Installing and Configuring PPTP VPN on RHEL/CentOS 5
In the following tutorial, I will explain how to set up a PPTP VPN server on RHEL/CentOS 5, so that you can use it to browse the internet. So, if you have a RHEL/CentOS 5 dedicated server in US, you will be able to access US only sites.
A set up like this also has other benefits. Since the connection between the server and your computer will be encrypted, your ISP wont be able to intercept or track your internet usage.
Installation and Configuration
Ok, so lets get started. First make sure that you have ppp installed.
yum install ppp
In my case it was already installed, so I got the message ‘Package ppp – 2.4.4-1.el5.x86_64 is already installed’.
After you make sure that you have ppp installed, download and install Poptop. You can get the RHEL/CentOS 5 RPMs from http://poptop.sourceforge.net/yum/stable/rhel5/. I was using 64 bit version of CentOS 5. So I downloaded and installed the 64 bit (x86_64) version of the RPM.
wget http://poptop.sourceforge.net/yum/stable/rhel5/x86_64/pptpd-1.3.4-1.rhel5.1.x86_64.rpm
rpm -ivh pptpd-1.3.4-1.rhel5.1.x86_64.rpm
After installing Poptop, open the file /etc/pptpd.conf.
nano /etc/pptpd.conf
Go to the end of the file where you can see examples of localip and remoteip. Below them add your own values for localip and remoteip.
localip 10.0.0.1
remoteip 10.0.0.10-100
In the above, 10.0.0.1 will be used for the ppp interface and 10.0.0.10 – 10.0.0.100 will be assigned to the clients. You can also use different private IPs in ‘localip’ and ‘remoteip’, like 10.20.26.1 and 10.20.26.10-100. The OpenVPN documentation has some good info about numbering private subnets. Click here to check it out.
Next, open the file /etc/ppp/options.pptpd.
nano /etc/ppp/options.pptpd
Uncomment the ms-dns lines (by removing the ‘#’ in front of them) and change them to the dns servers provided by your ISP or to public DNS servers like ones provided by OpenDNS.
ms-dns 208.67.222.222
ms-dns 208.67.220.220
Thats all you need to change in the options.pptpd file. Next you will need to edit the file /etc/ppp/chap-secrets to add usernames and passwords for your clients. You need to enter the usernames and passwords in the following format.
# Secrets for authentication using CHAP
# client server secret IP addresses
username pptpd password *
username2 pptpd password2 *
You can also put a * in place of ‘pptpd’ just like there is a * below ‘IP addresses’. Also instead of a * below ‘IP addresses’ you can put the IP address from which the client will be connecting.
IP Forwarding and Firewall Rules
Now we need to enable IP forwarding. So open the file /etc/sysctl.conf and set ‘net.ipv4.ip_forward’ to 1.
net.ipv4.ip_forward = 1
To make the changes to sysctl.conf take effect, use the following command.
sysctl -p
Or you can also use the following command to enable IP forwarding temporarily.
echo 1 > /proc/sys/net/ipv4/ip_forward
Next, configure iptables to do NAT.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Next, we need to allow TCP port 1723 and the GRE protocol through iptables.
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
The following iptables rules are necessary if you want to be able to route all your internet traffic through the VPN server.
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
Now start the PPTP server if you haven’t already.
service pptpd start
If you followed the above steps correctly, the PPTP server should now be ready for use.
Troubleshooting
In case you are unable to connect to the VPN, check out the following Microsoft knowledge base article. It has some good troubleshooting tips.
http://support.microsoft.com/kb/314076/en-us
If you are unable to browse certain sites through the VPN, you may need to change the MTU of the ppp interface. To do this open the /etc/ppp/ip-up file and just before the last line, add the following line.
/sbin/ifconfig $1 mtu 1400
Save the file after that and then restart the PPTP server.
service pptpd restart
In my case the ppp interface was being assigned 1396 as the MTU. Due to which I was unable to browse some sites. After changing MTU to 1400, the problem went away.
