The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Since it is marked as non secure and vulnerable, I don’t recommend it as a “final” VPN solution. The main reason for its popularity is probably the native MS Windows support (since win 95). Also, it can be easily implemented with Mikrotik RouterOS (like I said, use it for internal VPNs only).
To set up your CentOS box as a PPTP clients you’ll need the pptp package.
yum -y pptp |
Open /etc/ppp/chap-secrets and add the next line (at the end). Also, replace the userName and password with the correct details:
userName PPTP password * |
Create profile file
nano /etc/ppp/peers/myVPN |
and paste the next content (replace IP_OR_HOSTNAME with PPTP server IP or hostname)
pty "pptp IP_OR_HOSTNAME --nolaunchpppd" name userName remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam myVPN |
save the file and test the connection with
pppd call myVPN |
ifconfig should return something like
....
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.16.18.252 P-t-P:10.16.18.251 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2192 (2.1 KiB) TX bytes:631 (631.0 b)
...
|
also in /var/log/messages you should see something like
Jul 20 10:58:50 mysrv pppd[9352]: pppd 2.4.5 started by root, uid 0 Jul 20 10:58:50 mysrv pppd[9352]: Using interface ppp0 Jul 20 10:58:50 mysrv pppd[9352]: Connect: ppp0 <--> /dev/pts/1 Jul 20 10:58:50 mysrv pptp[9353]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request' Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established. Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request' Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply. Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 716). Jul 20 10:58:51 mysrv pppd[9352]: CHAP authentication succeeded Jul 20 10:58:51 mysrv pppd[9352]: MPPE 128-bit stateless compression enabled Jul 20 10:58:51 mysrv pppd[9352]: local IP address 10.16.18.252 Jul 20 10:58:51 mysrv pppd[9352]: remote IP address 10.16.18.251 Jul 20 10:59:51 mysrv pptp[9361]: anon log[logecho:pptp_ctrl.c:677]: Echo Reply received. |
If you check your routes, you’ll probably notice that ppp0 connection is not used by any route(s). This is default behavior and you can easily switch/add default route with:
route add default dev ppp0 |
In my case, I don’t want to route the complete traffic (this VPN is just for management) so I’ll add only one static route
route add -net 192.168.120.0/24 dev ppp0 |
To start this connection on boot, add “pppd call myVPN” in rc.local.
