Setting up PPTP VPN server on CentOS Server

Setting up PPTP VPN server on CentOS Server

There are 3 basic types of VPN servers: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol(L2TP) and OpenVPN. (Yeah there are more but let’s deal with the basics here). In this post I will use PPTP as it’s supported by almost all devices and OSes natively: Windows, Linux, Android, iOS and Mac OS.

Furthermore, you will see that this guide is made for OpenVZ (Virtuozzo) VPSes. Why is this? By their majority openvz (pseudo-virtualization) vps is the cheapest vps that you will find in the market. Why spend $9.99 or even more for a commercial VPN when you can make your own vpn server with $1, $2 or $3 vps. You don’t need ram, cpu or disk space. Any decent vps with 256 RAM is enough for this job. Of course that doesn’t mean you can’t use it on any other server or cloud vps. Just change venet with the right interface on the iptables step below. Typically eth0. So let’s start Setting up PPTP VPN server on CentOS Server.

 

1. Install PPTPD

If your OS is CentOS/RedHat 5:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm
rpm -iv pptpd-1.4.0-1.rhel5.x86_64.rpm

If your OS is CentOS/RedHat 6:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -iv pptpd-1.4.0-1.el6.x86_64.rpm

For 32bit versions replace with correct packages URLs (change x86_64 with i386 for EL5, i686 for EL6). 

 

2. Edit IP setttings in /etc/pptpd.conf

nano /etc/pptpd.conf

localip 10.0.0.254
remoteip 10.0.0.101-200

3. Add user accounts in/etc/ppp/chap-secrets (assign username and password)

nano /etc/ppp/chap-secrets

username1 *  password1 *
username2 *  password2 *

4. DNS settings in /etc/ppp/options.pptpd

nano /etc/ppp/options.pptpd

#ms-dns <VPS IP> #uncomment and set to your VPS IP if your local DNS server is configured to allow forwarding from ppp interface
ms-dns 8.8.8.8
ms-dns 8.8.4.4

5. Enable network forwarding in /etc/sysctl.conf

nano /etc/sysctl.conf

net.ipv4.ip_forward = 1

Use the following command to apply the change:
sysctl -p

6. Configure firewall and forwarding

iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i venet0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source [VPS's IP]
iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
iptables -A FORWARD -i venet0 -o ppp0 -j ACCEPT
service iptables save
service iptables restart

Fill in the correct VPN IP address in the commands above.

* If you have iptables service off (chkconfig iptables off) and stopped, you can save those rules in /etc/rc.local. They can start from there in every reboot.

 

If you’re using a Linux firewall/router in front of the VPS hosting the VPN server, make sure you forward GRE protocol traffic to it: (NO NEED for this in any commercial VPS just homemade if you have issues with your linux router or dd-wrt)

VPS=<VPN-Server-IP>
PIP=<Public-IP>
iptables -t nat -I PREROUTING -d $PIP -p 47 -j DNAT --to $VPS
iptables -I FORWARD -d $VPS -p 47 -j ACCEPT

If using a DD-WRT router with a dynamic public IP, the first rule can be replaced with
iptables -t nat -I PREROUTING -d `nvram get wan_ipaddr` -p 47 -j DNAT --to $VPS

 

 

7. Start PPTP VPN server

Use the following command:
service pptpd restart
To set PPTP Daemon to automatically start on boot, run:
chkconfig pptpd on

You are ready now. Create a VPN connection from your workstation using your CentOS server IP and test it. A quick and dirty way to test it is to browse to whatismyip.com and check the IP your are browsing from.

References: (1), (2)

Leave a Reply