Difference between revisions of "Install PPTP on CentOS 5"

From CSLabsWiki
Jump to: navigation, search
m (Created page with "This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disable...")
(No difference)

Revision as of 10:20, 29 April 2011

This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.

This tutorial is geared more towards home users who have a spare system to run PPTP on. In this tutorial, Windows 7 is used for the client connecting to the VPN.

If you notice a problem with this How-To or would like to provide feedback, please email Matt.

Prerequisets

  • Install CentOS 5
  • Forward GRE protocol and TCP port 1723 through your firewall

Install the Server

Add the Poptop Yum Repository

rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

  • Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Configure Kernel

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Make the changes active

  • sysctl -p

Install PPTP Server

Install ppp and pptpd

  • yum install ppp pptpd

Configure the service to start on boot

  • chkconfig --levels 345 pptpd on

Configure Client Network Options

Modify /etc/pptpd.conf

localip 10.10.11.1
remoteip 10.10.11.5-100

Modify /etc/ppp/options.pptpd

ms-dns 208.67.222.222
ms-dns 208.67.220.220

Configure Client Access

Edit /etc/ppp/chap-secrets. You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
mccarrms        *       mccarrms-password       *

Start the Server

Start the pptpd service

  • service pptpd start

Configure the Client

Browse to http://www.whatismyip.com to verify that your traffic is going through the VPN server