How to Create a PPTP VPN Server on CentOS 6.x on a VPS to get an American IP Address

I am currently living in Canada which already has a lot of great internet services, but some over-the-top services require me to be in the US or have a US IP address to access. There are a couple of ways to do this, and in this tutorial, we will show one of the simpler ways of passing all your traffic through a PPTP VPN tunnel from your current location to a server in the US. PPTP stands for Point-to-Point-Tunnelling-Protocol and has been around since 1999. It is quite easy to setup and compatible with a lot of devices and operating systems on the market today.

Prerequisites

  • VPS (Virtual Private Server) located the US (We’re using Digital Ocean CentOS 6.x for ours)

1. Install PPTP On Your VPS

  • Log onto your VPS and install pptpd via yum

[[email protected] ~]# yum install pptpd -y

2. Modify IP Settings in pptpd.conf

  • Modify the following file /etc/pptpd.conf and add the following at the bottom
  • localip is the IP that will be assigned for your VPS, remoteip is the IP address block that will be given out to each client

localip 192.168.100.1
remoteip 192.168.100.100-125

3. Add User Accounts

  • Modify /etc/ppp/chap-secrets and add users that can authenticate to the pptp server
  • In this configuration, the username and password ryau/ryau is able to connect from all IP addresses and all servers

# Secrets for authentication using CHAP
# clientserversecret                  IP addresses
ryau * ryau *

4. Add DNS Servers

  • Modify /etc/ppp/options.pptpd and uncomment and edit the following lines:

ms-dns 8.8.8.8
ms-dns 4.2.2.2

5. Allow Network Forwarding in Linux

  • Modify /etc/sysctl.conf and change the following line

net.ipv4.ip_forward = 1

  • Save and execute the following to apply changes

[[email protected] ~]# sysctl -p

6. Configure IPTables

  • Enter in the following to add to your iptables

[[email protected] ~]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[[email protected] ~]# iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
[[email protected] ~]# service iptables save

  • Check your IPTables to configuration. Double check to see if service iptables save wiped out your iptables entries, if they did then just re-add them. =)

[[email protected] ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
numtarget prot opt source destination
1    ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0           tcp dpt:1723
Chain FORWARD (policy ACCEPT)
numtarget prot opt source destination
Chain OUTPUT (policy ACCEPT)
numtarget prot opt source destination
Table: nat
Chain PREROUTING (policy ACCEPT)
numtarget prot opt source destination
Chain POSTROUTING (policy ACCEPT)
numtarget prot opt source destination
1    MASQUERADE  all  —  0.0.0.0/0            0.0.0.0/0  
Chain OUTPUT (policy ACCEPT)
numtarget prot opt source destination

7. Restart PPTPD and Test

  • Restart PPTPD service

[[email protected] ~] service pptpd start

  • Use any PPTP client device (such as OSX, Windows, Android, iOS) and connect to your PPTP server with your credentials in step 3. Do a quick www.whatismyipaddress.com to check to see if your device has your VPS’s IP Address.

Leave a Comment