Pages

Tuesday, March 2, 2010

Configuring poptop VPN Server

Hi Friends,

                  Let us discuss How to Configure poptop VPN Server on Linux(CentOS5.3) System.
1.) First of all Install all the required Libraries and pptd Server on Linux System.
2.) You can also make the use of yum to install the pptp server as...
         # yum -y install ppp
3.) After you make sure that you have ppp installed, download and install Poptop. You can get the RHEL/CentOS 5 RPMs from net easily.
4.) After installing Poptop, open the file /etc/pptpd.conf.
     # vi /etc/pptpd.conf
                   Go to the end of the file where you can see examples of localip and remoteip. Below them add your own values for localip and remoteip.
localip      10.0.0.1
remoteip     10.0.0.10-100



In the above, 10.0.0.1 will be used for the ppp interface and 10.0.0.10 - 10.0.0.100 will be assigned to the clients. You can also use different private IPs in ‘localip’ and ‘remoteip’, like 10.20.26.1 and 10.20.26.10-100.

5.) Next, open the file /etc/ppp/options.pptpd.
           #vi /etc/ppp/option.pptpd

6.) Uncomment the ms-dns lines (by removing the ‘#’ in front of them) and change them to the dns servers provided by your ISP or to public DNS servers like ones provided by OpenDNS.
               ms-dns 208.67.222.222
               ms-dns 208.67.220.220

     Thats all you need to change in the options.pptpd file.

7.) Next you will need to edit the file /etc/ppp/chap-secrets to add usernames and passwords for your clients. You need to enter the usernames and passwords in the following format.
          
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
username2 pptpd password2 *


You can also put a * in place of ‘pptpd’ just like there is a * below ‘IP addresses’. Also instead of a * below ‘IP addresses’ you can put the IP address from which the client will be connecting.


IP Forwarding and Firewall Rules:
 1.) Now we need to enable IP forwarding. So open the file /etc/sysctl.conf
        and set ‘net.ipv4.ip_forward’ to 1.       net.ipv4.ip_forward = 1

   To make the changes to sysctl.conf take effect, use the following command.
       # sysctl -p
   Or you can also use the following command to enable IP forwarding temporarily.
    # echo 1 > /proc/sys/net/ipv4/ip_forward

   2.) Next, configure iptables to do NAT.
    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  3.) Next, we need to allow TCP port 1723 and the GRE protocol through iptables.
    #iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
    #iptables -A INPUT -i eth0 -p gre -j ACCEPT

  4.) Next, we need to allow TCP port 1723 and the GRE protocol through iptables.     #iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
    #iptables -A INPUT -i eth0 -p gre -j ACCEPT


   5.) Now start the PPTP server if you haven’t already.
    #service pptpd start
 
        If you followed the above steps correctly, the PPTP server should now be ready for use.