• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.
  • The forums have been upgraded with support for dark mode. By default it will follow the setting on your system/browser. You may override it by scrolling to the end of the page and clicking the gears icon.

PPTP VPN

Easy Rhino

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,688 (2.32/day)
Location
Mid-Atlantic
System Specs
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software Fedora KDE Spin
I just installed and configured a PPTP VPN on a Centos 6 VM and it works very well.

You will need ppp and pptpd installed as well as "Development Tools"

You will need to ensure ip_forwarding is enabled in sysctl.conf

You will want to add the appropriate iptables rules for port 1723.

Finally will want to set your IP range for tunneling, point to googles DNS (optional) and add usernames/password.

I highly recommend this if you are like me and like to VPN using wireless from an untrusted location.
 
But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?
 
McSteel said:
But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?
Click to expand...

Here are the firewall rules

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v
 
Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu
 
McSteel said:
Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu
Click to expand...

Good to know because I added traffic control logic through qdisc to throttle bandwidth on the VM.
 
You must log in or register to reply here.
Back
Top