The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Since it is marked as non secure and vulnerable, I don’t recommend it as a “final” VPN solution. The main reason for its popularity is probably the native MS Windows support (since win 95). Also, it can be easily implemented with Mikrotik RouterOS (like I said, use it for internal VPNs only).
To set up your CentOS box as a PPTP clients you’ll need the pptp package.
Open /etc/ppp/chap-secrets and add the next line (at the end). Also, replace the userName and password with the correct details:
Create profile file
nano /etc/ppp/peers/myVPN |
nano /etc/ppp/peers/myVPN
and paste the next content (replace IP_OR_HOSTNAME with PPTP server IP or hostname)
pty "pptp IP_OR_HOSTNAME --nolaunchpppd"
name userName
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam myVPN |
pty "pptp IP_OR_HOSTNAME --nolaunchpppd"
name userName
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam myVPN
save the file and test the connection with
ifconfig should return something like
....
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.16.18.252 P-t-P:10.16.18.251 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2192 (2.1 KiB) TX bytes:631 (631.0 b)
... |
....
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.16.18.252 P-t-P:10.16.18.251 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1436 Metric:1
RX packets:14 errors:0 dropped:0 overruns:0 frame:0
TX packets:15 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:2192 (2.1 KiB) TX bytes:631 (631.0 b)
...
also in /var/log/messages you should see something like
Jul 20 10:58:50 mysrv pppd[9352]: pppd 2.4.5 started by root, uid 0
Jul 20 10:58:50 mysrv pppd[9352]: Using interface ppp0
Jul 20 10:58:50 mysrv pppd[9352]: Connect: ppp0 <--> /dev/pts/1
Jul 20 10:58:50 mysrv pptp[9353]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 716).
Jul 20 10:58:51 mysrv pppd[9352]: CHAP authentication succeeded
Jul 20 10:58:51 mysrv pppd[9352]: MPPE 128-bit stateless compression enabled
Jul 20 10:58:51 mysrv pppd[9352]: local IP address 10.16.18.252
Jul 20 10:58:51 mysrv pppd[9352]: remote IP address 10.16.18.251
Jul 20 10:59:51 mysrv pptp[9361]: anon log[logecho:pptp_ctrl.c:677]: Echo Reply received. |
Jul 20 10:58:50 mysrv pppd[9352]: pppd 2.4.5 started by root, uid 0
Jul 20 10:58:50 mysrv pppd[9352]: Using interface ppp0
Jul 20 10:58:50 mysrv pppd[9352]: Connect: ppp0 <--> /dev/pts/1
Jul 20 10:58:50 mysrv pptp[9353]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jul 20 10:58:50 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jul 20 10:58:51 mysrv pptp[9361]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 716).
Jul 20 10:58:51 mysrv pppd[9352]: CHAP authentication succeeded
Jul 20 10:58:51 mysrv pppd[9352]: MPPE 128-bit stateless compression enabled
Jul 20 10:58:51 mysrv pppd[9352]: local IP address 10.16.18.252
Jul 20 10:58:51 mysrv pppd[9352]: remote IP address 10.16.18.251
Jul 20 10:59:51 mysrv pptp[9361]: anon log[logecho:pptp_ctrl.c:677]: Echo Reply received.
If you check your routes, you’ll probably notice that ppp0 connection is not used by any route(s). This is default behavior and you can easily switch/add default route with:
route add default dev ppp0 |
route add default dev ppp0
In my case, I don’t want to route the complete traffic (this VPN is just for management) so I’ll add only one static route
route add -net 192.168.120.0/24 dev ppp0 |
route add -net 192.168.120.0/24 dev ppp0
To start this connection on boot, add “pppd call myVPN” in rc.local.