PPTP Server Installation in CentOS 5

Nov 06

wingloonLinux 82 Comments

I am writing this document on how to build a Linux Point to Point Tunneling Protocol (PPTP) server using Poptop. This allows roaming users to connect to their corporate network from anywhere on the Internet securely and inexpensively. It supports Windows 95/98/Me/NT/2000/XP PPTP clients and Linux PPTP clients. The requirements are: -

CentOS 5
kernel-2.6.18-8.el5
ppp-2.4.4-1.el5

Kernel version 2.6.15 or above has MPPE built-in which is required for MSCHAPv2. CentOS 5 kernel version is 2.6.18 that means you do not need to install the MPPE module. CentOS 5 comes with ppp-2.4.4-1.el5 and it is MPPE support enabled.

1. Run the command below to test if your kernel supports MPPE and you should get a return an “ok”: -

modprobe ppp-compress-18 && echo ok

2. Download the RPM file pptpd-1.3.4-1.rhel5.1.i386.rpm from: -

http://poptop.sourceforge.net/yum/stable/packages/

3. Install the RPM by running this command: -

rpm -ivh pptpd-1.3.4-1.rhel5.1.i386.rpm

4. Change the following file /etc/ppp/options.pptpd as below: -

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd

5. Change the following file /etc/pptpd.conf as below: -

option /etc/ppp/options.pptpd
logwtmp
localip 192.168.2.1
remoteip 192.168.2.11-15

6. Add the following username (johndie) and password (passwrd) in /etc/ppp/chap-secrets as below: -

# Secrets for authentication using CHAP
# client server secret IP addresses
johndoe pptpd passwrd *

7. Run the following command to enable the pptpd to start automatically in runlevel 3 and 5 as below: -

chkconfig --level 35 pptpd on

8. Now, you can start the pptpd service as below: -

service pptpd start

9. For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and change the line to below: -

net.ipv4.ip_forward = 1

10. To enable it immediately, run the following command below: -

sysctl -p

If you found these helpful, please contribute to help:

82 Comments (+add yours?)

Older

  1. fire
    Oct 10, 2010 @ 22:47:33

    Thanks for good document, It helped me a lot.

  2. Dennis
    Nov 12, 2010 @ 18:47:56

    Nice tutorial.

    I would love if you explained some more detailed configuration.

  3. Sivawut
    Nov 25, 2010 @ 08:04:33

    Thanks for your documentation.

    This is very useful.

  4. Alessandro G
    Dec 01, 2010 @ 20:26:48

    hi, first of all, thanks for excellent document!
    About the installation of pptpd I’ve used this way on centos x64:
    rpm -Uvh http://poptop.sourceforge.net/yum/stable/fc7/pptp-release-current.noarch.rpm
    yum –enablerepo=poptop-stable install pptpd

    be careful beacuse there is this request:
    ppp = 2.4.3 is needed by package pptpd-1.3.4-2.fc5.x86_64

    I hope it’s useful for all reader.
    AG

  5. wingloon
    Dec 03, 2010 @ 12:17:50

    Alessandro, thanks for the tip to all readers here.

  6. anyvanykey
    Dec 13, 2010 @ 23:31:59

    WOW! Thanks, dude. It exact what i need!

  7. rp
    Dec 26, 2010 @ 12:32:41

    Thanks for the instructions.
    There is no need to changes anything in iptables or open any access points on the network edge firewalls?

  8. Javad
    Dec 29, 2010 @ 01:09:01

    How can I reach the internet via this PPTP link? e.g to bypass the filter?

  9. basit
    Jan 05, 2011 @ 17:43:23

    excellent documentation :)

    Alessandro G,

    try ‘yum –enablerepo=poptop-beta install pptpd’

    we can avoid “ppp = 2.4.3 is needed by package pptpd-1.3.4-2.fc5.x86_64″ message.

    poptop-beta installs ppp=2.4.4 and working good for me on centos 5.5.

  10. wingloon
    Jan 05, 2011 @ 18:55:00

    rp, definitely you need to open access for PPTPd which is TCP port 1723 and GRE in the network edge firewall.

