Setup a PPTP VPN server on Centos 6
Last Updated on Monday, 20 July 2015 07:28 Written by BiRU Monday, 08 June 2015 12:03
Although PPTP is now a deprecated protocol because all the vulnerabilities, it is an easy way to route our packets through a different network, so leaving security aside this is what I did to setup my PPTPD daemon on a remote server, and use the server location to do some scraping work.
All commands are runnings as root.
Step 1: Install pptpd
[root@X log ]$ rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm [root@X log ]$ yum install -y pptpd |
Step 2: Setup pptdp
Now we need to setup the server according to our needs, most of the config options are on /etc/pptpd.conf
and /etc/ppp/options.pptpd
I’ve added the following settings to /etc/pptpd.conf
localip 10.0.0.1 remoteip 10.0.0.100-200
And the following settings to /etc/ppp/options.pptpd
ms-dns 8.8.8.8 ms-dns 4.4.4.4
Step 3: Add some users
Add user accounts in/etc/ppp/chap-secrets (assign username and password)
To allow our users to connect, we need to add them first, the file to do that is
# client server secret IP addresses sdx * 123456 *
Step 4: Routing
Now we need to enable ip_forward, and add some iptables routes, so we can use the server as relay from our vpn clients.
we first change the port forward directive in the kernel net.ipv4.ip_forward
from 0 to 1 if we haven’t, on centos this is located on the file /etc/sysctl.conf
then we can use sysctl to apply the changes.
[root@X log ]$ vi /etc/sysctl.conf
[root@X log ]$ sysctl -p
now we add a NAT and a FORWARD rules to iptables, so we can route the packages from our clients properly
[root@X log ]$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@X log ]$ iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
[root@X log ]$ iptables-save
finally we open the port 1723 on our firewall and start the service
[root@x log ]$ service pptpd start |
We create a new connection on our client to test, and check the logs.
Nov 4 12:04:05 10-224-43-15 pptpd[19087]: MGR: Manager process started
Nov 4 12:04:05 10-224-43-15 pptpd[19087]: MGR: Maximum of 15 connections available
Nov 4 12:08:09 10-224-43-15 pptpd[19109]: CTRL: Client 201.1.1.7 control connection started
Nov 4 12:08:10 10-224-43-15 pptpd[19109]: CTRL: Starting call (launching pppd, opening GRE)
Nov 4 12:08:10 10-224-43-15 pppd[19110]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 4 12:08:10 10-224-43-15 kernel: PPP generic driver version 2.4.2
Nov 4 12:08:10 10-224-43-15 pppd[19110]: pppd 2.4.5 started by ivan, uid 0
Nov 4 12:08:10 10-224-43-15 pppd[19110]: Using interface ppp0
Nov 4 12:08:10 10-224-43-15 pppd[19110]: Connect: ppp0 /dev/pts/1
Nov 4 12:08:12 10-224-43-15 pppd[19110]: peer from calling number 201.1.1.7 authorized
Nov 4 12:08:12 10-224-43-15 kernel: PPP MPPE Compression module registered
Nov 4 12:08:12 10-224-43-15 pppd[19110]: MPPE 128-bit stateless compression enabled
Nov 4 12:08:15 10-224-43-15 pppd[19110]: found interface eth0 for proxy arp
Nov 4 12:08:15 10-224-43-15 pppd[19110]: local IP address 10.224.43.15
Nov 4 12:08:15 10-224-43-15 pppd[19110]: remote IP address 10.224.43.210
Nov 4 12:15:46 10-224-43-15 pppd[19110]: LCP terminated by peer ({M-^K[[^@ Nov 4 12:15:46 10-224-43-15 pppd[19110]: Connect time 7.6 minutes.
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Sent 25687094 bytes, received 1325876 bytes.
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Modem hangup
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Connection terminated.
Nov 4 12:15:46 10-224-43-15 pppd[19110]: Exit.