pptpd

por | 16 diciembre, 2012
0 comentarios

1. Install ppp via yum:

$ yum install ppp -y

2. Download and install pptpd (the daemon for point-to-point tunneling). You can find the correct package at this website http://poptop.sourceforge.net/yum/stable/packages/ :

$ cd /usr/local/src
$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
$ rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

3. Once installed, open /etc/pptpd.conf using text editor and add following line:

remoteip 192.168.0.234-238,192.168.0.245

4. Open /etc/ppp/options.pptpd and add authenticate method, encryption and DNS resolver value:

require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8

5. Lets create user to access the VPN server. Open /etc/ppp/chap-secrets and add the user as below:

vpnuser pptpd myVPN$99 *

The format is: [username] [space] [server] [space] [password] [space][IP addresses]

6. We need to allow IP packet forwarding for this server. Open /etc/sysctl.conf via text editor and change line below:

net.ipv4.ip_forward = 1

7. Run following command to take effect on the changes:

$ sysctl -p

8. Allow IP masquerading in IPtables by executing following line:

For OpenVZ the iptables rule should be.

iptables -t nat -A POSTROUTING -j SNAT --to-source 11.22.33.44
$ service iptables save
$ service iptables restart

Change 11.22.33.44 to your VPS’s public IP address.

 

This guide is intended for those who want to set up a PPTP VPN on OpenVZ with Debian or Ubuntu on a capable provider such as BuyVM.net. Lots of time has been spent through trial and error trying to figure it out. Insight and portions of this guide have been taken from howtogeek.com.

An automated script (written by me) is now available! http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/

To verify PPP is working, run:

1
cat /dev/ppp

It should return this:

cat: /dev/ppp: No such device or address

Server Setup:

1. Install the pptp server package:

1
apt-get install pptpd

 

2. Edit the “pptpd.conf” configuration file:

1
vim /etc/pptpd.conf

Uncomment the localip and remoteip lines and change them to something like this:

1
2
localip 11.22.33.44
remoteip 10.1.0.1-100

Where the “localip” is the address of your VPS, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network’s requirements.

3. Edit the “pptpd-options” configuration file:

1
vim /etc/ppp/pptpd-options

Uncomment the ms-dns lines and change them to:

1
2
ms-dns 208.67.222.222
ms-dns 208.67.220.220

Where the IP used for the ms-dns line is the DNS server for the local network your client will be connecting to. In my example, I used OpenDNS’s DNS servers.

4. Edit the “chap-secrets” file:

1
vim /etc/ppp/chap-secrets

Add the authentication credentials for a user’s connection, in the following syntax:

username<tab>*<tab> userpassword<tab>*

Make sure that you separate each entry with a single tab. It could be like this:

1
john    *    jsmith88    *

5. Edit the MTU settings:

1
vim /etc/ppp/ip-up

Add this line to the end of the file:

1
ifconfig $1 mtu 1400

6. Allow PPTP through the firewall (iptables):

1
iptables -t nat -A POSTROUTING -j SNAT --to-source 11.22.33.44

Change 11.22.33.44 to your VPS’s public IP address.

After that, type in:

1
iptables-save

7. Restart the pptpd for the settings to take affect:

1
/etc/init.d/pptpd restart

If you don’t want to grant yourself access to anything beyond the server, then you’re done on the server side.

8. Enable Forwarding:

By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to “jump” through the VPN server, to all other devices on the network. If you don’t enable forwarding, you will not be able to browse the web through your proxy.

Edit the sysctl file:

1
vim /etc/sysctl.conf

Find the “net.ipv4.ip_forward” and uncomment it by removing the “#”:

1
net.ipv4.ip_forward=1

You can either restart the system or issue this command for the setting to take affect:

1
sysctl -p

With forwarding enabled, all the server side settings are prepared.

Here is a script to reapply iptables settings at boot (in case your server restarts/crashes/etc.) Make sure you change the IP address to your VPS address.

1
2
3
4
5
6
iptables-save > /etc/iptables.conf
cat > /etc/network/if-pre-up.d/iptables <<END
#!/bin/sh
iptables-restore < /etc/iptables.conf
END
chmod +x /etc/network/if-pre-up.d/iptables

Hope this works well for you, if not, let me know in the comments!