Setting up PPTP VPN server on CentOS Server
There are 3 basic types of VPN servers: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol(L2TP) and OpenVPN. (Yeah there are more but let’s deal with the basics here). In this post I will use PPTP as it’s supported by almost all devices and OSes natively: Windows, Linux, Android, iOS and Mac OS.
Furthermore, you will see that this guide is made for OpenVZ (Virtuozzo) VPSes. Why is this? By their majority openvz (pseudo-virtualization) vps is the cheapest vps that you will find in the market. Why spend $9.99 or even more for a commercial VPN when you can make your own vpn server with $1, $2 or $3 vps. You don’t need ram, cpu or disk space. Any decent vps with 256 RAM is enough for this job. Of course that doesn’t mean you can’t use it on any other server or cloud vps. Just change venet with the right interface on the iptables step below. Typically eth0. So let’s start Setting up PPTP VPN server on CentOS Server.
1. Install PPTPD
If your OS is CentOS/RedHat 5:
yum install ppp
rpm -iv pptpd-1.4.0-1.rhel5.x86_64.rpm
If your OS is CentOS/RedHat 6:
yum install ppp
rpm -iv pptpd-1.4.0-1.el6.x86_64.rpm
For 32bit versions replace with correct packages URLs (change x86_64 with i386 for EL5, i686 for EL6).
2. Edit IP setttings in /etc/pptpd.conf
3. Add user accounts in/etc/ppp/chap-secrets (assign username and password)
username1 * password1 *
username2 * password2 *
4. DNS settings in /etc/ppp/options.pptpd
#ms-dns <VPS IP> #uncomment and set to your VPS IP if your local DNS server is configured to allow forwarding from ppp interface
5. Enable network forwarding in /etc/sysctl.conf
net.ipv4.ip_forward = 1
Use the following command to apply the change:
6. Configure firewall and forwarding
iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i venet0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source [VPS's IP]
iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
iptables -A FORWARD -i venet0 -o ppp0 -j ACCEPT
service iptables save
service iptables restart
Fill in the correct VPN IP address in the commands above.
* If you have iptables service off (chkconfig iptables off) and stopped, you can save those rules in /etc/rc.local. They can start from there in every reboot.
If you’re using a Linux firewall/router in front of the VPS hosting the VPN server, make sure you forward GRE protocol traffic to it: (NO NEED for this in any commercial VPS just homemade if you have issues with your linux router or dd-wrt)
iptables -t nat -I PREROUTING -d $PIP -p 47 -j DNAT --to $VPS
iptables -I FORWARD -d $VPS -p 47 -j ACCEPT
If using a DD-WRT router with a dynamic public IP, the first rule can be replaced with
iptables -t nat -I PREROUTING -d `nvram get wan_ipaddr` -p 47 -j DNAT --to $VPS
7. Start PPTP VPN server
Use the following command:
service pptpd restart
To set PPTP Daemon to automatically start on boot, run:
chkconfig pptpd on
You are ready now. Create a VPN connection from your workstation using your CentOS server IP and test it. A quick and dirty way to test it is to browse to whatismyip.com and check the IP your are browsing from.