How to setup VPN server (PPTP on CentOS, RedHat and Ubuntu)?

This howto describes the steps in how to setup a PPTP VPN on Centos, Fedora, Debian, and Ubuntu with basic RSA authentication. 

Before the installation make sure to have your Yum repos updated with the Epel repos.

CentOS and Red Hat Enterprise Linux 5.x

CentOS and Red Hat Enterprise Linux 6.x

wget && sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x

Step 1. Install PPTPD

CentOS/RedHat 5:

           yum install pptpd.x86_64 -y

CentOS/RedHat 6:

yum install pptpd.x86_64 -y

Fedora 20:
yum install pptpd.x86_64 -y


apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

echo > /etc/pptpd.conf

paste the following content into the pptpd.conf file 

#start of custom file
option /etc/ppp/options.pptpd
localip   # local vpn IP 
remoteip  # ip range for connections
listen 23.216.x.x # eth0 my example public IP and network interface
#end of custom file

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets

usernameForuser1 *  setpassword1here  *

usernameForuser2 *  setpassword2here  *

Step 4. Optional settings in /etc/ppp/options.pptpd

echo > /etc/ppp/options.pptpd

Paste the following to your options.pptp

#custom settings for a simple fast pptp server
name pptpd
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)


Step 5. Enable network forwarding in /etc/sysctl.conf

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

use the following command to apply the change:

sysctl -p

Step 6. Configure firewall

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart

Step6-Ubuntu/Debian: Firewall 

apt-get install iptables-persistent
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && /etc/init.d/iptables-persistent save
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT && iptables -A INPUT -i eth0 -p gre -j ACCEPT && iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

If you are using CSF firewall, you may refer to this post on firewall settings.

Step 7. Start PPTP VPN server


service pptpd restart

/etc/init.d/pptpd restart-kill && /etc/init.d/pptpd start

Note: To avoid starting pptp on every reboot you can automated by running chkconfig pptp on

Now you can test the VPN server from any client: Windows PCs, Linux PCs, Android phones/tablets, or iPhone and iPad.

The log of the VPN server, by default, is combined with system log located at /var/log/messages.

Was this answer helpful?

 Print this Article

Also Read

How to limit SSH User Logins?

This will limit remote access to those users who really need it. Open the...

How to Install Linux Malware Detect?

Linux Malware Detect (LMD) is an excellent tool for detecting malware on linux operating system....

How to prevent abuse on Open DNS resolver?

To prevent Open DNS resolver abuse, please run the following command as root on your server....

How to install OpenVPN on Linux?

apt-get install openvpn openssl udev wget...

How to change root password on Linux VPS?

If you don't remember the password, please use the following steps for changing the root password...