Hot to Create and Setup a PPTP VPN on CentOS, Redhat, and Debian/Ubuntu Based Servers

                   Step 1. Install PPP (CentOS/Redhat)

Use YUM to download and install PPP. 

Code:

yum install ppp
[code]

Now CD to the /usr/local/src folder and download the pptpd rpm. Then install it.
[code]
cd /usr/local/src

wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm

rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

Note: I searched for the newest version of PPTPD el6 in:
http://poptop.sourceforge.net/yum/stable/packages/

Now, you should probably add the PPTPD service to startup so you don't have to start it again every time you turn off the VPS.

(Re)start the pptpd service.

Code:

service pptpd restart

I'm NOT familiar with CentOS so I'm not 100% sure on the command here. You may want to check this and please tell me if I'm wrong so I can update it.

Command:

Code:

chkconfig pptpd on

From here on out, CentOS, RedHat, Ubuntu server an anything Debian based have the same steps so skip to step #2

Step 1. Install PPTPD (Ubuntu / Debian Based)

This is much simpler than CentOS which is still pretty damn simple imo. 

Code:

sudo apt-get install pptpd

Hit Y to accept, and let it install :D

Now start the service 

Code:

service pptpd start
[/cide]

And add it to startup
[code]
update-rc.d pptpd enable

And from here all the steps are the same as the other OSes I'm covering. 

                      Step 2. Config. Yeah, config.

Okay, you're going to need to know your IP (local) so ill use a standard class c: 192.168.1.1

Edit the conf file with your choice of editor. I'm using nano since I've been using it forever. 

Code:

nano /etc/pptpd.conf

We need to add OUR ip and the range of IPS (number of people allowed on our network. I'll do 250 c:

In pptpd.conf:

Code:

localip 192.168.1.1
remoteip 192.168.1.2-252

Now exit nano if that's what you're using this pseudo code:

Code:

ctrl + x
'Y'
[enter]

Now we are going to prevent DNS leaks by adding public DNS servers. Any group will do:

Google: 8.8.8.8 8.8.4.4

OpenDNS:
Edit the pop confit file:

Code:

nano /etc/ppp/options.pptpd

Find the lines called 'ms-dns' if they exist, and if not, add them.
I'm going to use google's because they're reliable and free c:

Code:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Okay, last thing. Now we have to enable IP forwarding. I'll again be using nano. 

Code:

nano /etc/sysctl.conf

Find the line with:
net.ipv4.ip_forward = 0
And change it to:
net.ipv4.ip_forward = 1
Then update it by running:

Code:

sysctl -p

And that should be it for config :D unless you count the iptables firewall as config. In that case, we're almost done c:

                Step 3. Add iptables 'Firewall' Rules

Fuck this. iptables is one of the most confusing tools if you haven't taken a week out of your life to master it.
At any rate, well be adding some rules for our iptables. My interface is eth0 but if yours is different obviously use that. 

Code:

iptables --flush
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT

Woo.
Now save and restart the iptables service. 

Code:

service iptables save && service iptables restart

                        Step 4. Adding Users and Cleanup

Adding users is very easy with PPTP VPNs. The passwords are NOT stored as hashes or encrypted at all. However also note that the protocol connection itself is encrypted with 128 bits.
So here's the file with the accounts. Here is the setup we use to allow it to get the next available IP:
username [tab] * [tab] password [tab] *

Code:

goodies  *  myPassWord  *
public  *  *  *

Tutorial by Goodies. I Hope You Enjoyed!