1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

PPTP VPN

Discussion in 'Linux / BSD / Mac OS X' started by Easy Rhino, Mar 24, 2014.

  1. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,541 (4.57/day)
    Thanks Received:
    3,381
    I just installed and configured a PPTP VPN on a Centos 6 VM and it works very well.

    You will need ppp and pptpd installed as well as "Development Tools"

    You will need to ensure ip_forwarding is enabled in sysctl.conf

    You will want to add the appropriate iptables rules for port 1723.

    Finally will want to set your IP range for tunneling, point to googles DNS (optional) and add usernames/password.

    I highly recommend this if you are like me and like to VPN using wireless from an untrusted location.
     
    Crunching for Team TPU
  2. McSteel

    McSteel

    Joined:
    Nov 19, 2012
    Messages:
    654 (0.86/day)
    Thanks Received:
    318
    But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?
     
  3. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,541 (4.57/day)
    Thanks Received:
    3,381
    Here are the firewall rules

    #!/bin/bash
    /sbin/iptables -F
    /sbin/iptables -P INPUT DROP
    /sbin/iptables -P OUTPUT ACCEPT
    /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    /sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
    /sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
    /sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
    /sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
    /sbin/iptables -A INPUT -p icmp -j ACCEPT
    /sbin/iptables -A INPUT -i lo -j ACCEPT
    /sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    /sbin/service iptables save
    /sbin/iptables -L -v
     
    Crunching for Team TPU
  4. McSteel

    McSteel

    Joined:
    Nov 19, 2012
    Messages:
    654 (0.86/day)
    Thanks Received:
    318
    Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:

    iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu
     
    Easy Rhino says thanks.
  5. Easy Rhino

    Easy Rhino Linux Advocate

    Joined:
    Nov 13, 2006
    Messages:
    13,541 (4.57/day)
    Thanks Received:
    3,381
    Good to know because I added traffic control logic through qdisc to throttle bandwidth on the VM.
     
    Crunching for Team TPU

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)

Share This Page