Welcome to AUXNET IRC Network




Idle on AUXnet a lot? Why not play our idlerpg game, you can check it out at #idleRPG - for more information visit the website http://idlerpg.auxnet.org

Setup a PPTP VPN server on Centos 6

Attention: open in a new window. PDFPrintE-mail


Although PPTP is now a deprecated protocol because all the vulnerabilities, it is an easy way to route our packets through a different network, so leaving security aside this is what I did to setup my PPTPD daemon on a remote server, and use the server location to do some scraping work.

All commands are runnings as root.

Step 1: Install pptpd

[root@X log ]$ rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
[root@X log ]$ yum install -y pptpd

Step 2: Setup pptdp

Now we need to setup the server according to our needs, most of the config options are on /etc/pptpd.conf and /etc/ppp/options.pptpd

I’ve added the following settings to /etc/pptpd.conf

 

localip 10.0.0.1
remoteip 10.0.0.100-200

And the following settings to /etc/ppp/options.pptpd

ms-dns 8.8.8.8
ms-dns 4.4.4.4

Step 3: Add some users

Add user accounts in/etc/ppp/chap-secrets (assign username and password)

To allow our users to connect, we need to add them first, the file to do that is

# client    server  secret     IP addresses
sdx        *       123456     *

Step 4: Routing

Now we need to enable ip_forward, and add some iptables routes, so we can use the server as relay from our vpn clients.

we first change the port forward directive in the kernel net.ipv4.ip_forward from 0 to 1 if we haven’t, on centos this is located on the file /etc/sysctl.conf then we can use sysctl to apply the changes.


[[email protected] log ]$ vi /etc/sysctl.conf
[[email protected] log ]$ sysctl -p

now we add a NAT and a FORWARD rules to iptables, so we can route the packages from our clients properly


[[email protected] log ]$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[[email protected] log ]$ iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
[[email protected] log ]$ iptables-save

finally we open the port 1723 on our firewall and start the service

[root@x log ]$ service pptpd start

We create a new connection on our client to test, and check the logs.


Nov 4 12:04:05 10-224-43-15 pptpd[19087]: MGR: Manager process started
Nov 4 12:04:05 10-224-43-15 pptpd[19087]: MGR: Maximum of 15 connections available
Nov 4 12:08:09 10-224-43-15 pptpd[19109]: CTRL: Client 201.1.1.7 control connection started
Nov 4 12:08:10 10-224-43-15 pptpd[19109]: CTRL: Starting call (launching pppd, opening GRE)
Nov 4 12:08:10 10-224-43-15 pppd[19110]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 4 12:08:10 10-224-43-15 kernel: PPP generic driver version 2.4.2
Nov 4 12:08:10 10-224-43-15 pppd[19110]: pppd 2.4.5 started by ivan, uid 0
Nov 4 12:08:10 10-224-43-15 pppd[19110]: Using interface ppp0
Nov 4 12:08:10 10-224-43-15 pppd[19110]: Connect: ppp0 /dev/pts/1
Nov 4 12:08:12 10-224-43-15 pppd[19110]: peer from calling number 201.1.1.7 authorized
Nov 4 12:08:12 10-224-43-15 kernel: PPP MPPE Compression module registered
Nov 4 12:08:12 10-224-43-15 pppd[19110]: MPPE 128-bit stateless compression enabled
Nov 4 12:08:15 10-224-43-15 pppd[19110]: found interface eth0 for proxy arp
Nov 4 12:08:15 10-224-43-15 pppd[19110]: local IP address 10.224.43.15
Nov 4 12:08:15 10-224-43-15 pppd[19110]: remote IP address 10.224.43.210
Nov 4 12:15:46 10-224-43-15 pppd[19110]: LCP terminated by peer ({M-^K[[^@ Nov 4 12:15:46 10-224-43-15 pppd[19110]: Connect time 7.6 minutes.
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Sent 25687094 bytes, received 1325876 bytes.
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Modem hangup
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Connection terminated.
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Exit.