How to set up a VPN server (PPTP) with CentOS
Have the resources on the local network even when you are physically out of the office is a goal within reach of any system administrator. Just a machine with CentOS, just and open source software are some tips to configure all the best.
As it is configured up to now, the server “switch” traffic between the VPN and the Internet interface in a “transparent”.
However, if the machine is also equipped proxy “Squid” (perhaps with some additional filtering), it might be interesting also to ensure that all requests from VPN clients are handled by this component.
Adjust the routing
Open the file with
gedit used for routing (was saved in /root/routing.sh, if you had followed the instructions of the wizard dedicated) and identified the portion of text delimited by the indication
============ BLOCK OF INSTRUCTION THAT ENABLE THE ENTRY ============ VPN (it’s towards the end of the file).
Just below, you should find 3 blocks of 5 lines each: get rid of all signs (#) to find the beginning of the 15 lines in question
Save the file and close the editor.
Everything is ready
At this point, reboot the server for changes to take effect (or run the script again and restart Squid with routing service squid restart) and that’s it: all requests for web access from the VPN client will be handled by the proxy
Clients may have some difficulty managing the pages transmitted via HTTPS, but as we said, everything is normal.
If this limitation is unacceptable, the alternative is to allow users to access encrypted pages without going through Squid to do so, insert the # character at the beginning of the following lines in the file routing.sh (are the last of the block of instruction devoted to the combined use of Squid VPN)
# $ IPT-t nat-A PREROUTING-i ppp0-p tcp - dport 443-j REDIRECT - to-port 3129 # $ IPT-A INPUT-j ACCEPT-m state - state NEW, ESTABLISHED, RELATED-i ppp0-p tcp - dport 3129 # $ IPT-A OUTPUT-j ACCEPT-m state - state NEW, ESTABLISHED, RELATED-o $ WAN-p tcp - dport 443 # $ IPT-A INPUT-j ACCEPT-m state - state ESTABLISHED, RELATED-i $ WAN-p tcp - sport 443 # $ IPT-A OUTPUT-j ACCEPT-m state - state ESTABLISHED, RELATED-o ppp0-p tcp - sport 443
Useful, but not conclusive
For completeness, I invite you to note that the use of Squid via VPN is simply a measure intended to prevent the server for any unlawful or inappropriate circles, but is in no way a protection for the client: if a user of VPN would work around the block, just disconnect from the virtual network and direct access to the sites as usual using the supplied connection to the computer, or set up the VPN in a “split tunnel”.
See previous post :
- CentOS: How to set up a VPN server (PPTP) Part.1
- CentOS: How to set up a VPN server (PPTP) Part.2
- CentOS: How to set up a VPN server (PPTP) Part.3
- CentOS: How to set up a VPN server (PPTP) Part.4