Notes
I initially used PPTP since the site Relakks.com uses the same. But due to poor performance I have now switched to OpenVPN instead. If you are not satisfied with PPTP you should try OpenVPN. You will find excellent documentation on their website.
Anyway, I hope you have found the above tutorial useful. 
Next Post: cPanel: Upgrade ClamAV to latest version
Previous Post: Welcome to my blog!
Oct 16, 2008 at 10:28 AM
Hi, I’ve got a Red Hat Enterprise Linux Server release 5.1 over a i386, I do all you say but when I try to connect to my server I’ve got a 619 error in a windows xp, Do you know what can be wrong?
Oct 16, 2008 at 10:50 AM
Hi, check out the following microsoft knowledge base article. http://support.microsoft.com/kb/227747/
It might have solution to your problem.
Oct 16, 2008 at 1:28 PM
Thank you, all is working, the problem was is my ISP no my server, excelent article!
Nov 25, 2008 at 8:54 PM
You Rock anindya!
Jan 27, 2009 at 6:55 PM
Hi Anindya,
Great tutorial; but I cannot connect to my VPN. I enter my server’s IP address as my host name, but it doesn’t connect. I don’t even see the authentication. I think it has something to do with open ports or so but I did everything according to your tutorial. Thanks in advance
Jan 27, 2009 at 11:00 PM
@ugur,
If you are using a firewall on the client computer, make sure that it is configured to allow PPTP.
Also make sure that “PPTP passthrough” is enabled in your router. Check the following screen shot to see what I mean. http://img156.imageshack.us/img156/818/1282009112514ampq2.png.
Mar 6, 2009 at 1:45 AM
Hi, i have vista home and have a vpn connection in centos, now sometimes the connection works perfect but sometimes it just dont get connected.. i have to restart the server pc and then it work and then sometime later start playing up. please tell me what can i be doing wrong…
Mar 6, 2009 at 2:01 AM
@Azhar,
I have no idea why that happens. It used to happen to me too. I experienced some other problems too with PPTP which is why I have switched to OpenVPN.
If you are experiencing problems with PPTP, try OpenVPN.
Mar 14, 2009 at 2:53 PM
I did exactly as you wrote.. but I can`t connect from Vista to CentOS
Can anybody add me to MSN, maybe?
Mar 14, 2009 at 9:39 PM
@Tadej
If you are using a router, make sure that it supports PPTP passthrough and that it is enabled.
Mar 20, 2009 at 10:49 AM
When i try to install the pptpGUI i get issues with libglade.so and libxml.so and cannot process php4. Any ideas? it is driving me mad!!!
Apr 17, 2009 at 7:47 PM
Great Tutorial !
Would be great if you can publish just like this tutorial one but for OpenVPN.
Apr 18, 2009 at 12:31 PM
@mike,
Sorry, I can’t help you. I am not familiar with pptpGUI and have no idea what relation it has with php 4.
Apr 18, 2009 at 12:31 PM
@Andy,
Thanks!
Maybe I will publish a tutorial for OpenVPN too.
May 1, 2009 at 11:06 AM
I have Centos 5. I got this error:
“This system lacks kernel support for PPP. This could be because
the PPP kernel module could not be loaded, or because PPP was not
included in the kernel configuration. If PPP was included as a
module, try `/sbin/modprobe -v ppp’. If that fails, check that
ppp.o exists in /lib/modules/`uname -r`/net.
See README.linux file in the ppp distribution for more details.”
Any suggestion?
May 1, 2009 at 11:58 AM
That error message is pretty straight forward.
You are most likely using a virtual private server which is why your kernel doesn’t have PPP support. Also, on most virtual private servers, its not possible for the users to rebuild the kernel. If in your case, it is possible to rebuild the kernel, then follow the instructions found on this page to rebuild your kernel. You can enable PPP from the menu that appears after you use the “make menuconfig” command.
