Linux Tutorial

How to set up a VPN server (PPTP) with CentOS

Have the resources on the local network even when you are physically out of the office is a goal within reach of any system administrator. Just a machine with CentOS, just and open source software are some tips to configure all the best.

As it is configured up to now, the server “switch” traffic between the VPN and the Internet interface in a “transparent”.

However, if the machine is also equipped proxy “Squid” (perhaps with some additional filtering), it might be interesting also to ensure that all requests from VPN clients are handled by this component.

Adjust the routing

Open the file with gedit used for routing (was saved in /root/routing.sh, if you had followed the instructions of the wizard dedicated) and identified the portion of text delimited by the indication ============ BLOCK OF INSTRUCTION THAT ENABLE THE ENTRY ============ VPN (it’s towards the end of the file).

Just below, you should find 3 blocks of 5 lines each: get rid of all signs (#) to find the beginning of the 15 lines in question

Save the file and close the editor.
Everything is ready

At this point, reboot the server for changes to take effect (or run the script again and restart Squid with routing service squid restart) and that’s it: all requests for web access from the VPN client will be handled by the proxy

Clients may have some difficulty managing the pages transmitted via HTTPS, but as we said, everything is normal.

If this limitation is unacceptable, the alternative is to allow users to access encrypted pages without going through Squid to do so, insert the # character at the beginning of the following lines in the file routing.sh (are the last of the block of instruction devoted to the combined use of Squid VPN)

# $ IPT-t nat-A PREROUTING-i ppp0-p tcp - dport 443-j REDIRECT - to-port 3129
# $ IPT-A INPUT-j ACCEPT-m state - state NEW, ESTABLISHED, RELATED-i ppp0-p tcp - dport 3129
# $ IPT-A OUTPUT-j ACCEPT-m state - state NEW, ESTABLISHED, RELATED-o $ WAN-p tcp - dport 443
# $ IPT-A INPUT-j ACCEPT-m state - state ESTABLISHED, RELATED-i $ WAN-p tcp - sport 443
# $ IPT-A OUTPUT-j ACCEPT-m state - state ESTABLISHED, RELATED-o ppp0-p tcp - sport 443

Useful, but not conclusive

For completeness, I invite you to note that the use of Squid via VPN is simply a measure intended to prevent the server for any unlawful or inappropriate circles, but is in no way a protection for the client: if a user of VPN would work around the block, just disconnect from the virtual network and direct access to the sites as usual using the supplied connection to the computer, or set up the VPN in a “split tunnel”.

See previous post :

• CentOS: How to set up a VPN server (PPTP) Part.1
• CentOS: How to set up a VPN server (PPTP) Part.2
• CentOS: How to set up a VPN server (PPTP) Part.3
• CentOS: How to set up a VPN server (PPTP) Part.4

How to set up a VPN server (PPTP) with CentOS

Have the resources on the local network even when you are physically out of the office is a goal within reach of any system administrator. Just a machine with CentOS, just and open source software are some tips to configure all the best.

As anticipated at the beginning, the technique proposed here is not exactly “old hat”. Consequently, there are many aspects that may hinder the proper functioning of the VPN.

This page of the official documentation offers a wide array of tests, tips and solutions to various problems: I have summarized below the most common.

The client can not connect

If the service is started (you can check quickly by giving service pptpd restart), but clients can not connect, it means that there is some “barrier”.

Move the two computers within the same LAN and try again: If it works, almost certainly means that you have properly configured the router.

Otherwise, the firewall may not let the traffic properly: try to disable it temporarily (perhaps by disconnecting everything from the Internet to prevent security problems!) And try again.

The connection is established but the computer does not see

If the VPN connection is established correctly, but PCs are not accessible, could be a configuration problem.

On the client, run ping 192.168.0.201 (substituting the appropriate IP address of VPN server) and Make sure you get a response.

