PPTP on CentOS 6.5
I have a CentOS box at $HOME and occasionally need access from elsewhere. Think vacation with the in-laws!
Just for the record, PPTP is not considered secure anymore, since the encryption has been compromised. If that scares you, please run away as fast as you can and try a different solution. Yes, it does concern me but I’m not doing anything that really needs that level of security.
I just need a simple way to access my $HOME network that is sort of secure. I can always setup up a SOCKS5 proxy with SSH if need be.
Most of this guide was lifted from Digital Ocean. They have some pretty good guides and how-tos on there site and they offer really cheap hosting.
I’m assuming you are doing this from a CentOS 6.5 box and that you are running as root.
First thing to get done is installing the software. It’s just a matter of adding a repository and installing the goodies.
rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm yum -y install pptpd
Now for some configuration.
echo "connections 10" >> /etc/pptpd.conf echo "localip 192.168.250.10" >> /etc/pptpd.conf echo "remoteip 192.168.250.11-20" >> /etc/pptpd.conf sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf sysctl -p
And of course we have to adjust iptables to allow traffic.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 192.168.250.0/24 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT iptables-save | sudo tee /etc/sysconfig/iptables
The server should be up and running at this point. We need users to be able to log into the box though. You can either manually edit /etc/ppp/chap-secrets or echo and redirect the following into /etc/ppp/chap-secrets. Regardless, you need a line that looks like:
my_user_name pptpd this_users_password *
Replace my_user_name and this_users_password with the correct values that you would like to log in with.
I won’t go over setting up clients, since there are so many out there and most of the tutorials are pretty good.
Exception for OS/X
One thing that annoyed me was trying to find routing instructions for OS/X. You can use the command below to adjust that.
/sbin/route add -net 192.168.1.0/24 -interface ppp0
You should adjust the network and mask to be your internal network.
If you want to make this route be created everytime you connect, do the following:
echo "#!/bin/sh" > /etc/ppp/ip-up echo "/sbin/route add -net 192.168.1.0/24 -interface ppp0" >> /etc/ppp/ip-up chmod +x /etc/ppp/ip-up
This has worked out pretty good for me, but YMMV.