I have a CentOS box at $HOME and occasionally need access from elsewhere. Think vacation with the in-laws!

Just for the record, PPTP is not considered secure anymore, since the encryption has been compromised. If that scares you, please run away as fast as you can and try a different solution. Yes, it does concern me but I’m not doing anything that really needs that level of security.

I just need a simple way to access my $HOME network that is sort of secure. I can always setup up a SOCKS5 proxy with SSH if need be.

Most of this guide was lifted from Digital Ocean. They have some pretty good guides and how-tos on there site and they offer really cheap hosting.

Getting Started

I’m assuming you are doing this from a CentOS 6.5 box and that you are running as root.

First thing to get done is installing the software. It’s just a matter of adding a repository and installing the goodies.

rpm -i
yum -y install pptpd

Now for some configuration.

echo "connections 10" >> /etc/pptpd.conf
echo "localip" >> /etc/pptpd.conf
echo "remoteip" >> /etc/pptpd.conf
sed -i 's/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g' /etc/sysctl.conf
sysctl -p

And of course we have to adjust iptables to allow traffic.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT
iptables-save | sudo tee /etc/sysconfig/iptables

The server should be up and running at this point. We need users to be able to log into the box though. You can either manually edit /etc/ppp/chap-secrets or echo and redirect the following into /etc/ppp/chap-secrets. Regardless, you need a line that looks like:

my_user_name pptpd this_users_password *

Replace my_user_name and this_users_password with the correct values that you would like to log in with.


I won’t go over setting up clients, since there are so many out there and most of the tutorials are pretty good.

Exception for OS/X

One thing that annoyed me was trying to find routing instructions for OS/X. You can use the command below to adjust that.

/sbin/route add -net -interface ppp0

You should adjust the network and mask to be your internal network.

If you want to make this route be created everytime you connect, do the following:

echo "#!/bin/sh" > /etc/ppp/ip-up
echo "/sbin/route add -net -interface ppp0" >> /etc/ppp/ip-up
chmod +x /etc/ppp/ip-up


This has worked out pretty good for me, but YMMV.


31 December 2013