How to install PPTP VPN server in RHEL/Centos 6.4 Linux

rasho

Linux System Administrator with over 7 years experience in administering production level servers (CentOS/Ubuntu/Debian with apache2/nginx, mysql server, etc)

You may also like...

  • http://sfrjcaffe.com Jack

    First need enable tun module (tunelling kernel module):

    # echo 'modprobe tun' >> /etc/rc.modules
    # chmod +x /etc/rc.modules
    

    At next boot will be loaded tun module in kernel

  • mario vargas careaga

    i have all in server running and port 1723 listening , i’m trying to connect from a winxp client but i can’t i don’t know really whats’s the problem when I trying gives to me error769 :the specified destination is not reachable
    please if you can help me with that….

  • mario vargas careaga

    netstat -anp | grep 1723

    tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3502/pptpd

    tcpdump

    02:30:11.484231 IP 10.0.0.30 > 10.0.0.50: ICMP host 10.0.0.50 unreachable – admin prohibited

    where 10.0.0.30 server and 10.0.0.50 remote , and the error error769 continues ….

    • Jeff Scharfenberg

      I have gone over this setup atleast 8 times today and never even came close to getting it to work. I’m 100% lost. Can anyone assist me in what i’m missing?

      • Charles Wells

        Enable tun module (tunelling kernel module)

        # echo ‘modprobe tun’ >> /etc/rc.modules
        # chmod +x /etc/rc.modules

        and reboot system.

        • Jeff Scharfenberg

          I did that previously, when i run ifconfig i still see no tun. So i’m still stuck in the same position.

  • WPeckham

    Not bad, but how do you configure if you want the authentication directed to AD instead of the flat file?

    • Bishop Clark

      You’ll want to add these two config parameters to your options.pptp file:
      plugin winbind.so
      ntlm_auth-helper “/usr/bin/ntlm_auth –helper-protocol=ntlm-server-1″

      Those two lines should be the only thing you’re missing once you have AD fully working already. Most of the doc that google showed me (in 2 seconds; hope you weren’t waiting long!) deals with setting up AD auth, which you won’t need.

      http://poptop.sourceforge.net/dox/replacing-windows-pptp-with-linux-howto.phtml

      That’s right on the poptop site. Wow!

  • fehmi

    “The PPTP protocol does not allow two VPN connections from the same remote IP address”

  • fehmi

    “The PPTP protocol does not allow two VPN connections from the same remote IP address”

  • Bishop Clark

    I like the simple instructions. I’d be surprised if the mknod step is still required, though.

    Apparently, “pptp is unsecure[sic]” . Care to elaborate? I see many people repeating the same thing over and over, but any supporting docs seem to be old and deal with win2k servers. I think pptp is the only thing more maligned than vtun (itself the target of kneejerk sharing of some ulterior piece).

    If you know pptp isn’t secure, I’m interested in finding a good, fresh, unbiased reference.

  • Bishop Clark

    Oh. And this step is also very bad:

    echo “echo 1 > /proc/sys/net/ipv4/ip_forward” >> /etc/rc.local

    in a modern OS, newer than 2010, you’ll want to just

    mkdir -p /etc/sysctl.d # in case your OS has broken packaging
    echo “net.ipv4.ip_forward = 0″ > /etc/sysctl.d/pptp-forward.conf

    And that’s it. Dumping things into rc.local is a lazy thing, and I wouldn’t recommend using it when so many better ideas are out there!