How to setup VPN server (PPTP on CentOS, RedHat and Ubuntu)? Print

  • 744

This howto describes the steps in how to setup a PPTP VPN on Centos, Fedora, Debian, and Ubuntu with basic RSA authentication. 

Before the installation make sure to have your Yum repos updated with the Epel repos.

CentOS and Red Hat Enterprise Linux 5.x

CentOS and Red Hat Enterprise Linux 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm && sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x

Step 1. Install PPTPD

CentOS/RedHat 5:

           yum install pptpd.x86_64 -y

CentOS/RedHat 6:

yum install pptpd.x86_64 -y

Fedora 20:
    
          
yum install pptpd.x86_64 -y

Ubuntu/Debian
:

apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

echo > /etc/pptpd.conf

paste the following content into the pptpd.conf file 

#start of custom file
#logwtmp
option /etc/ppp/options.pptpd
localip 192.168.0.1   # local vpn IP 
remoteip 192.168.0.100-200  # ip range for connections
listen 23.216.x.x # eth0 my example public IP and network interface
#end of custom file

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets

usernameForuser1 *  setpassword1here  *

usernameForuser2 *  setpassword2here  *

Step 4. Optional settings in /etc/ppp/options.pptpd

echo > /etc/ppp/options.pptpd

Paste the following to your options.pptp

#custom settings for a simple fast pptp server
ms-dns 8.8.8.8
ms-dns 4.2.2.2
lock
name pptpd
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
 require-mppe-128

 

Step 5. Enable network forwarding in /etc/sysctl.conf

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

use the following command to apply the change:

sysctl -p

Step 6. Configure firewall

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart


Step6-Ubuntu/Debian: Firewall 

apt-get install iptables-persistent
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && /etc/init.d/iptables-persistent save
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT && iptables -A INPUT -i eth0 -p gre -j ACCEPT && iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



If you are using CSF firewall, you may refer to this post on firewall settings.

Step 7. Start PPTP VPN server

Fedora/Debian:

service pptpd restart
    

Centos/Fedora:
/etc/init.d/pptpd restart-kill && /etc/init.d/pptpd start



Note: To avoid starting pptp on every reboot you can automated by running chkconfig pptp on



Now you can test the VPN server from any client: Windows PCs, Linux PCs, Android phones/tablets, or iPhone and iPad.

The log of the VPN server, by default, is combined with system log located at /var/log/messages.


Was this answer helpful?

« Back
  • US/Canada: 800-933-1517
  • International: 626-549-2801