Install PPTP on CentOS 5

From CSLabsWiki
Jump to: navigation, search


This page summarizes how to perform a basic installation of a PPTP VPN on CentOS 5. This tutorial assumes you have root/sudo access and have SELinux set to permissive or disabled.

This tutorial is geared more towards home users who have a spare system to run PPTP on. In this tutorial, Windows 7 is used for the client connecting to the VPN.

If you notice a problem with this How-To or would like to provide feedback, please email Matt.

Contents

Prerequisets

  • Install CentOS 5
  • Forward GRE protocol and TCP port 1723 through your firewall

Install the Server

Add the Poptop Yum Repository

rpm -Uhv http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Configure iptables

Create iptables_set.sh, chmod +x iptables_set.sh, and run the script.

  • Note: The following will work but you may wish to change the source address from 10.10.9.0/24 to the network range of your choosing based on your network.
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v

Configure Kernel

Edit /etc/sysctl.conf

net.ipv4.ip_forward = 1

Make the changes active

  • sysctl -p

Install PPTP Server

Install ppp and pptpd

  • yum install ppp pptpd

Configure the service to start on boot

  • chkconfig --levels 345 pptpd on

Configure Client Network Options

Modify /etc/pptpd.conf

localip 10.10.11.1
remoteip 10.10.11.5-100

Modify /etc/ppp/options.pptpd

ms-dns 208.67.222.222
ms-dns 208.67.220.220

Configure Client Access

Edit /etc/ppp/chap-secrets. You will need to customize the client name, secret (password), and you can either allow all IP address or limit as necessary.

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
mccarrms        *       mccarrms-password       *

Start the Server

Start the pptpd service

  • service pptpd start

Configure the Client

Open up Network and Sharing Center, choose Set up a new connection or network, and select Connect to a workplace.

Pptp1.jpg

Choose Use my Internet connection (VPN) and enter in the Internet address of the PPTP server. Select Don't connect now.

Pptp2.jpg

Enter in the user name and password (chap secret), click Create, and click Close.

Pptp3.jpg

Return to Network and Sharing Center and click Change adapter settings.

Pptp4.jpg

Right click VPN Connection and choose Properties.

Select the Security tab, set the Type of VPN to Point to Point Tunneling Protocol (PPTP), and click OK.

Pptp5.jpg

Double click the VPN Connection and choose Connect.

Pptp6.jpg

You should now be connected to your PPTP VPN Server. Browse to http://www.whatismyip.com to verify that your traffic is going through the VPN server

Personal tools