How to install PPTP VPN server in RHEL/Centos 6.4 Linux

Rasho

Linux System Administrator with over 8 years experience in administering production level servers (CentOS/Ubuntu/Debian with apache2/nginx, mysql server, etc)

You may also like...

14 Responses

  1. Jack says:

    First need enable tun module (tunelling kernel module):

    # echo 'modprobe tun' >> /etc/rc.modules
    # chmod +x /etc/rc.modules
    

    At next boot will be loaded tun module in kernel

  2. mario vargas careaga says:

    i have all in server running and port 1723 listening , i’m trying to connect from a winxp client but i can’t i don’t know really whats’s the problem when I trying gives to me error769 :the specified destination is not reachable
    please if you can help me with that….

  3. mario vargas careaga says:

    netstat -anp | grep 1723

    tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3502/pptpd

    tcpdump

    02:30:11.484231 IP 10.0.0.30 > 10.0.0.50: ICMP host 10.0.0.50 unreachable – admin prohibited

    where 10.0.0.30 server and 10.0.0.50 remote , and the error error769 continues ….

    • Jeff Scharfenberg says:

      I have gone over this setup atleast 8 times today and never even came close to getting it to work. I’m 100% lost. Can anyone assist me in what i’m missing?

      • Charles Wells says:

        Enable tun module (tunelling kernel module)

        # echo ‘modprobe tun’ >> /etc/rc.modules
        # chmod +x /etc/rc.modules

        and reboot system.

        • Jeff Scharfenberg says:

          I did that previously, when i run ifconfig i still see no tun. So i’m still stuck in the same position.

  4. WPeckham says:

    Not bad, but how do you configure if you want the authentication directed to AD instead of the flat file?

    • Bishop Clark says:

      You’ll want to add these two config parameters to your options.pptp file:
      plugin winbind.so
      ntlm_auth-helper “/usr/bin/ntlm_auth –helper-protocol=ntlm-server-1”

      Those two lines should be the only thing you’re missing once you have AD fully working already. Most of the doc that google showed me (in 2 seconds; hope you weren’t waiting long!) deals with setting up AD auth, which you won’t need.

      http://poptop.sourceforge.net/dox/replacing-windows-pptp-with-linux-howto.phtml

      That’s right on the poptop site. Wow!

  5. fehmi says:

    “The PPTP protocol does not allow two VPN connections from the same remote IP address”

  6. Bishop Clark says:

    I like the simple instructions. I’d be surprised if the mknod step is still required, though.

    Apparently, “pptp is unsecure[sic]” . Care to elaborate? I see many people repeating the same thing over and over, but any supporting docs seem to be old and deal with win2k servers. I think pptp is the only thing more maligned than vtun (itself the target of kneejerk sharing of some ulterior piece).

    If you know pptp isn’t secure, I’m interested in finding a good, fresh, unbiased reference.

  7. Bishop Clark says:

    Oh. And this step is also very bad:

    echo “echo 1 > /proc/sys/net/ipv4/ip_forward” >> /etc/rc.local

    in a modern OS, newer than 2010, you’ll want to just

    mkdir -p /etc/sysctl.d # in case your OS has broken packaging
    echo “net.ipv4.ip_forward = 0” > /etc/sysctl.d/pptp-forward.conf

    And that’s it. Dumping things into rc.local is a lazy thing, and I wouldn’t recommend using it when so many better ideas are out there!

  8. ali alameh says:

    when getting to
    alialameh@s45-40-138-160 [~]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    FATAL: Module ip_tables not found.
    iptables v1.4.7: can’t initialize iptables table `nat’: Permission denied (you must be root)
    Perhaps iptables or your kernel needs to be upgraded.

  9. Alex says:

    I’m getting 807 error and I couldn’t fix it at all. Could you please help me with the problem?

Leave a Reply to mario vargas careaga Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.