How to establish PPTP VPN client

connection on CENTOS/RHEL 7
Linux
22 August 2018 by Admin
This guide will discuss a procedure on how to connect/establish a VPN
connection using PPTP protocol on CentOS 7 or Redhat 7 Linux the
non-GUI way. Below you can find connection details which will be
used as an example. Replace the bellow PPTP VPN information to
align with your PPTP VPN server settings:

 Connection name: linuxconfig ( can be any descriptive

name )
 VPN connetion type: PPTP
 PPTP VPN server IP or domain: 123.123.1.1
 CHAP Username: admin
 CHAP User password: 00000000
Configuration
Let’s begin by installation of PPTP client:

# yum install pptp

In the next step we will load a connection tracking support for PPTP
module which is required in order to correctly establish PPTP VPN
connection:

# modprobe nf_conntrack_pptp

Now, we need to add CHAP credentials as provided above

into /etc/ppp/chap-secrets file:

# echo 'admin PPTP 00000000 *' >> /etc/ppp/chap-secrets

At this stage, using the above VPN connection information we need to
create peer VPN config file and save it into /etc/ppp/peers/ directory.
Enter the below code into a file called linuxconfig while replacing
VPN server IP, name and ipparam directives:

pty "pptp 123.123.1.1 --nolaunchpppd"

name admin

remotename PPTP

require-mppe-128

file /etc/ppp/options.pptp

ipparam linuxconfig

Connect to VPN PPTP

All is now ready to establish PPTP VPN connection:

# pppd call linuxconfig

Check /var/log/messages for any errors or warnings. If the PPTP VPN

connection was established correctly your should see output similar to
the one below:

Jan 7 17:55:44 localhost pppd[18960]: CHAP authentication

succeeded
Jan 7 17:55:44 localhost pptp[18961]: anon
log[decaps_gre:pptp_gre.c:427]: buffering packet 7 (expecting
6, lost or reordered)

Jan 7 17:55:44 localhost pppd[18960]: MPPE 128-bit stateless

compression enabled

Jan 7 17:55:46 localhost pppd[18960]: local IP address

192.168.100.2

Jan 7 17:55:46 localhost pppd[18960]: remote IP address

192.168.100.0

Once the VPN connection is established correctly a new network

interface will be create. Use ip to see its configuration:

# ip a s

...

3: ppp0: mtu 1396 qdisc pfifo_fast state UNKNOWN qlen 3

link/ppp

inet 192.168.100.2 peer 192.168.100.0/32 scope global

ppp0

valid_lft forever preferred_lft forever

Disconnect from VPN PPTP

To disconnect VPN PPTP connection simply gracefully
kill pppd daemon by using the below command:

# pkill pppd

Following the logs we can see that pppd module exited gracefully:

Jan 7 18:00:21 localhost systemd: Started Network Manager

Script Dispatcher Service.
 Jan 7 18:00:21 localhost nm-dispatcher: Dispatching action
'down' for ppp0

Jan 7 18:00:21 localhost pppd[18960]: Exit

Troubleshooting
If you receive a below error message when following
a /var/log/messages log:

pppd[32087]: LCP: timeout sending Config-Requests

You are missing a loadable module nf_conntrack_pptp. Load this

module using a following linux command:

# modprobe nf_conntrack_pptp

3 (679 votes)

 Add new comment

Recently i faced the problem of connecting two LANs using PPTP and an
intermediate PPTP server. I had to use this approach  because the network setup
was such that none of the LAN routers (DD-WRT) could contact the other but both
could contact an intermediate server.
In order to achieve this PPTP clients must be always assigned the same IP and
when connected, routes to each LAN must be added to the routing table of the
intermediate server.

Network setup

Network name IP range

LAN 1 172.16.3.64/26

LAN 2 172.16.3.128/26

PPTP Server network 172.16.4.0/24

 
PPTP Clients and server

I installed a PPTP server on a CentOS server using this HOWTO and i assigned

static IPs for the two routers. To assign static IPs on PPTP clients you must enter
the desired IP in the chap-secrets file.
chap-secrets file on the intermediate server:

# Secrets for authentication using CHAP

# client server secret IP addresses

LAN1 * LAN1pass 172.16.4.200

LAN2 * LAN2pass 172.16.4.201

This way each client (router) gets always the same IP. Make sure that these static
IPs are not in the PPTP client IP range.
Then setup DD-WRT PPTP clients to connect to the intermediate server:

Server IP or DNS Name

intermediate.example.com

Remote Subnet

172.16.4.0

Remote Subnet Mask

255.255.255.0

MPPE Encryption

mppe required,no40,no56,stateless

The final step is to add a route to each router's LAN when it connects.
There is a file for running commands when PPP goes up or down. On CentOS it is
located at /etc/ppp/ip-up.local or /etc/ppp/ip-up
Adding the following lines does the trick:

#!/bin/bash

case "$5" in
        172.16.4.200)
                /sbin/route add -net 172.16.3.64/26 gw 172.16.4.200
                ;;
        172.16.4.201)
                /sbin/route add -net 172.16.3.128/26 gw 172.16.4.201
                ;;
        *)
esac

Make the script executable: chmod 755 ip-up.local

Arguments available in ip-up and ip-up.local scripts

Argument Description

$1 the interface name used by pppd (e.g. ppp3)

$2 the tty device name

$3 the tty device speed

$4 the local IP address for the interface

$5 the remote IP address

$6 the current IP address before connecting to the VPN

abrir puerto para pptp linux centos

firewall-cmd --permanent --new-service=pptp

cat >/etc/firewalld/services/pptp.xml<<EOF

<?xml version="1.0" encoding="utf-8"?>

<service>

<port protocol="tcp" port="1723"/>

</service>

EOF

firewall-cmd --permanent --zone=public --add-service=pptp

firewall-cmd --permanent --zone=public --add-masquerade

firewall-cmd --permanent --zone=public --add-protocol=gre

firewall-cmd --reload

sudo modprobe nf_nat_pptp

sudo modprobe nf_conntrack_pptp

sudo modprobe nf_conntrack_proto_gre