A couple of days ago I had to install a Point-to-Point Tunneling Protocol (PPTP) Server on a Centos 5.6 distribution (was a favor for a friend). In this case it is used to create a simple Virtual Private Network (VPN) to tunnel all the traffic through the server’s internet connection.
1. Make sure that you have a kernel greater than 2.6.15 and that you have ppp-compress module installed. Otherwise you will have to install a MPPE module.
[[email protected] ~]# uname -r 2.6.18-238.12.1.el5 [[email protected] ~]# modprobe ppp-compress-18 [[email protected] ~]#
2. Install ppp package:
yum -y install ppp
3. Download the PPTP daemon package and install it:
rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm
4. Make sure that you add the following lines to /etc/ppp/options.pptpd if these do not exist already (if you follow the exact steps in this tutorial, these should be already there):
[[email protected] ~]# cat /etc/ppp/options.pptpd |grep -v ^$ |grep -v ^# name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd [[email protected] ~]#
5. Now, you must take care of the /etc/pptpd.conf file. Here you define the IP address class used by the tunnel (this has nothing to do with your public IP address!)
[[email protected] ~]# cat /etc/pptpd.conf |grep -v ^$ |grep -v ^# option /etc/ppp/options.pptpd logwtmp localip 192.168.86.254 remoteip 192.168.86.1-10 [[email protected] ~]#
6. It is time to add the credentials for the people using the Virtual Private Network in /etc/ppp/chap-secrets under the following format:
# client server secret IP addresses cristian pptpd mypassword *
7. You must now make sure that you have packet forwarding enabled.
In /etc/sysctl.conf change the 0 to 1
net.ipv4.ip_forward = 0
net.ipv4.ip_forward = 1
Now enable the changes using
8. We want to tunnel all the traffic to the server’s Internet connection so we add the appropriate iptables firewall rule:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
9. Configure the PPTP Server to run at startup
chkconfig --level 35 pptpd on
10. And finally start it!
service pptpd start
Congratulations! I hope you now have a working PPTP Virtual Private Network.