poptop repo first:

rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP

edit the file /etc/yum.repos.d/poptop.repo

for x64 systems:

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

for x86 systems:

[poptop]
name=poptop CentOS
baseurl=http://poptop.sourceforge.net/yum/stable/rhel6/i386/
gpgcheck=1
gpgkey=http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
enabled=1
priority=30

note: change rhel6 to rhel5 if you in centos5

after simply install using yum

yum install pptpd

Edit IP setttings in /etc/pptpd.conf

localip 192.168.13.1
remoteip 192.168.13.101-200

Add users to file /etc/ppp/chap-secrets:

user1 pptpd p@sword1 "*"

Add dns in config file: /etc/ppp/options.pptpd

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Enable IP forwarding. Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Save changes

sysctl -p

Add these rules to firewall 3 examples:

1 with no interface specified - compatible with routers

iptables -t nat -A POSTROUTING -s vpnIP.Addr.2.3/255.255.255.0 -j SNAT --to-source eth0IPAddr
iptables -A FORWARD -s vpnIP.Addr.2.3/255.255.255.0 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS  --set-mss 1356

2 with MASQUERADING

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

3 without MASQUERADING

iptables -t nat -A POSTROUTING -s 192.168.13.0/24 -o eth0 -j SNAT --to ''<your_server_ip>''
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

save and restart iptables

iptables-save >/etc/sysconfig/iptables
service iptables restart

Start PPTP VPN server

service pptpd start

Set PPTP to start at boot:

chkconfig pptpd on

and also iptables ,for sure

chkconfig iptables on


if you cant connect and you see nothing in logs ( tail -f /var/log/messages ) - check your FW rules. For example the rule #-A INPUT -j REJECT --reject-with icmp-host-prohibited will block incoming pptpd client connection

 


Was this answer helpful?

 Print this Article

Also Read

OpenVPN Access Server

§  Install OpenVPN Access Server Be sure that you are using a clean system and no...

Security tips for Linux server

1. Use only  strong passwords for all accounts , especially for root. Always use a secure root...

Mysql

Installing mysql: yum install mysql-server Enter to mysql: mysql -u user -p password...

Php

Can I help you? Our agents are ready to assist you. Click "Chat Now" to be...

Cron

Cron is the daemon that can be used to schedule tasks according to time, day of the month,...