Вы находитесь на странице: 1из 5

How to Setup VPN using PPTP in CentOS

Written by Aurangzeb Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks (VPN).

Apart from security, a PPTP VPN allows you to use a static ip address of your server for all your internet connection. A great way to get static ip if you are on an ISP that only provides dynamic ip to clients.As Windows XP, Windows VISTA, Windows 7, comes with a built-in PPTP Client, PPTP is the easiest way to use VPN without the requirement for any software installation.

So how to install and configure a PPTP server on your CentOS 5 server.

Prerequisite:

Squid with Transparent proxy.

Install poptop

1st we need to install poptop as below.

rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current. noarch.rpm yum --enablerepo=poptop-stable install pptpd

Configuring poptop

How to Setup VPN using PPTP in CentOS

Written by Aurangzeb Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34

Edit Vi /etc/pptpd.conf and add the lines to bottom:

localip 10.10.1.1 remoteip 10.10.1.2-254 Here localip (10.10.1.1) is the ip which the clients connect to the server. It can be the primary ip address of your server. remoteip (10.10.1.2-254) is the ip address range that will be provided to the client connections. Commenting out remoteip worked fine with me which gives all connected connection the main ip (localip) of the server.

Now edit Vi /etc/ppp/options.pptpd. Find the ms-dns entry, uncomment them and modify the dns ip address with your own dns like this:

ms-dns 192.168.1.1 ms-dns 192.168.3.1

Let s configure the Encryption section, make sure it looks like this:

Vi /etc/ppp/options.pptpd.

refuse-mschap

require-mschap-v2

require-mppe-128

require-mppe

Add PPTP VPN Client

How to Setup VPN using PPTP in CentOS

Written by Aurangzeb Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34

To add PPTP VPN clients you need to edit Vi /etc/ppp/chap-secrets and add an entry for each client in this way:

USER pptpd PASSWORD "*" If you wish to provide a static dedicated ip to the client, put the line in this way:

USER pptpd PASSWORD 10.10.1.2

Run the following command to enable the pptpd to start automatically in runlevel 3 and 5:

chkconfig --level 35 pptpd on

Enabling Packet forwarding

For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and

change the line to:

net.ipv4.ip_forward = 1

To enable it immediately, run the following command:

sysctl -p

How to Setup VPN using PPTP in CentOS

Written by Aurangzeb Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34

Configuring IPtables for PPTP

Now we need to setup iptables:

#!/bin/bash /sbin/iptables -F /sbin/iptables -t nat -F /sbin/iptables -t mangle -F /sbin/iptables -X /sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128 /sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE /sbin/iptables -A FORWARD -i eth2 -j ACCEPT /sbin/iptables -A INPUT -i eth2 -p tcp --dport 1723 -j ACCEPT /sbin/iptables -A INPUT -i eth2 -p gre -j ACCEPT /sbin/iptables -A FORWARD -i ppp+ -o eth2 -j ACCEPT /sbin/iptables -A FORWARD -i eth2 -o ppp+ -j ACCEPT /sbin/iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT /sbin/iptables -A OUTPUT -p gre -j ACCEPT #/sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128 /sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to X.X.X.X echo 1 > /proc/sys/net/ipv4/ip_forward

MTU size

In order to make the live chats (yahoo, msn, google, etc) work as it should we need to modify the default MTU, this is done by adding the following line into /etc/ppp/ip-up:

ifconfig $1 mtu 1400

How to Setup VPN using PPTP in CentOS

Written by Aurangzeb Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34

Add it before exit 0 , don t add it after exit 0 , if you do then this command will be ignored, exit

0

stands for The script ends here .

Starting pptpd service

Finally start the service.

service pptpd start