• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

PPTP VPN

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,414 (3.53/day)
Likes
4,275
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#1
I just installed and configured a PPTP VPN on a Centos 6 VM and it works very well.

You will need ppp and pptpd installed as well as "Development Tools"

You will need to ensure ip_forwarding is enabled in sysctl.conf

You will want to add the appropriate iptables rules for port 1723.

Finally will want to set your IP range for tunneling, point to googles DNS (optional) and add usernames/password.

I highly recommend this if you are like me and like to VPN using wireless from an untrusted location.
 
Joined
Nov 19, 2012
Messages
750 (0.40/day)
Likes
430
System Name Chaos
Processor Intel Core i5 4590K @ 4.0 GHz
Motherboard MSI Z97 MPower MAX AC
Cooling Arctic Cooling Freezer i30 + MX4
Memory 2x4 GB Kingston HyperX Beast 2400 GT/s CL11
Video Card(s) Sapphire HD7950 Vapor X, 800/1400 @ 1.075V/1.45V
Storage 256GB Samsung 840 Pro SSD + 1 TB WD Green (Idle timer off) + 320 GB WD Blue
Display(s) Dell U2515H
Case Fractal Design Define R3
Audio Device(s) Onboard
Power Supply Seasonic SS-380GB
Mouse CM Storm Recon
Keyboard CM Storm Quickfire Pro (MX Red)
#2
But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,414 (3.53/day)
Likes
4,275
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#3
But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?
Here are the firewall rules

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v
 
Joined
Nov 19, 2012
Messages
750 (0.40/day)
Likes
430
System Name Chaos
Processor Intel Core i5 4590K @ 4.0 GHz
Motherboard MSI Z97 MPower MAX AC
Cooling Arctic Cooling Freezer i30 + MX4
Memory 2x4 GB Kingston HyperX Beast 2400 GT/s CL11
Video Card(s) Sapphire HD7950 Vapor X, 800/1400 @ 1.075V/1.45V
Storage 256GB Samsung 840 Pro SSD + 1 TB WD Green (Idle timer off) + 320 GB WD Blue
Display(s) Dell U2515H
Case Fractal Design Define R3
Audio Device(s) Onboard
Power Supply Seasonic SS-380GB
Mouse CM Storm Recon
Keyboard CM Storm Quickfire Pro (MX Red)
#4
Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu
 

Easy Rhino

Linux Advocate
Joined
Nov 13, 2006
Messages
14,414 (3.53/day)
Likes
4,275
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 |Corsair mForce nvme 250G
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Posiden Z RGB Cherry MX Brown
Software Centos 7 | Windows 10
#5
Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu
Good to know because I added traffic control logic through qdisc to throttle bandwidth on the VM.