    Javad, you need to enable masquerading using iptables in the PPTP server.

    basit, thank you for the info.

  11. MandraKe
    Jan 30, 2011 @ 12:20:53

    dear Win, I found your how-to searching on google… thanks a lot for it, I’ve now three of my servers working as VPN-Server. I don’t really use it, but, you never know when this gonna be needed.

    See you, Pablo.-

  12. linuxine
    Mar 08, 2011 @ 12:35:02

    Hi,thanks, this is tutorial helped me on configuring my VPS (centos 5.5) for my http://www.linuxine.com.

  13. choxii
    Mar 17, 2011 @ 00:29:48

    Nice tuto, 10x for posting it the only thing I had to figure out myself was to install “gmp”. I was getting on the client side 720 error. After using “yum inastall gmp” on CentOS 5, the connection was possible.

  14. alipour66m
    May 29, 2011 @ 00:47:39

    hello
    i have done but when i want to connect from my win7 to linux throw this vpn
    error 800
    what should i do?

  15. vimal
    Sep 21, 2011 @ 05:28:29

    Thanks bro it is really helpful.

  16. mirza
    Oct 14, 2011 @ 23:42:58

    I get 619 on the client. why? how can I fix it?

  17. wingloon
    Oct 20, 2011 @ 12:26:17

    MandraKe, linuxine, choxii & vimal, good to hear this help you :)

    alipour66m, you are getting error code 800 – Unable to establish the VPN connection. The VPN server may be unreachable, or security parameters may not be configured properly for this connection. Please make sure you set Require encryption and enable Microsoft CHAP Version 2 (MS-CHAP v2) in Windows 7.

    mirza, you are getting error code 619 – The port is disconnected. Please make sure both ends has no firewall blocking and make sure PPTP passthrough is enable in your router.

  18. Linux
    Oct 22, 2011 @ 19:52:13

    Thanks for the info. It worked. However, how to configure PPTP so I can browse my websites through the connection. At the moment I cannot access the websites when the PPTP connection is established.

    Urgent help will be appreciated.

    Regards.

  19. wingloon
    Oct 23, 2011 @ 23:13:40

    Linux, please make sure you had enable ip_forward and to browse the websites you need to run the following command (replace the ‘eth0′ with your output interface): -

    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  20. bingo
    Oct 26, 2011 @ 15:32:24

    This is very helpful… it worked perfectly for me — using RHEL5 update7

  21. Vitor Lollato
    Oct 30, 2011 @ 22:16:05

    I wont fix the error 800, more ideas? im using a virtual environment to set it up, someone have any idea ?

  22. Vitor Lollato
    Oct 31, 2011 @ 07:20:03

    Its running perfectly now.. Thanks !

  23. Jonathan
    Nov 29, 2011 @ 12:36:58

    Thanks very much, invaluable!

  24. open-suse
    Feb 02, 2012 @ 16:31:54

    very-good-thanks.

  25. wingloon
    Feb 08, 2012 @ 17:13:31

    You all most welcome :)

  26. Paul Hudson
    Mar 25, 2012 @ 20:03:59

    RE getting error code 619 – I experienced this as Atomic Secured Linux didn’t allow modules to be loaded after boot. Ensure that your Linux Kernel is complied with PPP support and that PPP is loaded on boot.

    Check tail -f /var/log/messages when you connect to see what’s being thrown up.

    Also as mentioned above, check that you have allowed PPTP and GRE in your iptables and network firewall.

    All these caused 619 errors for me while I was debugging. Hope it helps someone else.

  27. wingloon
    Mar 27, 2012 @ 10:18:07

    Hi Paul, thank you for sharing.

  28. Mamdouh
    May 13, 2012 @ 20:37:33

    hello,

    i have tried every way and yet no result.
    can you tell me what i should do to check if i have GRE enabled..
    i can post any thing.

    i have a Centos 5.7 XEN server and i want to turn it into a vpn server so i can connect through it. Thank you very much

Leave a Reply