Snappy

Helpdesk Support

Official Supportmonk Company Blog!

OpenVPN using PPTPD on OPenVZ

October 20, 2015 , 1:15 pm


Add PPP Kernel Support To OpenVZ Containers

On MainNode

1. Enabling PPP Kernel Modules On The Host

 modprobe tun
modprobe ppp-compress-18
modprobe ppp_mppe
modprobe ppp_deflate
modprobe ppp_async
modprobe pppoatm
modprobe ppp_generic

2. Get the CTID for the openVZ Container  and execute the following steps

  vzctl stop 101
vzctl set 101 –features ppp:on –save
vzctl start 101
vzctl set 101 –devices c:108:0:rw –save
vzctl exec 101 mknod /dev/ppp c 108 0
vzctl exec 101 chmod 600 /dev/ppp

Install VPN using PPTPD

1. Install PPTPD

  yum install pppcd
or
apt-get install pptpd
or
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
rpm -Uhv pptpd-1.3.4-2.rhel5.x86_64.rpm

2. Edit IP setttings in /etc/pptpd.conf

     vi /etc/pptpd.conf
localip 10.22.22.1
remoteip 10.22.22.22-222

3. Add user account in/etc/ppp/chap-secrets  

    vi /etc/ppp/chap-secrets
user1 pptpd p@ss1 *
user2 pptpd p@ss2 *

4. Optional settings in /etc/ppp/options.pptpd

vi /etc/ppp/options.pptpd
msdns 8.8.8.8
msdns 4.4.4.4

5. Enable network forwarding in /etc/sysctl.conf

 vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p

6. Configure firewall

iptables -A INPUT –i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT –i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD –i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD –i eth0 -o ppp+ -j ACCEPT

iptables -P FORWARD ACCEPT
service iptables save
service iptables restart

If you are using CSF firewall, then Config CSF Firewall

How to configure CSF firewall?

    1. Create File csfpre.sh

vi /etc/csf/csfpre.sh

iptables -A INPUT –i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT –i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD –i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD –i eth0 -o ppp+ -j ACCEPT

iptables -P FORWARD ACCEPT

 2. chmod 777 /etc/csf/csfpre.sh

3. Create File csfpost.sh

vi /etc/csf/csfpost.sh

service pptpd stop

service pptpd start

4. chmod 777 /etc/csf/csfpost.sh

 

7. Restart CSF

8. Start VPN

service pptpd restart
chkconfig pptpd on

Outsourced Customer Support