Installing Poptop (pptpd) VPN Server on CentOS 6

For roaming mobile clients PPTP (Point-to-Point Tunneling Protocol) is still the quickest way to get VPN connections to tunnel traffic over a secure link.

Installation

I always prefer installation via a yum repository as this will ensure patches are applied during regular system updates

sudo rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
sudo rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
sudo yum install ppp pptpd -y

Configuration

Note: replace $USERNAME and $PASSWORD with actual values

IP configuration
echo "localip 192.168.0.1" >> /etc/pptpd.conf
echo "remoteip 192.168.0.100-199" >> /etc/pptpd.conf

DNS configuration
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 4.2.2.1" >> /etc/ppp/options.pptpd

Authentication configuration
echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets

Firewall config
service iptables start
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables restart
service iptables save
chkconfig iptables on

Start ppptd
chkconfig pptpd on
service pptpd start

11 thoughts on “Installing Poptop (pptpd) VPN Server on CentOS 6

  1. Hi,thanks for tutorial…i did all configuration right and i can connect to vpn but i dont have network access for connecting to internet…what should i do?

  2. On CentOS 6.3 you should also check the iptables FORWARD rules. I has a rule that was dropping forward packets and this was on a clean CentOS install. Once I fixed that rule the Internet connection worked fine when connected to the VPN.

  3. Since MASQUERADE doesn’t work on OpenVZ I used 2 other rules:

    iptables -t nat -A PREROUTING -i “venet0:0” -j DNAT –to-destination 78.129.**.**
    iptables -t nat -A POSTROUTING -o “venet0:0” -j SNAT –to-source 78.129.**.**

    However I can’t connect to the VPN, any suggestions anyone?

  4. Thanks for the post!

    Just wanting some clarification on what ‘localip’ and ‘remoteip’ are.

    For instance, my servers address is 49.156.26.61, so would this be my remote IP?

  5. Pingback: Shorewall install on Centos 6.4 | mikeinminnesota

  6. but the auth-up and auth-down files were disappeared (/etc/ppp/auth-up), ip-up and ip-down script files will not be called too
    why?
    I want to use auth-up file refuse a account login more than one times.

    ..in code file pathnames.h
    #define _PATH_AUTHUP _ROOT_PATH “/etc/ppp/auth-up”
    .. in code file auth.c
    auth_state = s_up;
    if (auth_script_state == s_down && auth_script_pid == 0) {
    auth_script_state = s_up;
    auth_script(_PATH_AUTHUP);//——-why auth-up file could not be called

    Can you help me?

  7. Pingback: Linode CentOS 6 用yum装了pptp,找不到启动文件 | segment-解决方案

Leave a Reply

Your email address will not be published. Required fields are marked *