How to install a PPTP Server

A couple of days ago I had to install a Point-to-Point Tunneling Protocol (PPTP) Server on a Centos 5.6 distribution (was a favor for a friend). In this case it is used to create a simple Virtual Private Network (VPN) to tunnel all the traffic through the server’s internet connection.

1. Make sure that you have a kernel greater than 2.6.15 and that you have ppp-compress module installed.  Otherwise you will have to install a MPPE module.

[[email protected] ~]# uname -r
2.6.18-238.12.1.el5
[[email protected] ~]# modprobe ppp-compress-18
[[email protected] ~]#

2. Install ppp package:

yum -y install ppp

3. Download the PPTP daemon package and install it:

wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm

4.  Make sure that you add the following lines to /etc/ppp/options.pptpd if these do not exist already (if you follow the exact steps in this tutorial, these should be already there):

[[email protected] ~]# cat /etc/ppp/options.pptpd |grep -v ^$ |grep -v ^#
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
[[email protected] ~]#

5. Now, you must take care of the /etc/pptpd.conf file. Here you define the IP address class used by the tunnel (this has nothing to do with your public IP address!)

[[email protected] ~]# cat /etc/pptpd.conf |grep -v ^$ |grep -v ^#
option /etc/ppp/options.pptpd
logwtmp
localip 192.168.86.254
remoteip 192.168.86.1-10
[[email protected] ~]#

6. It is time to add the credentials for the people using the Virtual Private Network in /etc/ppp/chap-secrets under the following format:

# client          server         secret          IP addresses
cristian          pptpd         mypassword            *

7. You must now make sure that you have packet forwarding enabled.

In /etc/sysctl.conf change the 0 to 1

net.ipv4.ip_forward = 0

will become

net.ipv4.ip_forward = 1

Now enable the changes using

sysctl -p

8. We want to tunnel all the traffic to the server’s Internet connection so we add the appropriate iptables firewall rule:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

9. Configure the PPTP Server to run at startup

chkconfig --level 35 pptpd on

10. And finally start it!

service pptpd start

Congratulations! I hope you now have a working PPTP Virtual Private Network.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.