MinhTech.com

Yet another technology tutorial blog.

Fedora Linux 16 Install PPTP VPN Server PPTPD

By • Apr 23rd, 2012 • Category: Linux

Install and configure a PPTP VPN server on Fedora Linux 16 or CentOS 5. I chose PPTP VPN over OpenVPN because 1) it is easy to set up and 2) there are native, built-in clients for Windows, Mac, and iOS devices (i.e. iPhone and iPad).

First, Install PPTPD:

> rpm -Uhv http://poptop.sourceforge.net/yum/stable/fc16/pptp-release-current.noarch.rpm
> yum install pptpd

As root, add the Poptop stable repository for Fedora Linux 16 and install the pptpd package. For CentOS 5, substitute fc16 with rhel5.

Configure PPTPD:

> vi /etc/pptpd.conf
localip 111.111.111.111
remoteip 10.10.1.2-254
> cat /etc/resolv.conf
nameserver 222.222.222.222
nameserver 333.333.333.333
> vi /etc/ppp/options.pptpd
ms-dns 222.222.222.222
ms-dns 333.333.333.333
refuse-mschap
require-mschap-v2
require-mppe-128
require-mppe

First, edit the /etc/pptpd.conf file. localip is the server’s IP address (or the address that the remote clients will connect to). List the server’s IP address with the ifconfig command. remoteip is the range of internal IP addresses that the PPTP VPN server will assign to the remote clients as they connect to the VPN.

Next list the contents of the /etc/resolv.conf file to discover the DNS addresses that the server is using. Then edit the /etc/ppp/options.pptpd file and change the ms-dns entries to match those DNS addresses. Or use the OpenDNS addresses 208.67.220.220 and 208.67.222.222. Before closing the file, also edit the authentication protocols as listed above.

Configure Clients:

> vi /etc/ppp/chap-secrets
mnguyen pptpd password1 *
snguyen pptpd password2 *

Add the username, server, password, and allowable IP addresses for each client. This example uses a wildcard to allow both clients to connect to the PPTP VPN server from any IP address.

Enable Packet forwarding:

> vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
> sysctl -p

Edit the /etc/sysctl.conf file to allow packet forwarding and enable it immediately with the sysctl -p command.

Modify Default MTU:

> vi /etc/ppp/ip-up
ifconfig $1 mtu 1400

Modify the default MTU to enable live chat and other services to run via the PPTP VPN server. Add the ifconfig $1 mtu 1400 line before the exit 0 line in the file.

Configure iptables:

> iptables -A INPUT -i p3p1 -p tcp --dport 1723 -j ACCEPT
> iptables -A INPUT -i p3p1 -p gre -j ACCEPT
> iptables -A FORWARD -i ppp+ -o p3p1 -j ACCEPT
> iptables -A FORWARD -i p3p1 -o ppp+ -j ACCEPT
> iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT
> iptables -A OUTPUT -p gre -j ACCEPT
> iptables -t nat -A POSTROUTING -o p3p1 -j MASQUERADE

Add the above rules to allow connections to the PPTP VPN server through the firewall. p3p1 is the interface and may be eth0, eth1, venet0, etc.

For a BuyVM OpenVZ virtual private server (VPS) running CentOS 5, substitute the iptables -t nat -A POSTROUTING -o p3p1 -j MASQUERADE line with iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -j SNAT --to-source 999.999.999.999 instead (where 999.999.999.999 is the internal IP address provisioned for the VPS).

Finally, Start PPTPD:

> service pptpd start
> chkconfig --level 2345 pptpd on

is a technology junkie.
Email this author | All posts by

7 Responses »

  1. For localip, if my server is behind a NAT router, do I use the local address of the server (192.168.x.x) or do I use the public IP address of the router (x.x.x.x)?

    Again for a local class C network, do I need to give a range of “remoteip” within that subnetwork (e.g., 192.168.x.50-100) or should I use a separate subnetwork (e.g., 10.10.1.2-254)?

    Thanks.

  2. George,

    If you are on the same network as the VPN server then you can use the local address of the VPN server. If not then you must use the public ip that is given to you by your ISP. Make sure that you have your NAT router configure to allow VPN pass through so you can actually hit the server.

  3. Hi, I tried to setup the VPN,, and followed all steps on this tutorial. My client reaches the server, but in some moment in ppp authentication, it goes to error. I tried to connect with Windows client and also Linux client. See the server log with Windows Client:

    Feb 8 02:36:05 greenstar pptpd[4481]: CTRL: Client 186.220.251.55 control connection started
    Feb 8 02:36:05 greenstar pptpd[4481]: CTRL: Starting call (launching pppd, opening GRE)
    Feb 8 02:36:05 greenstar pppd[4482]: pppd 2.4.5 started by root, uid 0
    Feb 8 02:36:05 greenstar pppd[4482]: Using interface ppp0
    Feb 8 02:36:05 greenstar pppd[4482]: Connect: ppp0 /dev/pts/2
    Feb 8 02:36:05 greenstar NetworkManager[520]: /sys/devices/virtual/net/ppp0: couldn’t determine device driver; ignoring…
    Feb 8 02:36:35 greenstar pppd[4482]: LCP: timeout sending Config-Requests
    Feb 8 02:36:35 greenstar pppd[4482]: Connection terminated.
    Feb 8 02:36:35 greenstar avahi-daemon[534]: Withdrawing workstation service for ppp0.
    Feb 8 02:36:35 greenstar pppd[4482]: Modem hangup
    Feb 8 02:36:35 greenstar pppd[4482]: Exit.
    Feb 8 02:36:35 greenstar pptpd[4481]: GRE: read(fd=6,buffer=80504c0,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
    Feb 8 02:36:35 greenstar pptpd[4481]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
    Feb 8 02:36:35 greenstar pptpd[4481]: CTRL: Client 186.220.251.55 control connection finished

    Thanks,

    Pedro.

  4. It works without any issue on Fedora 16, thanks for sharing.

  5. Update: Initially I didn’t modify the default MTU size, and I was not able to browse internet using VPN (even though google services gmail, maps, search were working fine) spend good amount of time troubleshooting the issue.

    After I add the following

    ifconfig $1 mtu 1400

    at the end of file /etc/ppp/ip-up, everything start working.

    Once again thanks for sharing

  6. […] See on minhtech.com […]

  7. I am using an OpenVPN solution from http://www.sunvpn.net/. Its working well. Its very easy to handle and is useful in various purposes.It’s much better than proxy websites because it contains less amount of virus than proxy website and is safer than that of others as it heps us for safe browsing and downloading.

Leave a Reply