Install & Setup PPTP VPN server on CentOS

There are mainly 3 types of VPN servers: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP) and OpenVPN.

In this tutorial I use PPTP as its supported by almost all devices natively: Windows, Linux, Android, iOS and Mac OS.

OS: CentOS/RedHat 6

1. Install ppp via yum:

[php]# yum install ppp -y[/php]

2. Download and install pptpd (the daemon for point-to-point tunneling).

[php]# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm && sudo rpm -Uvh epel-release-6*.rpm[/php]

[php]# yum install pptpd -y[/php]

3. Once installed, open /etc/pptpd.conf using text editor and add following line:

[php]# vi /etc/pptpd.conf

localip 172.111.20.15
remoteip 10.0.0.101-200[/php]

4. Open /etc/ppp/options.pptpd and add authenticate method, encryption and DNS resolver value:

[php]# vi /etc/ppp/options.pptpd

require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4[/php]

5. Lets create user to access the VPN server. Open /etc/ppp/chap-secrets and add the user as below:

[php]# vi /etc/ppp/chap-secrets

vpnusername pptpd vpnpass123456 *[/php]

6. We need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via text editor and change line below:

[php]# vi /etc/sysctl.conf

net.ipv4.ip_forward = 1[/php]

7. Run following command to take effect on the changes:

[php]# sysctl -p[/php]

8. Allow IP masquerading in IPtables by executing following line:

If VPS:

[php]# iptables -t nat -A POSTROUTING -o venet0:0 -j MASQUERADE

# iptables -A INPUT -i venet0:0 -p tcp –dport 1723 -j ACCEPT[/php]

If Server:
[php]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# iptables -A INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT[/php]

[php]# service iptables save

# service iptables restart[/php]

Update: Once you have done with step 8, check the rules at /etc/sysconfig/iptables. Make sure that the POSTROUTING rules is above any REJECT rules.

9. Turn on the pptpd service at startup and reboot the server:

[php]# service pptpd restart

# chkconfig pptpd on[/php]

Once the server is online after reboot, you should now able to access the PPTP server from the VPN client. You can monitor /var/log/messages for ppp and pptpd related log. Cheers!

ENJOY!