Professional Documents
Culture Documents
Written by Aurangzeb
Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private
networks (VPN).
Apart from security, a PPTP VPN allows you to use a static ip address of your server for all your
internet connection. A great way to get static ip if you are on an ISP that only provides dynamic
ip to clients.As Windows XP, Windows VISTA, Windows 7, comes with a built-in PPTP Client,
PPTP is the easiest way to use VPN without the requirement for any software installation.
Prerequisite:
Install poptop
Configuring poptop
1/5
How to Setup VPN using PPTP in CentOS
Written by Aurangzeb
Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34
localip 10.10.1.1
remoteip 10.10.1.2-254
Here localip (10.10.1.1) is the ip which the clients connect to the server. It can be the
primary ip address
of your server.
remoteip (10.10.1.2-254) is the ip address range that will be provided to the client
connections.
Commenting out remoteip worked fine with me which gives all connected connection the
main ip (localip)
of the server.
ms-dns 192.168.1.1
ms-dns 192.168.3.1
Let’s configure the Encryption section, make sure it looks like this:
Vi /etc/ppp/options.pptpd.
refuse-mschap
require-mschap-v2
require-mppe-128
require-mppe
2/5
How to Setup VPN using PPTP in CentOS
Written by Aurangzeb
Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34
To add PPTP VPN clients you need to edit Vi /etc/ppp/chap-secrets and add an entry for each
client in
this way:
Run the following command to enable the pptpd to start automatically in runlevel 3 and 5:
For pptpd to work, the packet forwarding must be enabled. Edit /etc/sysctl.conf and
sysctl -p
3/5
How to Setup VPN using PPTP in CentOS
Written by Aurangzeb
Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34
#!/bin/bash
/sbin/iptables -F
/sbin/iptables -t nat -F
/sbin/iptables -t mangle -F
/sbin/iptables -X
/sbin/iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth2 -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth2 -p gre -j ACCEPT
/sbin/iptables -A FORWARD -i ppp+ -o eth2 -j ACCEPT
/sbin/iptables -A FORWARD -i eth2 -o ppp+ -j ACCEPT
/sbin/iptables -A OUTPUT -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A OUTPUT -p gre -j ACCEPT
#/sbin/iptables -t nat -A PREROUTING -i eth2 -p tcp --dport 80 -j REDIRECT --to-port 3128
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -j SNAT --to X.X.X.X
echo 1 > /proc/sys/net/ipv4/ip_forward
MTU size
In order to make the live chats (yahoo, msn, google, etc) work as it should we need to modify
the
default MTU, this is done by adding the following line into /etc/ppp/ip-up:
4/5
How to Setup VPN using PPTP in CentOS
Written by Aurangzeb
Friday, 11 June 2010 04:31 - Last Updated Friday, 11 June 2010 04:34
Add it before “exit 0″, don’t add it after “exit 0″, if you do then this command will be ignored, exit
0
stands for “The script ends here”.
5/5