How to install PPTP VPN server in RHEL/Centos 6.4 Linux

In this article we show you how to install and properly configure a PPTP VPN server in RHEL/CentOS linux. With this VPN you’ll have access to transfering your data encrypted and using a ethernet interface that uses your Server IP address. This tunneling technology is compatible with several devices like desktop operating systems, mobile phones and tablets.
First need enable tun module (tunelling kernel module):

# echo 'modprobe tun' >> /etc/rc.modules
# chmod +x /etc/rc.modules

At next boot will be loaded tun module in kernel
Make sure you begin with a clean install by removing any previously installed packages:

yum remove -y pptpd ppp
iptables --flush POSTROUTING --table nat
iptables --flush FORWARD
rm -rf /etc/pptpd.conf
rm -rf /etc/ppp

Installation procedure

First, install the poptop package from sourceforge:

rpm -Uhv
yum -y install make libpcap iptables gcc-c++ logrotate tar cpio perl pam tcp_wrappers dkms kernel_ppp_mppe ppp pptpd

Now, we need to enable IP forwading, set internal IP addresses and point the DNS Servers that will be used by the pptp server:

mknod /dev/ppp c 108 0
echo 1 > /proc/sys/net/ipv4/ip_forward
echo "mknod /dev/ppp c 108 0" >> /etc/rc.local
echo "echo 1 > /proc/sys/net/ipv4/ip_forward" >> /etc/rc.local
echo "localip" >> /etc/pptpd.conf
echo "remoteip" >> /etc/pptpd.conf
echo "ms-dns" >> /etc/ppp/options.pptpd
echo "ms-dns" >> /etc/ppp/options.pptpd

Then, create your users credentials for the PPTP server. This credentials will be used to log in to the PPTP server on every client/device you connect from:

nano /etc/ppp/chap-secrets

Your chap-secrets file should look like this:

# Secrets for authentication using CHAP
# client server secret IP addresses
yourusername pptpd yourpassword *

Save and close the file.
Next, you need to add the following iptables rules in order to open the correct ports and properly forward the data packets:

# VPN rules (pptpd)
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp -s -j TCPMSS --syn --set-mss 1356

Save and restart your iptables firewall:

service iptables save
service iptables restart

Make sure you load your iptables after every reboot:

chkconfig iptables on
chkconfig pptpd on

And finally, restart iptables and pptpd services:

service iptables start
service pptpd start

That is it.

Also check out How to install and configure openVPN server on CentOS 6.4 linux


Rasho is Linux System Administrator with over 6 years experience in administering production level servers ( CentOS / Ubuntu / Debian with apache2/nginx, mysql server, mail server, dns, samba, ftp, firewall, etc... )

You may also like...

  • Jack

    First need enable tun module (tunelling kernel module):

    # echo 'modprobe tun' >> /etc/rc.modules
    # chmod +x /etc/rc.modules

    At next boot will be loaded tun module in kernel

  • mario vargas careaga

    i have all in server running and port 1723 listening , i’m trying to connect from a winxp client but i can’t i don’t know really whats’s the problem when I trying gives to me error769 :the specified destination is not reachable
    please if you can help me with that….

  • mario vargas careaga

    netstat -anp | grep 1723

    tcp 0 0* LISTEN 3502/pptpd


    02:30:11.484231 IP > ICMP host unreachable – admin prohibited

    where server and remote , and the error error769 continues ….

  • Jeff Scharfenberg

    I have gone over this setup atleast 8 times today and never even came close to getting it to work. I’m 100% lost. Can anyone assist me in what i’m missing?

    • Charles Wells

      Enable tun module (tunelling kernel module)

      # echo ‘modprobe tun’ >> /etc/rc.modules
      # chmod +x /etc/rc.modules

      and reboot system.

      • Jeff Scharfenberg

        I did that previously, when i run ifconfig i still see no tun. So i’m still stuck in the same position.

  • WPeckham

    Not bad, but how do you configure if you want the authentication directed to AD instead of the flat file?

  • fehmi

    “The PPTP protocol does not allow two VPN connections from the same remote IP address”