Installation of VPN PPTP (Poptop)

Step (1) ----------------------------------------------------------

if you are using a kernel version below 2.6.15-rc1, and you want encrypted tunnels, you need to add MPPE support to the kernel. Some distribution kernels already have MPPE. You can test by typing

modprobe ppp-compress-18 && echo ok


if that works, skip to step 2

if that NOT works, read the following:

Download and install the latest DKMS RPM and the latest kernel_ppp_mppe RPM from the new MPPE module builder section of our downloads, (for more information about DKMS, see the OLS 2004 DKMS paper),

Step (2) ----------------------------------------------------------

upgrade PPP to version 2.4.3 or later

wget the appropriate RPM package from: http://poptop.sourceforge.net/

Step (3) ----------------------------------------------------------

yum install pptpd

Or wget the appropriate RPM package from: http://poptop.sourceforge.net/

rpm -Uvh pptpd-1.3.4-xxxxxx.rpm


Step (4) ----------------------------------------------------------

Config pptpd:

vi /etc/pptpd.conf

option /etc/ppp/options.pptpd
debug
stimeout 2
bcrelay eth0
localip 192.168.1.1
remoteip 192.168.1.200-220
speed 115200

(especially the localip and remoteip tags, see the ROUTING CHECKLISTS in man pptpd.conf for more details)

vi /etc/ppp/options.pptpd

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
logfile /var/log/pptpd.log

(especially ensure the MPPE options match your PPP version),

vi /etc/ppp/chap-secrets

admin pptpd password 192.168.1.200

(add a username and password for a client to log in with),

you can see my other page pptp_config.htm

Step (5) ----------------------------------------------------------

modprobe ppp-compress-18
chkconfig pptpd on
service pptpd start

Start pptpd service and enable the startup of pptpd

Step (6) ----------------------------------------------------------

vi /etc/rc.local

# pptpd modprobe
modprobe ppp-compress-18


enable IP forwarding in /etc/sysctl.conf:

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1


enable IP forwarding now:

echo 1 > /proc/sys/net/ipv4/ip_forward


Step (7) ----------------------------------------------------------

Allow 1723 port and gre protocol for pptp in linux firewall
Also ensure and check your NAT/router is supported VPN pass through or not.

vi /etc/sysconfig/iptables

## VPN pptpd -------
-A INPUT -p gre -j ACCEPT
-A INPUT -m tcp -p tcp --dport 1723 -j ACCEPT

service iptables restart


Step (8) ----------------------------------------------------------

Make a pptp client connection in windowXP and try connect to server

Reference link:
http://poptop.sourceforge.net/dox/redhat-howto.phtml

Step (9) [Optional]----------------------------------------------------------

If you want client go internet , enable iptables and add this :

vi /etc/sysctl.conf
net.ipv4.ip_forward = 1

sysctl -p


iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

or

vi /etc/sysconfig/iptables
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT


Step (10) [Optional]----------------------------------------------------------

If you would also like your PPTP clients to talk to each other, add the following iptables rules:

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 192.168.1.0/24 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT

P.S. Make vpn-nat-route.sh for optional step 9,10


Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.