How to setup a VPN server with CentOS PPTPD

From Brian Nelson Ramblings
Jump to: navigation, search

How to setup a VPN server with CentOS PPTPD

There are 3 basic types of VPN Servers: Point-to-Point Protocol(PPTP), Layer 2 Tunneling Protocol(L2TP) and OpenVPN. I am using PPTP for my personal use, as it is easy to install and you can have it up an running in minutes.

Lets install the EPEL repo

For the x86x64

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

For the i386

wget http://dl.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm

Now install them into YUM

rpm -Uvh epel-release-6*.rpm

Install ppp and pptpd with yum

We had to install the epel repo, because pptpd is not included in the base repo's.

yum install ppp pptpd

Edit the IP for pptpd.conf

vim /etc/pptpd.conf

Add the following lines

localip 192.168.0.1
remoteip 192.168.0.101-200

Create some users for the VPN

vim /etc/ppp/chap-secrets

Then add some users with the following format

user * userpass *

My demo users are:

brian * password4brian *
nelson * password4nelson *

Lets make it use Google for DNS

vim /etc/ppp/options.pptpd

Add the following lines

ms-dns 8.8.8.8
ms-dns 4.4.4.4

Enable Network Forwarding

vim /etc/sysctl.conf

Adjust the following if not already set

net.ipv4.ip_forward = 1

Make the system use your new setting

sysctl -p

Configure the Firewall

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

Lets save the firewall and restart

service iptables save
service iptables restart

Start the VPN Server

service pptpd restart

And add it to the start up

chkconfig pptpd on

Now you can test the VPN server from any client: Windows PCs, Linux PCs, Android phones/tablets, or iPhone and iPad.

The log of the VPN server, by default, is combined with system log located at /var/log/messages.