Home » Centos/RHEL » How to install and configure PPTP vpn on linux

How to install and configure PPTP vpn on linux

Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that permits corporations to expand their own corporate network by using private “tunnels” over the public Internet.
It was developed by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies.
In this tutorial you will learn to install and configure PPTP vpn on Linux Server.
We are using follwoing ip addresses for this tutorial.
172.10.0.1 PPTP server local IP
205.22.12.11 PPTP server Public IP
172.10.0.10 PPTP Client local ip assigned by VPN Server
208.30.80.112 PPTP Client Public IP

PPTP Installation on vpn server
First of all install PPTP on vpn server using below command.
On CentOS 6 x64:

root@linuxpcfix [~] yum install ppp
root@linuxpcfix [~] yum install pptpd

On Ubuntu 12.10 x64:

root@linuxpcfix [~] apt-get install pptpd

open the pptp.conf configuration file and append the following lines

root@linuxpcfix [~] vi /etc/pptpd.conf
localip 172.10.0.1 (server local IP)
remoteip 172.10.0.100-100

Next, we have to setup authentication for PPTP through adding users and passwords see below

root@linuxpcfix [~] vi /etc/ppp/chap-secrets
# client server secret IP addresses
user1 pptpd gajendra *

Then open /etc/ppp/options.pptpd file and Add DNS servers as following

root@linuxpcfix [~] vi /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now you start PPTP server:

root@linuxpcfix [~] service pptpd restart
root@linuxpcfix [~] netstat -plan |grep :1723
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 19594/pptpd
root@linuxpcfix [~] #

Then enable IP forwarding on your PPTP server. This will permit you to forward packets between public IP and private IPs that you setup with PPTP.

root@linuxpcfix [~] vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
root@linuxpcfix [~] sysctl -p

Now time to create NAT rules in iptables

root@linuxpcfix [~] iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

If you would also like your PPTP clients to talk to each other, the append the following rules in iptables:

root@linuxpcfix [~] iptables –table nat –append POSTROUTING –out-interface ppp0 -j MASQUERADE
root@linuxpcfix [~] iptables -I INPUT -s 172.10.0.0/24 -i ppp0 -j ACCEPT
root@linuxpcfix [~] iptables –append FORWARD –in-interface eth0 -j ACCEPT

Clients Side Configuration
On your client servers, install PPTP client:

root@linuxpcfix [~] yum -y install pptp

Enable necessary Kernel module

root@linuxpcfix [~] modprobe ppp_mppe

Create a new file /etc/ppp/peers/pptpserver and append the following lines,

root@linuxpcfix [~]vi /etc/ppp/peers/pptpserver
pty “pptp 205.22.12.11 (PPTP-Server-Public-IP) –nolaunchpppd”
name username
password user password
remotename pptpd
require-mppe-128

Note:- Replacing name and password with your own values:
Finally execute the following command to access PPTP server through PPTP clients.

root@linuxpcfix [~] pppd call pptpserver

If you are able to make successful connection from PPTP server then logs output shuld be as below.

root@linuxpcfix [~] tail -f /var/log/messages
Nov 28 18:08:21 PPA pptpd[24304]: CTRL: Client 205.22.12.11 control connection finished
Nov 28 18:09:35 PPA pptpd[30135]: CTRL: Client 205.22.12.11 control connection started
Nov 28 18:09:36 PPA pptpd[30135]: CTRL: Starting call (launching pppd, opening GRE)
Nov 28 18:09:36 PPA pppd[30137]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 28 18:09:36 PPA pppd[30137]: pppd 2.4.5 started by root, uid 0
Nov 28 18:09:36 PPA pppd[30137]: Using interface ppp0
Nov 28 18:09:36 PPA pppd[30137]: Connect: ppp0 <--> /dev/pts/2
Nov 28 18:09:36 PPA pppd[30137]: peer from calling number 205.22.12.11 authorized
Nov 28 18:09:36 PPA pppd[30137]: MPPE 128-bit stateless compression enabled
Nov 28 18:09:36 PPA pppd[30137]: Cannot determine ethernet address for proxy ARP
Nov 28 18:09:36 PPA pppd[30137]: local IP address 172.10.0.1
Nov 28 18:09:36 PPA pppd[30137]: remote IP address 208.30.80.112

You can also see PPTP Client side system logs

root@linuxpcfix [~] tail -f /var/log/messages
Nov 28 18:09:43 dns2 pppd[1255]: pppd 2.4.5 started by root, uid 0
Nov 28 18:09:43 dns2 pppd[1255]: Using interface ppp0
Nov 28 18:09:43 dns2 pppd[1255]: Connect: ppp0 <--> /dev/pts/1
Nov 28 18:09:43 dns2 pptp[1256]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Nov 28 18:09:43 dns2 pptp[1266]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 ‘Start-Control-Connection-Request’
Nov 28 18:09:43 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Nov 28 18:09:43 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Nov 28 18:09:44 dns2 pptp[1266]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 ‘Outgoing-Call-Request’
Nov 28 18:09:44 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Nov 28 18:09:44 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer’s call ID 0).
Nov 28 18:09:44 dns2 pppd[1255]: CHAP authentication succeeded
Nov 28 18:09:44 dns2 kernel: PPP MPPE Compression module registered
Nov 28 18:09:44 dns2 pppd[1255]: MPPE 128-bit stateless compression enabled
Nov 28 18:09:44 dns2 pppd[1255]: local IP address 208.30.80.112
Nov 28 18:09:44 dns2 pppd[1255]: remote IP address 172.10.0.1

Next verify the PPTP client network interface it will look like as below.

root@linuxpcfix [~] ifconfig
ppp0 Link encap:Point-to-Point Protocol
inet addr:172.10.0.10 P-t-P:172.10.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:50 (50.0 b) TX bytes:56 (56.0 b)

You ping your PPTP server on private ip address.

root@linuxpcfix [~] ping 172.10.0.1
PING 64.71.184.8 (172.10.0.1) 56(84) bytes of data.
64 bytes from 172.10.0.1: icmp_seq=1 ttl=55 time=29.0 ms
64 bytes from 172.10.0.1: icmp_seq=2 ttl=55 time=28.9 ms
64 bytes from 172.10.0.1: icmp_seq=3 ttl=55 time=28.9 ms
64 bytes from 172.10.0.1: icmp_seq=4 ttl=55 time=28.9 ms
64 bytes from 172.10.0.1: icmp_seq=5 ttl=55 time=29.0 ms
64 bytes from 172.10.0.1: icmp_seq=6 ttl=55 time=28.9 ms

If you are able to ping your PPTP server that mean you have successfully configure your own private network on public internet.

About

I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry from last 7 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud