Installing Poptop (pptpd) VPN Server on CentOS 6

For roaming mobile clients PPTP (Point-to-Point Tunneling Protocol) is still the quickest way to get VPN connections to tunnel traffic over a secure link.

Installation

I always prefer installation via a yum repository as this will ensure patches are applied during regular system updates

sudo rpm --import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP
sudo rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
sudo yum install ppp pptpd -y

Configuration

Note: replace $USERNAME and $PASSWORD with actual values

IP configuration
echo "localip 192.168.0.1" >> /etc/pptpd.conf
echo "remoteip 192.168.0.100-199" >> /etc/pptpd.conf

DNS configuration
echo "ms-dns 8.8.8.8" >> /etc/ppp/options.pptpd
echo "ms-dns 4.2.2.1" >> /etc/ppp/options.pptpd

Authentication configuration
echo "$USERNAME pptpd $PASSWORD *" >> /etc/ppp/chap-secrets

Firewall config
service iptables start
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sysctl -p
echo "iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE" >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables restart
service iptables save
chkconfig iptables on

Start ppptd
chkconfig pptpd on
service pptpd start

Tags: , ,

Leo Gaggl

ict business owner specialising in mobile learning systems. interests: sustainability, internet of things, ict for development, open innovation, agriculture

This Post Has 11 Comments

  1. Eric July 30, 2012

    This is the best tutorial I’ve seen thus far. Thanks a bunch, sir.

  2. Travis August 17, 2012

    Extremely useful. Thanks.

  3. نیما October 1, 2012

    Hi,thanks for tutorial…i did all configuration right and i can connect to vpn but i dont have network access for connecting to internet…what should i do?

  4. Luke October 21, 2012

    On CentOS 6.3 you should also check the iptables FORWARD rules. I has a rule that was dropping forward packets and this was on a clean CentOS install. Once I fixed that rule the Internet connection worked fine when connected to the VPN.

  5. leogaggl October 22, 2012

    @luke thanks for the update. appreciated!

  6. Matthew December 18, 2012

    Since MASQUERADE doesn’t work on OpenVZ I used 2 other rules:

    iptables -t nat -A PREROUTING -i “venet0:0” -j DNAT –to-destination 78.129.**.**
    iptables -t nat -A POSTROUTING -o “venet0:0” -j SNAT –to-source 78.129.**.**

    However I can’t connect to the VPN, any suggestions anyone?

  7. Drew March 25, 2013

    Thanks for the post!

    Just wanting some clarification on what ‘localip’ and ‘remoteip’ are.

    For instance, my servers address is 49.156.26.61, so would this be my remote IP?

  8. Leo Gaggl May 18, 2013

    Yes – RemoteIP is the external facing public IP.

  10. fyc July 23, 2014

    but the auth-up and auth-down files were disappeared (/etc/ppp/auth-up), ip-up and ip-down script files will not be called too
    why?
    I want to use auth-up file refuse a account login more than one times.

    ..in code file pathnames.h
    #define _PATH_AUTHUP _ROOT_PATH “/etc/ppp/auth-up”
    .. in code file auth.c
    auth_state = s_up;
    if (auth_script_state == s_down && auth_script_pid == 0) {
    auth_script_state = s_up;
    auth_script(_PATH_AUTHUP);//——-why auth-up file could not be called

    Can you help me?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.