If not, run yum install tcpdump-y on the server to install a software-capture packets, then proceed with tcpdump-n-i ppp0 and try again to ping: If the terminal does not appear to informational messages, means that the client is not “talking” in any way with the server.
Server and VPN client are spoken, the VPN client and PC LAN no

Trace the cause of this problem is far from easy.

Check that the server itself is having problems communicating with other PCs on the LAN and, perhaps, try to download an updated version of the script routing.

Unable to access files and printers

If everything works, but you can not share resources, you have probably a problem with the specific features of Windows: See the article “Setting up a computer network (LAN)” for more information.

How to set up a VPN server (PPTP) with CentOS

Open the door on the firewall

Now that the service is operational, we must ensure that it is reachable!

First, we open the port on the firewall: Follow System -> Administration -> Security Level and Firewall to launch the configuration panel.

Click the Add button at the bottom right, enter 1723, press Ok and confirmed repeatedly until you close the tool.
Configure the router

If the server’s Internet connection to use a router, you must also configure the same port forwarding (port forwarding) to the VPN server (for local trace the IP address, refer to the article “Configure IP address and DNS on CentOS“.

The exact procedure varies from model to model. As for the ubiquitous Alice Gate provided on loan by Telecom Italy, For all other devices, you should refer to the instruction booklet.

This step alone, however, may not be enough. Some routers block because the protocol Generic Routing Encapsulation (GRE) used in this scenario: it is therefore necessary to browse through the available options and make sure that this barrier is not active.

To complicate matters further, other devices provide an option called VPN Passthrough (PPTP Passthrough, or) that must be explicitly activated in turn to achieve the goal: again, you are called to use a little ‘technical acumen and the slog’ management interface of the device to achieve the goal.
Getting a dynamic domain name

In order to reach the CentOS server from the outside, is particularly convenient to use a dynamic domain name (it will be something like servervpn.no-ip.org): NO-IP is definitely a great tool as well as DynDNS.

I strongly suggest you to associate one to your server before going any further.
Connect from client

At this point, everything should be ready. You just have to connect from a client! The procedure was shown in “How to connect to a VPN server with Windows 7 and Ubuntu”

Once the connection is established, the CentOS server takes care to join in an (almost) clear the two branches of the network: that of the VPN and local network segment which provides access.

Note that the remote Windows PC on the LAN may not be correctly displayed under My Network: if so, use the usual \ \ PC-name from Windows Explorer to reach them directly.

See also:
1. How to set up a VPN server (PPTP) Part.1
2. How to set up a VPN server (PPTP) Part.2

How to set up a VPN server (PPTP) with CentOS

Options.pptd

To begin configuration, open the options file with this command:

gedit /etc/ppp/options.pptpd

The default settings are already optimal, but you must specify which server to use DNS to resolve domain names.

Try (Find command in the toolbar) string #ms-dns. Then replace it with this statement:

ms-dns 208.67.220.220

This will ensure that clients connected via VPN using OpenDNS in order. It goes without saying that those who have a local name server are free to prefer that.

Save and close the file.
Pptpd.conf

Now edit the main configuration software. Launch

gedit /etc/pptpd.conf

Now comes the part a little more delicate. We have to choose:

• an IP address for the server’s VPN interface
• a range of IP addresses that the server will assign to the VPN client connected

To get the best results and avoid an endless series of complications, both the server address, and those that will be distributed to clients must be on the same network used by our internal LAN.

For example, we might choose for the server 192.168.0.201 and 192.168.0.202, 192.168.0.203, and so on up to 192.168.0.254 for remote computers: bring rapidly to the end of the document and enter two lines like this:

localip 192.168.0.201

remoteip 192.168.0.2-254

Save and close the file.

