Friday, January 25, 2013

Install VPN PPTP Server on CentOS 6

1. Install ppp via yum:
$ yum install ppp -y

2. Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this website http://poptop.sourceforge.net/yum/stable/packages/ :
$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
$ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

3. Once installed, open /etc/pptpd.conf using text editor and add following line:
localip 192.168.5.1
remoteip 192.168.5.100-200
 Chú ý:  192.168.5.1 không phải là IP của server

4. Open /etc/ppp/options.pptpd and add  authenticate method, encryption and DNS resolver value:
 
ms-dns 8.8.8.8
ms-dns 4.2.2.1 

5. Lets create user to access the VPN server. Open /etc/ppp/chap-secrets and add the user as below:
vpnuser pptpd password *

The format is: [username] [space] [server] [space] [password] [space][IP addresses]

6. We need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via text editor and change line below:
net.ipv4.ip_forward = 1

7. Run following command to take effect on the changes:
$ sysctl -p

8. Allow IP masquerading in IPtables by executing following line:
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ service iptables save
$ service iptables restart
$ chkconfig iptables on 

Update: Once you have done with step 8, check the rules at /etc/sysconfig/iptables. Make sure that the POSTROUTING rules is above any REJECT rules.

9. Turn on the pptpd service at startup
$ chkconfig pptpd on

$ service pptpd start

Once the server is online after reboot, you should now able to access the PPTP server from the VPN client. You can monitor /var/log/messages for ppp and pptpd related log. Cheers!

No comments: