Install PPTP on CentOS 5

From CSLabsWiki
Revision as of 10:45, 29 April 2011 by Mccarrms (talk | contribs)

This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.

This tutorial is geared more towards home users who have a spare system to run PPTP on. In this tutorial, Windows 7 is used for the client connecting to the VPN.

If you notice a problem with this How-To or would like to provide feedback, please email Matt.


  • Install CentOS 5
  • Forward GRE protocol and TCP port 1723 through your firewall

Install the Server

Add the Poptop Yum Repository

rpm -Uhv

Configure iptables

Create, chmod +x, and run the script.

  • Note: The following will work but you may wish to change the source address from to the network range of your choosing based on your network.
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Configure Kernel

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Make the changes active

  • sysctl -p

Install PPTP Server

Install ppp and pptpd

  • yum install ppp pptpd

Configure the service to start on boot

  • chkconfig --levels 345 pptpd on

Configure Client Network Options

Modify /etc/pptpd.conf


Modify /etc/ppp/options.pptpd


Configure Client Access

Edit /etc/ppp/chap-secrets. You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
mccarrms        *       mccarrms-password       *

Start the Server

Start the pptpd service

  • service pptpd start

Configure the Client

Open up Network and Sharing Center, choose Set up a new connection or network, and select Connect to a workplace.


Choose Use my Internet connection (VPN) and enter in the Internet address of the PPTP server. Select Don't connect now.


Enter in the user name and password (chap secret), click Create, and click Close.


Return to Network and Sharing Center and click Change adapter settings.


Right click VPN Connection and choose Properties.

Select the Security tab, set the Type of VPN to Point to Point Tunneling Protocol (PPTP), and click OK.


Double click the VPN Connection and choose Connect.


You should now be connected to your PPTP VPN Server. Browse to to verify that your traffic is going through the VPN server