This stage is completed, you should ensure that the service it provides to the LAN IP addresses, in turn, does not distribute these addresses! If you performed the steps in “Help: to create a DHCP server with CentOS“, the file is already set up ready for use in an appropriate manner: to be sure, given gedit /etc/dhcpd.conf, try and check the string range reported that the value is

192.168.0.2 192.168.0.200

In this case, dhcpd will assign only the addresses from .2 to .200, .201 and leaving the next available VPN.
Chap-secrets

As a final preparation phase of the service, we must not do is specify a list of user names and passwords are allowed to connect. The individual credentials must then be communicated to clients and set in the remote PC.

Open gedit /etc/ppp/chap-secrets. To create the various accounts, add a line for each user, basing on this model:

NomeUtenteClient pptpd PasswordAssociata *

A practical example might be:

gianluigi.zanettini pptpd passwordsegreta *

pptpd mouse disneyland *

peter.parker pptpd Spiderman *

Save and close the file.
Auto-Start and start the service

Given service pptpd start in the terminal to start the service. If everything is working, will be shown an encouraging OK Green.

Set the daemon so that it auto-start each time after launching the server chkconfig pptpd on (or by checking the check box and then clicking on pptpd the Save button in System -> Administration -> Services.

How to set up a VPN server (PPTP) with CentOS

Have the resources on the local network even when you are physically out of the office is a goal within reach of any system administrator. Just a machine with CentOS, just and open source software are some tips to configure all the best.

We have already spoken several times of Technology Virtual Private Networking (VPN) and of the many advantages obtained by providing the appropriate technical infrastructure

For those who are completely empty stomach of the subject, suffice it to say that, having a VPN, the computers become able to exchange files, share printers and, more generally, access to resources as if they were part of the same local area network (LAN) even if the workstations in question are physically located miles away from each other.

This means, for example, that can be aggregated to the office LAN also the location of the house (or vice versa), or create a network “local” permanent friends, even when the computers are located in different homes.

All data is encrypted in transit, and participation in the network is limited by imposing a password: confidentiality, in short, is guaranteed.

That’s exactly what you want?

This guide is dedicated to an audience of administrators or geeks who are willing to take on a number of technical complications at the cost of achieving the goal.

There are much simpler solutions that are more suitable for the average user: the use of Hamachi, Comfortable EasyVPN, Wippien or other alternatives are generally recommended.

Create a VPN server with Windows

Throughout this article, we will see how to set up a VPN server with CentOS.

A similar result can also be reached by using a simple Windows PC: we talked at greater length in “Accept VPN (PPTP) with Windows 7 in a few clicks.”

Requirements

The only real requirement is the presence of a “super router” CentOS driving your network. Before continuing, Make sure you have prepared as detailed in “Creating a” super router “with an old PC and CentOS.”

Since the VPN server must be always reachable by clients requiring the connection, the computer must remain on (or be prepared so as to obtain a Wake-on-Internet) and connected to the worldwide network.

As usual when it comes to accepting connections from the outside, the server can not use connectivity provided by Fastweb or via UMTS / HSDPA: the masked IP system adopted by these operators in fact inhibit such a scenario.

It is necessary to perform most tasks with root privileges: for convenience, I suggest you direct access to the system with that account. If you prefer to use your user deprivilegiato, however, could be enough to launch all the controls proposed by prefixing the string sudo.
Installation

To create our VPN, we use the package pptpd / PopTop: in addition to the benefits of open source license, I chose this tool for the many competitors for the excellent compatibility with the Windows client and the linearity of the installation.

To achieve this, open a terminal window (Application -> Accessories -> Terminal) and add the key used to sign packages (for more information about this step, see “How to add and remove repositories on CentOS”

rpm - import http://poptop.sourceforge.net/yum/RPM-GPG-KEY-PPTP

Continue with adding a reference to its repository:

rpm-Uvh http://poptop.sourceforge.net/yum/stable/rhel5/pptp-release-current.noarch.rpm

Clear the cache of yum with yum clean all and finish with the installation of component:

yum install ppp pptpd-y.

Next Page

CentOS: How to set up a VPN server (PPTP) Part.2

CentOS: How to set up a VPN server (PPTP) Part.3