The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks (VPN).
Apart from security, a PPTP VPN allows you to use a static ip address of your server for all your internet connection. A great way to get static ip if you are on an ISP that only provides dynamic ip to clients.
As Windows XP, Windows VISTA, Windows 7, iPhone, iPod Touch, iPad everything comes with a built-in PPTP Client, PPTP is the easiest way to use VPN without the requirement for any software installation.
I personally find paying $5-$10 for a VPN account from the VPN Account/Service Provider when you can grab a VPS at $10 or Dedicated Web Server at $49. Specially if you already have a dedicated server running for some purposes.
So here is a quick setup guide to install and configure a PPTP server on your CentOS 5 server. It will take just around 5 minutes.
1st we need to install poptop.
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm
yum --enablerepo=poptop-stable install pptpd
Edit /etc/pptpd.conf and add the lines to bottom:
localip 10.10.1.1
remoteip 10.10.1.2-254
Here localip (10.10.1.1) is the ip which the clients connect to the server. It can be the primary ip address of your server.
remoteip (10.10.1.2-254) is the ip address range that will be provided to the client connections.
Commenting out remoteip worked fine with me which gives all connected connection the main ip (localip) of the server.
Now edit /etc/ppp/options.pptpd.
Find the ms-dns entry, uncomment them and modify the dns ip address with your own dns like this:
ms-dns 192.168.1.1
ms-dns 192.168.3.1
Remember to replace 192.168.1.1 and 3.1 with your own dns servers, this will be allocated to the connecting clients.
Let’s configure the Encryption section, make sure it looks like this:
refuse-mschap
require-mschap-v2
require-mppe-128
require-mppe
To add PPTP VPN clients you need to edit /etc/ppp/chap-secrets and add an entry for each client in this way:
USER pptpd PASSWORD "*"
If you wish to provide a static dedicated ip to the client, put the line in this way:
USER pptpd PASSWORD 10.10.1.2
Run the following command to enable the pptpd to start automatically in runlevel 3 and 5:
chkconfig --level 35 pptpd on
For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and change the line to:
net.ipv4.ip_forward = 1
To enable it immediately, run the following command:
sysctl -p
Now we need to setup iptables:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
In order to make the live chats (yahoo, msn, google, etc) work as it should we need to modify the default MTU, this is done by adding the following line into /etc/ppp/ip-up:
ifconfig $1 mtu 1400
Add it before “exit 0″, don’t add it after “exit 0″, if you do then this command will be ignored, exit 0 stands for “The script ends hereâ€.
Finally start the service.
service pptpd start
Enjoy VPN on your own server :)
Tags: CentOS, Linux, PPTP, Unix, VPN
Categories: Tech, Tips and Tricks, Tutorials