Usually, you wont come across this problem in a dedicated server.
May 5, 2009 at 7:45 AM
With PPP you can use the inbuilt client support within NT,XP,Vista etc, but with OpenVPN you have to install a client, or can OpenVPN support pptp connections also?
Nev
May 5, 2009 at 9:36 AM
Yes, in case of OpenVPN you have to install the client. And no, OpenVPN doesn’t support PPTP.
May 21, 2009 at 4:57 PM
Anindya can i use mine VPS server as PPTP server, do i need router to setup PPTP VPN , is there any way in which VPN can be setup without router. Thanks and reply me asap.
Jun 9, 2009 at 4:29 AM
Hi,
I already connected to linux vpn server from windows vpn client but can’t browsing internet,let me know what cause this ??
thanks,
Aug 22, 2009 at 3:17 AM
Hi
i try to run this step :
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
but i got error how can i remove this problem ?
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables: Unknown error 4294967295
Aug 22, 2009 at 7:01 AM
@Viking,
Are you using a VPS?
If yes, then most likely the iptables module ‘iptable_nat’ is not available. Usually virtual private servers have lot of stuff disabled, so that they don’t use too much system resources. I suggest that you contact your VPS provider for help with this problem.
Aug 22, 2009 at 9:16 AM
sir
do you have any yahoo or skype for live chat? if yes please email me
Aug 22, 2009 at 10:26 AM
also i have error 619 when i try connect to vpn via my user and password on windows
Aug 22, 2009 at 10:36 AM
@Viking
You still haven’t mentioned whether you are using a virtual private server or not. If you are using a virtual private server, then its very likely that you wont be able to solve the iptables problem yourself. You will have to contact your service provider.
As for the ‘error 619′ problem, please check out this microsoft kb http://support.microsoft.com/kb/227747/.
Also, I recommend that you use OpenVPN instead of PPTP.
Aug 22, 2009 at 10:56 AM
i have VPS with Centos 5 as operation system , about PPTP , i want to use IBSng for accounting also my windows clients can access to my vpn without problem and with simple windows connection
Sep 1, 2009 at 3:40 AM
@Anindya: i have disabled the iptables on my vps completely as i don’t want to be bothered with this port thingy. but still, i can’t connect to via vpn and it says error 619. could it be because the admin closed the vpn port?
Sep 1, 2009 at 6:20 AM
@jacko
You need to have iptables enabled. It is iptables that handles the forwarding and NAT. Without those iptables rules you wont be able to route your internet traffic through the VPN. But you should still be able to connect to it.
If you are unable to connect to the vpn and getting error 619, check out the microsoft kb article that I have linked to in one of my comments.
Oct 25, 2009 at 10:31 AM
hiii civorel,,
nice blog entries , i have tired this vpn server & am able to connect to the server but not able to access the internet . maybe its a routing issue.or fw related. what should be the local , the remote ip in my case .. server config & client are HERE http://pastebin.ca/1642753
am using dedicated server rhel.
Thank youu Anindya
Oct 25, 2009 at 11:39 AM
Since you are using a dedicated server, you can follow this tutorial step by step. You can use same local and remote ip as the one I have used in this tutorial or you can use other private subnets.
I see that you have a public ip address in your ifcfg-eth1 file and not the ifcfg-eth0 file. If you are using eth1 as the public interface, you should replace eth0 in the iptables rules mentioned in this post with eth1.
Example: iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Oct 26, 2009 at 11:04 AM
it wassss the apf firewall fault , not mine ;o thank you Anindya for you quick assistance.
pptpd & internet are up and running but am getting the half connection speed when using pptp.
any suggestions ;|
Oct 26, 2009 at 11:06 AM
Switch to OpenVPN. Thats what I did.
Oct 30, 2009 at 10:21 AM
Dear All,
i am using Red Hat Enterprise Linux Server release 5.4 and PPTPD release installed pptpd-1.3.0-0 but when i am try to register on PPTPD i am getting below mention error,
same PPTPD is working on another system but it is not working on this system.
