This tutorial will show you how to easily install and configure a PPTP VPN server on a cPanel (RHEL/CentOS) server. A VPN server can be used to access geographically restricted websites if your cPanel server is located in a non-restricted country. Also you can use it to encrypt your data connection between your computer and cPanel server if for example you’re connected to a public WiFi hotspot and want to visit your web-banking account.
ppp & pptpd installation and configuration
The two packages needed to setup the VPN server are
To install ppp:
yum install ppp
To install poptop:
Go to http://poptop.sourceforge.net/yum/stable/, select
x86_64 depending on which RHEL/CentOS release/architecture you have running on your cPanel server, and copy the URL to the pptpd rpm. In my case I was running CentOS 5.6 x64 so I used
wget http://poptop.sourceforge.net/yum/stable/rhel5/x86_64/pptpd-1.3.4-2.rhel5.x86_64.rpm rpm -ivh pptpd-1.3.4-2.rhel5.x86_64.rpm
When poptop has finished installing, open the file /etc/pptpd.conf for editing. I use nano.
Using Ctrl + V go to the end of the file, and add the following two lines:
localip 10.22.222.1 remoteip 10.22.222.22-122
Local IP will be assigned to the ppp interface, and the Remote IP range is the range of IPs that will be assigned to VPN clients. Be creative and use private IPs that most probable won’t conflict with any other IPs if you’re in an Internet Cafe, or an airport WiFi. A list of possible IPs to use as well as some more info about numbering private subnets can be found at the OpenVPN documentation here.
Next open the
/etc/ppp/options.pptpd file for editing.
Go to the ms-dns lines, add a set of DNS servers below like this
ms-dns 184.108.40.206 ms-dns 220.127.116.11
and save/close the file. In my case I used Google DNS, but you can use anything you like ie. OpenDNS or your ISPs DNS servers.
Finally open the file
/etc/ppp/chap-secrets to add some users.
Here’s a sample:
# Secrets for authentication using CHAP # client server secret IP addresses vpnuser1 pptpd randompass1 * vpnuser2 pptpd randompass2 *
Just change vpnuserX and randompassX to anything you like. Also if your clients have a static IP you can enter it instead of the * so that the particular VPN user will only be able to login from the specified IP.
Since you’re running cPanel, you’re most probably running csf. But before we get into the csf configuration, we first need to enable IP forwarding. So open
/etc/sysctl.conf and at the very first lines you will see the parameter
net.ipv4.ip_forward. Set it to
1, save the file, and run
sysctl -p to apply the changes.
Now for the csf configuration, we will make use of two files that csf invokes before and after it runs. The two files are called
csfpost.sh and are located in
/etc/csf. If they don’t exist we’ll just go ahead and create them.
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT iptables -A OUTPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
service pptpd stop service pptpd start
Finally restart csf to apply the above rules and start the pptpd service.
Setting up the client
Setting up a PPTP VPN connection is beyond the scope of this HOWTO, but you can read an excellent and comprehensive guide from Paul Stamatiou (@stammy) here. Paul has written step by step instructions on how to setup a PPTP VPN connection on Mac OS X, Windows 7 and Ubuntu. Just remember to use your own VPN server’s IP instead of his ones.