Difference between revisions of "Install PPTP on CentOS 5"
m (Created page with "This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disable...")
Revision as of 11:20, 29 April 2011
This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.
This tutorial is geared more towards home users who have a spare system to run PPTP on. In this tutorial, Windows 7 is used for the client connecting to the VPN.
If you notice a problem with this How-To or would like to provide feedback, please email Matt.
- Install CentOS 5
GREprotocol and TCP port
1723through your firewall
Install the Server
Add the Poptop Yum Repository
Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.
- Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.
#!/bin/bash /sbin/iptables -F /sbin/iptables -P INPUT DROP /sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT /sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT /sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT /sbin/iptables -A INPUT -p icmp -j ACCEPT /sbin/iptables -A INPUT -i lo -j ACCEPT /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT /sbin/service iptables save /sbin/iptables -L -v
net.ipv4.ip_forward = 1
Make the changes active
Install PPTP Server
Install ppp and pptpd
yum install ppp pptpd
Configure the service to start on boot
chkconfig --levels 345 pptpd on
Configure Client Network Options
localip 10.10.11.1 remoteip 10.10.11.5-100
ms-dns 188.8.131.52 ms-dns 184.108.40.206
Configure Client Access
/etc/ppp/chap-secrets. You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.
# Secrets for authentication using CHAP # client server secret IP addresses mccarrms * mccarrms-password *
Start the Server
Start the pptpd service
service pptpd start
Configure the Client
Browse to http://www.whatismyip.com to verify that your traffic is going through the VPN server