Snappy

Helpdesk Support

Official Supportmonk Company Blog!

OpenVPN using PPTPD on OPenVZ

October 20, 2015 , 1:15 pm


Add PPP Kernel Support To OpenVZ Containers

On MainNode

1. Enabling PPP Kernel Modules On The Host

 modprobe tun
modprobe ppp-compress-18
modprobe ppp_mppe
modprobe ppp_deflate
modprobe ppp_async
modprobe pppoatm
modprobe ppp_generic

2. Get the CTID for the openVZ Container  and execute the following steps

  vzctl stop 101
vzctl set 101 –features ppp:on –save
vzctl start 101
vzctl set 101 –devices c:108:0:rw –save
vzctl exec 101 mknod /dev/ppp c 108 0
vzctl exec 101 chmod 600 /dev/ppp

Install VPN using PPTPD

1. Install PPTPD

  yum install pppcd
or
apt-get install pptpd
or
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
rpm -Uhv pptpd-1.3.4-2.rhel5.x86_64.rpm

2. Edit IP setttings in /etc/pptpd.conf

     vi /etc/pptpd.conf
localip 10.22.22.1
remoteip 10.22.22.22-222

3. Add user account in/etc/ppp/chap-secrets  

    vi /etc/ppp/chap-secrets
user1 pptpd p@ss1 *
user2 pptpd p@ss2 *

4. Optional settings in /etc/ppp/options.pptpd

vi /etc/ppp/options.pptpd
msdns 8.8.8.8
msdns 4.4.4.4

5. Enable network forwarding in /etc/sysctl.conf

 vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p

6. Configure firewall

iptables -A INPUT –i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT –i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD –i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD –i eth0 -o ppp+ -j ACCEPT

iptables -P FORWARD ACCEPT
service iptables save
service iptables restart

If you are using CSF firewall, then Config CSF Firewall

How to configure CSF firewall?

    1. Create File csfpre.sh

vi /etc/csf/csfpre.sh

iptables -A INPUT –i eth0 -p tcp –dport 1723 -j ACCEPT
iptables -A INPUT –i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD –i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD –i eth0 -o ppp+ -j ACCEPT

iptables -P FORWARD ACCEPT

 2. chmod 777 /etc/csf/csfpre.sh

3. Create File csfpost.sh

vi /etc/csf/csfpost.sh

service pptpd stop

service pptpd start

4. chmod 777 /etc/csf/csfpost.sh

 

7. Restart CSF

8. Start VPN

service pptpd restart
chkconfig pptpd on

Envelope Icon

Get Updates Your Email!

Subscribe to Supportmonk and receive blog posts to your email!

Subscribe Via Email

SupportMonk on Facebook


Outsourced Customer Support