How to Install Poptop VPN Server on CentOS 7

Continuing the VPN series, today we cover Poptop, or pptpd. It is easier to configure than other VPN software, but MS-CHAP-v2 encryption that it uses is not really secure, as we come to expect from Microsoft software. Nevertheless, I have experienced situations where Poptop succeeds where other VPNs like OpenVPN and Softether fail, so this article might be useful to some people.

So let's start, poptop is in epel repository, so we will add it and install ptppd package.

yum -y install epel-release
yum -y install ppp pptpd net-tools iptables-services

Next, we need to configure it. The easiest way is to back up the old configuration file and just paste a new one which I will provide in the article. So lets do just that.

mv /etc/pptpd.conf /etc/pptpd.conf.orig

echo 'option /etc/ppp/options.pptpd
logwtmp
localip 10.0.10.1
remoteip 10.0.10.2-254' > /etc/pptpd.conf

This means that your poptop interface will be 10.0.10.1 and the clients will get assigned private ip on the same subnet, from 2 through 254. Public IP will, of course, be the same as the server's, that is why we are running the VPN.

Next, we get to the options.pptpd file which might or might not exist, but anyways we will create it. Of course, we will first backup it if exists.

mv -f /etc/ppp/options.pptpd /etc/ppp/options.pptpd.orig

echo 'name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4' > /etc/ppp/options.pptpd

You can have many accounts and there is set to limit the number, but we will add just one for testing, with username linoxide and password linoxide:

mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.orig

echo 'linoxide pptpd linoxide *' > /etc/ppp/chap-secrets

The asterisk means that the user can be connected from any IP which is useful if you are going to connect from different devices and computers. If you want to bind an account to one IP, you can type that IP there instead of *. If you want one more account, repeat the previous command, only this time use >> instead > because we want to append rather than overwrite the entire file. So something like this

echo 'geek pptpd geek *' >> /etc/ppp/chap-secrets

So there you go, we actually have two users now. Next, we need to setup forwarding, so those next two lines are for that:

echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf

sysctl -p

Next let's just disable firewalls to keep things simple:

systemctl stop firewalld.service
systemctl disable firewalld.service
service iptables save
service iptables stop
chkconfig iptables off
iptables -F
chmod +x /etc/rc.d/rc.local

And then we need just to set up masquerading and post-routing and we are done.

echo "iptables -t nat -A POSTROUTING -o YOUR-NIC -j MASQUERADE" >> /etc/rc.d/rc.local

iptables -t nat -A POSTROUTING -o YOUR-NIC -j MASQUERADE

service pptpd restart

Instead of YOUR-NIC, you need to put the name of your network-facing interface if you don't know the name type ifconfig (that is why we installed net-tools at the start).

  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

How to restrict direct root access in Linux

We can do it just in two steps. Step One: At first we will create new root user as follows (for...

How to extract .tar.gz files in Linux/UNIX OS

A tarball is a group of files that are bundled together using the tar command. Use the...

How to add welcome message when SSH start?

You need to change the contents of /etc/motd. Unfortunately, by default, /etc/motd is a link to...

How to change root password when SSH logged in

Run the following command: passwd Now type your new passwordOnce done, retype new passwordDone!...

How to install Pinguzo on any Linux/UNIX OS

Login to Pinguzo panel using Softaculous account or create an account of Pinguzo To add new...