How to install pptp VPN on CentOS, RedHat and Ubuntu
Point-to-Point Tunneling Protocol
The Point-to-Point Tunneling Protocol (PPTP) is a method for
implementing virtual private networks. PPTP uses a control channel over
TCP and a GRE tunnel operating to encapsulate PPP packets.
The PPTP specification does not describe encryption or authentication
features and relies on the Point-to-Point Protocol being tunneled to
implement security functionality. However the most common PPTP
implementation, shipping with the Microsoft Windows product families,
implements various levels of authentication and encryption natively as
standard features of the Windows PPTP stack. The intended use of this
protocol is to provide similar levels of security and remote access as
typical VPN products.
Step 1. Install PPTPD
If your OS is CentOS/RedHat 5:
yum install pppcd
/usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
rpm -Uhv pptpd-1.3.4-2.rhel5.x86_64.rpm
If your OS is CentOS/RedHat 6:
yum install pppcd
/usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm
If you are using Ubuntu:
apt-get install pptpd
Step 2. Edit IP setttings in /etc/pptpd.conf
vi /etc/pptpd.conf
localip 10.22.22.1
remoteip 10.22.22.22-222
Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)
vi /etc/ppp/chap-secrets
vpnuser1 pptpd randompass1 *
vpnuser2 pptpd randompass2 *
Step 4. Optional settings in /etc/ppp/options.pptpd
vi /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 4.4.4.4
Step 5. Enable network forwarding in /etc/sysctl.confvi /etc/sysctl.conf
net.ipv4.ip_forward = 1
use the following command to apply the change:
sysctl -p
Step 6. Configure firewall
iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart
If you are using CSF firewall, then
Config CSF Firewall
Step 1
Create File
vi /etc/csf/csfpre.sh
Input Text down
iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
Save File
chmod 777 /etc/csf/csfpre.sh
Step 2
Create File
vi /etc/csf/csfpost.sh
Input Text down
service pptpd stop
service pptpd start
Save File
chmod 777 /etc/csf/csfpost.sh
restart csf+lfd (web interface or command line )
Step 7. Start PPTP VPN server
If your OS is CentOS or Redhat, using the following command:
service pptpd restart
To start PPTP Daemon automatically when rebooting next time, use command:
chkconfig pptpd on
If your OS is Ubuntu, you just reboot your machine.
The log of the VPN server, by default, is combined with system log located at /var/log/messages.