The point to point Tunneling protocol is a method for implementing virtual private networks(VPN). The main advantages are it is compatible with most of the mobile devices and it uses less CPU resources. It is not much secure comparing to OpenVPN.
1) PPTP Installation
On Ubuntu:
$ apt-get install pptpd
On CentOS:
$ rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
$ yum -y install pptpd
The configuration examples can be found in the /usr/share/doc/pptpd directory. The configuartion file is /etc/pptpd.conf . The sample configuration may look like:
# See man pptpd.conf to get more information about this file
# pppd options file. By default, /etc/ppp/options is used
option /etc/ppp/options.pptpd
# Server IP in local network
localip 192.168.1.2
# IP address ranges used to assign IPs to new connecting clients
# Here we define two ranges for our 192.168.1.* subnet: 234-238 and 245
remoteip 192.168.1.234-238,192.168.1.245
2) Add localip and remoteip
Edit /etc/pptpd.conf file and add the following details:
$ vi /etc/pptpd.conf
localip 10.20.0.1
remoteip 10.20.1.100-200 #100 clients
The localip should be your IP address of the server and remoteip is your clients IP that connect to it.
3) Add DNS server in /etc/ppp/pptpd-options
$ vi /etc/ppp/pptpd-options
ms-dns 8.8.8.8
ms-dns 4.2.2.2
4) Setup user account with authentication
Edit /etc/ppp/chap-secrets and add the following details:
$ vi /etc/ppp/chap-secrets
user1 pptpd password1 10.20.1.100
user2 pptpd password2 10.20.1.101
user3 pptpd password3 10.20.1.200
Add all clients with fixed ip addresses (change user1, user2… and password1, password2,.. according to your preference)
5) Enable IP Forwarding
$ sysctl -w net.ipv4.ip_forward=1
or
$ echo 1 > /proc/sys/net/ipv4/ip_forward
Restart sysctl to enable the changes made
$ sysctl -p /etc/sysctl.conf
6) Configure iptables for forwarding
$ iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE $ iptables -I INPUT -s 10.20.0.0/16 -i ppp0 -j ACCEPT $ iptables --append FORWARD --in-interface eth0 -j ACCEPT $ service iptables save
To makes changes effective, restart PPTP daemon
$ service pptpd restart