Setting up PPTP VPN server on a CentOS OpenVZ VPS

Setting up PPTP VPN server on a CentOS OpenVZ VPS

There are mainly 3 types of VPN servers: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP) and OpenVPN.

In this tutorial I use PPTP as its supported by almost all devices natively: Windows, Linux, Android, iOS and Mac OS.

1. Install PPTPD

If your OS is CentOS/RedHat 5:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm
rpm -iv pptpd-1.4.0-1.rhel5.x86_64.rpm

If your OS is CentOS/RedHat 6:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -iv pptpd-1.4.0-1.el6.x86_64.rpm

For 32bit editions replace with correct packages URLs.

2. Edit IP setttings in /etc/pptpd.conf

nano /etc/pptpd.conf

localip 10.0.0.254
remoteip 10.0.0.101-200

3. Add user accounts in/etc/ppp/chap-secrets (assign username and password)

nano /etc/ppp/chap-secrets

username1 *  password1 *
username2 *  password2 *

To reserve a static IP to one of the clients, replace the last asterisk with the IP:

username1 * password1 10.0.0.105

4. DNS settings in /etc/ppp/options.pptpd

nano /etc/ppp/options.pptpd

#ms-dns <VPS IP> #uncomment and set to your VPS IP if your local DNS server is configured to allow forwarding from ppp interface
ms-dns 8.8.8.8
ms-dns 8.8.4.4

5. Enable network forwarding in /etc/sysctl.conf

nano /etc/sysctl.conf

net.ipv4.ip_forward = 1

Use the following command to apply the change:
sysctl -p

6. Configure firewall and forwarding

iptables -A INPUT -i venet0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i venet0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -j SNAT --to-source [VPS's IP]
iptables -A FORWARD -i ppp0 -o venet0 -j ACCEPT
iptables -A FORWARD -i venet0 -o ppp0 -j ACCEPT
service iptables save
service iptables restart

Fill in the correct VPS IP address in the commands above.

If you’re using a Linux firewall/router in front of the VPS hosting the VPN server, make sure you forward GRE protocol traffic to it:

VPS=<VPN-Server-IP>
PIP=<Public-IP>
iptables -t nat -I PREROUTING -d $PIP -p 47 -j DNAT --to $VPS
iptables -I FORWARD -d $VPS -p 47 -j ACCEPT

If using a DD-WRT router with a dynamic public IP, the first rule can be replaced with
iptables -t nat -I PREROUTING -d `nvram get wan_ipaddr` -p 47 -j DNAT --to $VPS

7. Start PPTP VPN server

Use the following command:
service pptpd restart
To set PPTP Daemon to automatically start on boot, run:
chkconfig pptpd on

8. Create VPN connection in client device

See the dedicated Connect to a VPN server in Windows and Android tutorial.

References: (1), (2)

5 Comments

  1. Hi Leonidas, do you have finded a solution about your issue? This is happening to me in the same way, I can connect to the VPN but I can’t browse. Thanks in advance.

    Miguel
  2. localip 10.0.0.254
    remoteip 10.0.0.101-200

    Why set this ip address,if i have a vps how to set localip or remoteip.?thx

    plz reply or [removed email to avoid spam]

    liu
  3. Hello,

    It is working very good for a my pptp VPN, but voip server stop working completely as soon as I add the line (iptables -t nat -A POSTROUTING -j SNAT –to-source [VPS’s IP]). How can I make it working without affecting my asterisk server?
    Thanks,
    dica

    dihucar
  4. Pingback: Installer son VPS CentOS avec SSH | Thibaut LOMBARD

  5. Hello friend, installed perfectly without error the pptpd server on my Debian 7 I create the connection in Windows 7 and it connects, assigns the IP’s and still warns that the connection was established and has Internet access. I try to navigate and I can not … It is only by establishing connection … He drips all be via name or ip … usually ran the tracert command and the VPN is passing everything by ordinary for her … But why not browse after ?

Leave a Reply