https://support.misdivision.com/index.php?

_m=knowledgebase&_a=viewarticle&kbarticleid=387

Installing and Configuring PPTP VPN on RHEL/CentOS 5

Author:
Support Helpdesk - MISDivision.COM
Created On: 09 Mar 2009 11:10 PM

Installing and Configuring PPTP VPN on RHEL/CentOS 5

  In the following tutorial, I will explain how to set up a PPTP VPN server on RHEL/CentOS 5,
so that you can use it to browse the internet. So, if you have a RHEL/CentOS 5 dedicated server in
US, you will be able to access US only sites.
A set up like this also has other benefits. Since the connection between the server and your
computer will be encrypted, your ISP wont be able to intercept or track your internet usage.
Installation and Configuration
Ok, so lets get started. First make sure that you have ppp installed.
yum install ppp
In my case it was already installed, so I got the message ‘Package ppp - 2.4.4-1.el5.x86_64 is
already installed’.
After you make sure that you have ppp installed, download and install Poptop. You can get the
RHEL/CentOS 5 RPMs from http://poptop.sourceforge.net/yum/stable/rhel5/. I was using 64 bit
version of CentOS 5. So I downloaded and installed the 64 bit (x86_64) version of the RPM.
wget http://poptop.sourceforge.net/yum/stable/rhel5/x86_64/pptpd-1.3.4-1.rhel5.1.x86_64.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm
After installing Poptop, open the file /etc/pptpd.conf.
nano /etc/pptpd.conf
Go to the end of the file where you can see examples of localip and remoteip. Below them add your
own values for localip and remoteip.
localip 10.0.0.1
remoteip 10.0.0.10-100
In the above, 10.0.0.1 will be used for the ppp interface and 10.0.0.10 - 10.0.0.100 will be assigned
to the clients. You can also use different private IPs in ‘localip’ and ‘remoteip’, like
10.20.26.1 and 10.20.26.10-100. The OpenVPN documentation has some good info about
numbering private subnets. Click here to check it out.
Next, open the file /etc/ppp/options.pptpd.
nano /etc/ppp/options.pptpd
Uncomment the ms-dns lines (by removing the ‘#’ in front of them) and change them to the
dns servers provided by your ISP or to public DNS servers like ones provided by OpenDNS.
ms-dns 208.67.222.222
ms-dns 208.67.220.220
Thats all you need to change in the options.pptpd file. Next you will need to edit the file
/etc/ppp/chap-secrets to add usernames and passwords for your clients. You need to enter the
usernames and passwords in the following format.
# Secrets for authentication using CHAP
# client server secret IP addresses

Page 1/2
Powered By Kayako eSupport
 https://support.misdivision.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=387

username pptpd password *

username2 pptpd password2 *
You can also put a * in place of ‘pptpd’ just like there is a * below ‘IP addresses’. Also
instead of a * below ‘IP addresses’ you can put the IP address from which the client will be
connecting.

IP Forwarding and Firewall Rules

Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set
‘net.ipv4.ip_forward’ to 1.
net.ipv4.ip_forward = 1
To make the changes to sysctl.conf take effect, use the following command.
sysctl -p
Or you can also use the following command to enable IP forwarding temporarily.
echo 1 > /proc/sys/net/ipv4/ip_forward
Next, configure iptables to do NAT.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Next, we need to allow TCP port 1723 and the GRE protocol through iptables.
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
The following iptables rules are necessary if you want to be able to route all your internet traffic
through the VPN server.
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
Now start the PPTP server if you haven’t already.
service pptpd start
If you followed the above steps correctly, the PPTP server should now be ready for use.
Troubleshooting
In case you are unable to connect to the VPN, check out the following Microsoft knowledge base
article. It has some good troubleshooting tips.
http://support.microsoft.com/kb/314076/en-us
If you are unable to browse certain sites through the VPN, you may need to change the MTU of the
ppp interface. To do this open the /etc/ppp/ip-up file and just before the last line, add the following
line.
/sbin/ifconfig $1 mtu 1400
Save the file after that and then restart the PPTP server.
service pptpd restart
In my case the ppp interface was being assigned 1396 as the MTU. Due to which I was unable to
browse some sites. After changing MTU to 1400, the problem went away.

source: http://www.anindya.com/installing-configuring-pptp-vpn-rhel-centos/

Page 2/2
Powered By Kayako eSupport