Install VPN PPTP Server on CentOS 6
Written by BiRU Sunday, 11 September 2016 09:41
At this moment, my designer encounter problem to access target.com, an online shopping website to see some of the stuff for their design work. Target.com only allowed connections from USA and Canada at this moment due to their website crash issue last couple of weeks. Since this is quite urgent, I need to setup a VPN server so they can use it as a jump point to access websites in USA and Canada. I will use my MySQL server to serve as VPN server as well.
In this tutorial, I will use pptp as protocol to connect to VPN server using a username and password, with 128 bit MPPE encryption. Variable as below:
OS: CentOS 6 64bit
VPN server: 209.85.227.26
VPN client IP: 209.85.227.27 – 209.85.227.30
VPN username: vpnuser
Password: myVPN$99
1. Install ppp via yum:
$ yum install ppp -y |
2. Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this website http://poptop.sourceforge.net/yum/stable/packages/ :
$ cd /usr/local/src $ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm $ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm |
3. Once installed, open /etc/pptpd.conf using text editor and add following line:
localip 209.85.227.26 remoteip 209.85.227.27-30 |
4. Open /etc/ppp/options.pptpd and add authenticate method, encryption and DNS resolver value:
require-mschap-v2 require-mppe-128 ms-dns 8.8.8.8 |
5. Lets create user to access the VPN server. Open /etc/ppp/chap-secrets and add the user as below:
vpnuser pptpd myVPN$99 * |
The format is: [username] [space] [server] [space] [password] [space][IP addresses]
6. We need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via text editor and change line below:
net.ipv4.ip_forward = 1
|
7. Run following command to take effect on the changes:
$ sysctl -p |
8. Allow IP masquerading in IPtables by executing following line:
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE $ service iptables save $ service iptables restart |
Update: Once you have done with step 8, check the rules at /etc/sysconfig/iptables. Make sure that the POSTROUTING rules is above any REJECT rules.
9. Turn on the pptpd service at startup and reboot the server:
$ chkconfig pptpd on
$ init 6
