Difference between revisions of "Install PPTP on CentOS 5"
m |
m |
||
| Line 77: | Line 77: | ||
Open up Network and Sharing Center, choose Set up a new connection or network, and select Connect to a workplace. |
Open up Network and Sharing Center, choose Set up a new connection or network, and select Connect to a workplace. |
||
| − | [[Image:pptp1.jpg| |
+ | [[Image:pptp1.jpg|1000px]] |
Choose Use my Internet connection (VPN) and enter in the Internet address of the PPTP server. |
Choose Use my Internet connection (VPN) and enter in the Internet address of the PPTP server. |
||
Revision as of 10:45, 29 April 2011
This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.
This tutorial is geared more towards home users who have a spare system to run PPTP on. In this tutorial, Windows 7 is used for the client connecting to the VPN.
If you notice a problem with this How-To or would like to provide feedback, please email Matt.
Contents
Prerequisets
- Install CentOS 5
- Forward
GREprotocol and TCP port1723through your firewall
Install the Server
Add the Poptop Yum Repository
rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
Configure iptables
Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.
- Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v
Configure Kernel
Edit /etc/sysctl.conf
net.ipv4.ip_forward = 1
Make the changes active
sysctl -p
Install PPTP Server
Install ppp and pptpd
yum install ppp pptpd
Configure the service to start on boot
chkconfig --levels 345 pptpd on
Configure Client Network Options
Modify /etc/pptpd.conf
localip 10.10.11.1
remoteip 10.10.11.5-100
Modify /etc/ppp/options.pptpd
ms-dns 208.67.222.222
ms-dns 208.67.220.220
Configure Client Access
Edit /etc/ppp/chap-secrets. You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.
# Secrets for authentication using CHAP
# client server secret IP addresses
mccarrms * mccarrms-password *
Start the Server
Start the pptpd service
service pptpd start
Configure the Client
Open up Network and Sharing Center, choose Set up a new connection or network, and select Connect to a workplace.
Choose Use my Internet connection (VPN) and enter in the Internet address of the PPTP server. Select Don't connect now.
Enter in the user name and password (chap secret), click Create, and click Close.
Return to Network and Sharing Center and click Change adapter settings.
Right click VPN Connection and choose Properties.
Select the Security tab, set the Type of VPN to Point to Point Tunneling Protocol (PPTP), and click OK.
Double click the VPN Connection and choose Connect.
You should now be connected to your PPTP VPN Server. Browse to http://www.whatismyip.com to verify that your traffic is going through the VPN server
