CentOS PPTP client Howto

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Since it is marked as non secure and vulnerable, I don’t recommend it as a “final” VPN solution. The main reason for its popularity is probably the native MS Windows support (since win 95). Also, it can be easily implemented with Mikrotik RouterOS (like I said, use it for internal VPNs only).

To set up your CentOS box as a PPTP clients you’ll need the pptp package.

yum -y pptp

Open /etc/ppp/chap-secrets and add the next line (at the end). Also, replace the userName and password with the correct details:

userName PPTP password *

Create profile file

nano /etc/ppp/peers/myVPN

and paste the next content (replace IP_OR_HOSTNAME with PPTP server IP or hostname)

pty "pptp IP_OR_HOSTNAME --nolaunchpppd"
name userName
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam myVPN

save the file and test the connection with

pppd call myVPN

ifconfig should return something like

....
ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.16.18.252  P-t-P:10.16.18.251  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1436  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:2192 (2.1 KiB)  TX bytes:631 (631.0 b)
...

also in /var/log/messages you should see something like

Jul 20 10:58:50 mysrv pppd[9352]: pppd 2.4.5 started by root, uid 0
Jul 20 10:58:50 mysrv pppd[9352]: Using interface ppp0
Jul 20 10:58:50 mysrv pppd[9352]: Connect: ppp0 <--> /dev/pts/1
Jul 20 10:58:50 mysrv pptp[9353]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 716).
Jul 20 10:58:51 mysrv pppd[9352]: CHAP authentication succeeded
Jul 20 10:58:51 mysrv pppd[9352]: MPPE 128-bit stateless compression enabled
Jul 20 10:58:51 mysrv pppd[9352]: local  IP address 10.16.18.252
Jul 20 10:58:51 mysrv pppd[9352]: remote IP address 10.16.18.251
Jul 20 10:59:51 mysrv pptp[9361]: anon log[logecho:pptp_ctrl.c:677]: Echo Reply received.

If you check your routes, you’ll probably notice that ppp0 connection is not used by any route(s). This is default behavior and you can easily switch/add default route with:

route add default dev ppp0

In my case, I don’t want to route the complete traffic (this VPN is just for management) so I’ll add only one static route

route add -net 192.168.120.0/24 dev ppp0

To start this connection on boot, add “pppd call myVPN” in rc.local.

Leave a Reply

Your email address will not be published. Required fields are marked *