Welcome to AUXNET IRC Network

Idle on AUXnet a lot? Why not play our idlerpg game, you can check it out at #idleRPG - for more information visit the website http://idlerpg.auxnet.org

Setting up PPTP VPN server on a CentOS OpenVZ VPS

Attention: open in a new window. PDFPrintE-mail

In this tutorial I use PPTP as its supported by almost all devices natively: Windows, Linux, Android, iOS and Mac OS.

1. Install PPTPD

If your OS is CentOS/RedHat 5:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm
rpm -iv pptpd-1.4.0-1.rhel5.x86_64.rpm

If your OS is CentOS/RedHat 6:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -iv pptpd-1.4.0-1.el6.x86_64.rpm

For 32bit editions replace with correct packages URLs.

2. Edit IP setttings in /etc/pptpd.conf

nano /etc/pptpd.conf


3. Add user accounts in/etc/ppp/chap-secrets (assign username and password)

nano /etc/ppp/chap-secrets

username1 *  password1 *
username2 *  password2 *

4. DNS settings in /etc/ppp/options.pptpd

nano /etc/ppp/options.pptpd

#ms-dns #uncomment and set to your VPS IP if your local DNS server is configured to allow forwarding from ppp interface

5. Enable network forwarding in /etc/sysctl.conf

nano /etc/sysctl.conf

net.ipv4.ip_forward = 1

Use the following command to apply the change:
sysctl -p

6. Configure firewall and forwarding

iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i venet0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source [VPS's IP]
iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
iptables -A FORWARD -i venet0 -o ppp0 -j ACCEPT
service iptables save
service iptables restart

Fill in the correct VPN IP address in the commands above.

If you’re using a Linux firewall/router in front of the VPS hosting the VPN server, make sure you forward GRE protocol traffic to it:

iptables -t nat -I PREROUTING -d $PIP -p 47 -j DNAT --to $VPS
iptables -I FORWARD -d $VPS -p 47 -j ACCEPT

If using a DD-WRT router with a dynamic public IP, the first rule can be replaced with
iptables -t nat -I PREROUTING -d `nvram get wan_ipaddr` -p 47 -j DNAT --to $VPS

7. Start PPTP VPN server

Use the following command:
service pptpd restart
To set PPTP Daemon to automatically start on boot, run:
chkconfig pptpd on