# PPTP VPN



## Easy Rhino (Mar 24, 2014)

I just installed and configured a PPTP VPN on a Centos 6 VM and it works very well.

You will need ppp and pptpd installed as well as "Development Tools"

You will need to ensure ip_forwarding is enabled in sysctl.conf

You will want to add the appropriate iptables rules for port 1723. 

Finally will want to set your IP range for tunneling, point to googles DNS (optional)  and add usernames/password. 

I highly recommend this if you are like me and like to VPN using wireless from an untrusted location.


----------



## McSteel (Mar 24, 2014)

But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?


----------



## Easy Rhino (Mar 24, 2014)

McSteel said:


> But will it properly change MSS to compensate for the overhead? Or does it have to be set manually in the forward chain of the firewall?



Here are the firewall rules

#!/bin/bash
/sbin/iptables -F
/sbin/iptables -P INPUT DROP
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
/sbin/iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
/sbin/iptables -A INPUT -i eth0 -p gre -j ACCEPT
/sbin/iptables -A INPUT -p icmp -j ACCEPT
/sbin/iptables -A INPUT -i lo -j ACCEPT
/sbin/iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
/sbin/service iptables save
/sbin/iptables -L -v


----------



## McSteel (Mar 24, 2014)

Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:

iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu


----------



## Easy Rhino (Mar 24, 2014)

McSteel said:


> Hm. Well, anyway, if a problem appears like broken connections and semi-working browsing or troubles with sending large files, the following should be added:
> 
> iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o ppp+ -j TCPMSS --clamp-mss-to-pmtu



Good to know because I added traffic control logic through qdisc to throttle bandwidth on the VM.


----------

