How to establish PPTP VPN client connection on CENTOS/RHEL 7 Linux

Written by BiRU Thursday, 28 December 2017 19:43

Attention: open in a new window. PDFPrintE-mail

This guide will discuss a procedure on how to connect/establish a VPN connection using PPTP protocol on CentOS 7 or Redhat 7 Linux the non-GUI way. Below you can find connection details which will be used as an example. Replace the bellow PPTP VPN information to align with your PPTP VPN server settings:

  • Connection name: linuxconfig ( can be any descriptive name )
  • VPN connetion type: PPTP
  • PPTP VPN server IP or domain: 123.123.1.1
  • CHAP Username: admin
  • CHAP User password: 00000000

Configuration

Let's begin by installation of PPTP client:

# yum install pptp

In the next step we will load a connection tracking support for PPTP module which is required in order to correctly establish PPTP VPN connection:

# modprobe nf_conntrack_pptp

Now, we need to add CHAP credentials as provided above into /etc/ppp/chap-secrets file:

# echo 'admin PPTP 00000000 *' >> /etc/ppp/chap-secrets

At this stage, using the above VPN connection information we need to create peer VPN config file and save it into /etc/ppp/peers/ directory. Enter the below code into a file called linuxconfig while replacing VPN server IP, name and ipparam directives:

pty "pptp 123.123.1.1 --nolaunchpppd"
name admin
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam linuxconfig

Connect to VPN PPTP

All is now ready to establish PPTP VPN connection:

# pppd call linuxconfig

Check /var/log/messages for any errors or warnings. If the PPTP VPN connection was established correctly your should see output similar to the one below:

Jan  7 17:55:44 localhost pppd[18960]: CHAP authentication succeeded
Jan  7 17:55:44 localhost pptp[18961]: anon log[decaps_gre:pptp_gre.c:427]: buffering packet 7 (expecting 6, lost or reordered)
Jan  7 17:55:44 localhost pppd[18960]: MPPE 128-bit stateless compression enabled
Jan  7 17:55:46 localhost pppd[18960]: local  IP address 192.168.100.2
Jan  7 17:55:46 localhost pppd[18960]: remote IP address 192.168.100.0

Once the VPN connection is established correctly a new network interface will be create. Use ip to see its configuration:

# ip a s
...
3: ppp0:  mtu 1396 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp 
    inet 192.168.100.2 peer 192.168.100.0/32 scope global ppp0
       valid_lft forever preferred_lft forever

Disconnect from VPN PPTP

To disconnect VPN PPTP connection simply gracefully kill pppd daemon by using the below command:

# pkill pppd

Following the logs we can see that pppd module exited gracefully:

Jan  7 18:00:21 localhost systemd: Started Network Manager Script Dispatcher Service.
Jan  7 18:00:21 localhost nm-dispatcher: Dispatching action 'down' for ppp0
Jan  7 18:00:21 localhost pppd[18960]: Exit

Troubleshooting

If you receive a below error message when following a /var/log/messages log:

pppd[32087]: LCP: timeout sending Config-Requests

You are missing a loadable module nf_conntrack_pptp. Load this module using a following command:

# modprobe nf_conntrack_pptp