Please let me know why i am getting this error. in configuration i have tried all above mention options.
(Oct 30 12:02:18 server16 pptpd[695]: CTRL: Client 58.65.164.10 control connection started
Oct 30 12:02:18 server16 pptpd[695]: CTRL: Starting call (launching pppd, opening GRE)
Oct 30 12:02:18 server16 pppd[696]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4
Oct 30 12:02:18 server16 pptpd[695]: GRE: read(fd=6,buffer=804fa20,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Oct 30 12:02:18 server16 pptpd[695]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Oct 30 12:02:18 server16 pptpd[695]: CTRL: Client 58.65.164.10 control connection finished)
Regards,
Asif
Oct 30, 2009 at 12:44 PM
Try removing pptpd and installing the latest version, that is version 1.3.4.
Here are download links for both 32 bit and 64 bit rpms.
http://poptop.sourceforge.net/yum/stable/rhel5/x86_64/pptpd-1.3.4-1.rhel5.1.x86_64.rpm
http://poptop.sourceforge.net/yum/stable/rhel5/i386/pptpd-1.3.4-1.rhel5.1.i386.rpm
Nov 19, 2009 at 4:42 AM
Any idea on how to configure APF to allow pptpd to run?
Nov 19, 2009 at 5:54 AM
APF just controls iptables, so the iptables rules listed on this page should work fine for you. Also, you can put the iptables rules in the /etc/apf/postroute.rules file and APF will execute them automatically when it starts.
Dec 18, 2009 at 2:02 PM
Hi Anindya
It was a great guide you posted on configuring a vpn server, But I am having few issues. 1 is it takes sometime to connect, 2nd is if i am able to connect i am able to browse for like 5 minutes, and then i loose connectivity. Any ideas as to what might be causing this?
Thanks
Dec 20, 2009 at 7:28 AM
I also get the 619 error when trying to connect using Win XP. I installed the Poptop on VPS server (CentOS 5) using this guide. It seems that there are always issues on VPS servers.
Then I installed poptop on normal CentOS (not using CentOS) and I didn’t have any problems. It works like a charm.
Thanks, it is great tutorial.
I
Dec 20, 2009 at 7:30 AM
I meant when I’m not using VPS it works great. My bad
Dec 20, 2009 at 9:52 AM
@Justin
Sorry, I have no idea what might be causing the issues you are having.
You should try connecting to the VPN using a different computer and from a different network and if you see that you are still having the same issues, then the problem is most likely with the server. If not, then it could be a problem with your client computer or network.
@Fen
Virtual private server’s usually have many things disabled that are required for pptp, which is why others have had problems with VPSs too.
Anyway, I am glad you found this tutorial useful.
Jan 6, 2010 at 6:12 PM
I have created a VPN without problems and I can connect, but I cannot browse the web on my Windows machine. I checked and for some reason the VPN does not allocate a Gateway… could that be the issue?
On my iPhone I can browse through the VPN with no problem.
Feb 21, 2010 at 5:19 AM
Tnx! been looking for solution to my vpn problem till I found your site, whew! its been 2 weeks. Tnx much!
Apr 7, 2010 at 6:01 AM
thank you! worked for me
May 15, 2010 at 6:13 AM
[root@abc ~]# service pptpd restart
Shutting down pptpd: [失敗]
Starting pptpd: /etc/host.conf: line 1: bad command `127.0.0.1 localhost.localdomain localhost’
[失敗]
Warning: a pptpd restart does not terminate existing
connections, so new connections may be assigned the same IP
address and cause unexpected results. Use restart-kill to
destroy existing connections during a restart.
求救
May 15, 2010 at 5:58 PM
When I run the iptables commands to allow the port and do NAT I don’t get any errors, but changes never take effect. Any ideas?
May 21, 2010 at 5:18 PM
@lin and @bisteck
You guys should try googling if you haven’t already.