edit-icon download-icon

How to configure PPTP VPN service on ECS CentOS 6

Last Updated: Dec 24, 2018

Use of the PPTP service poses security risks. For more information, click here. The following description of configuring PPTP VPN in CentOS is only for your reference. Perform operations based on your actual needs and with consideration of the resulting impact and problems.


Configure the PPTP server

Install software

  1. Run the yum install -y ppp pptpd command to install the software.


Configure pptpd files

  1. Open the configuration file vi /etc/pptpd.conf and delete # before the following two command lines. Save and exit.

    1. #localip
    2. #remoteip


    Note: localip is the IP address of the VPN gateway and remoteip is the IP address segment obtained by VPN dialup. You can make adjustment according to your needs.

  2. Open the configuration file vi /etc/ppp/options.pptpd and delete # before the following two command lines. Save and exit.

    1. #ms-dns
    2. #ms-dns


    Note: and are the public DNS service addresses of Alibaba Cloud. You can change them to other public DNS service addresses according to your needs.

  3. Run the vi /etc/ppp/chap-secrets command to set the pptpd user name and password, as shown in the following figure.

    1. # Secrets for authentication using CHAP
    2. # client server secret IP addresses
  4. Add accounts according to your needs. Only one account can be added to each line. Each account must be added in the format of “user name” “pptpd” “password” “IP address”, where each item is separated by a space. Save and exit. See the following example: test pptpd 123456


  5. Add ifconfig ppp0 mtu 1472 to the following command line to set the maximum transmission unit (MTU). See the following figure.

    1. /etc/ppp/ip-up. ipv6to4 ${LOGDEVICE}
    2. [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"


Modify the kernel settings

  1. Open the vi /etc/sysctl.conf configuration file, change net.ipv4.ip_forward=0 to net.ipv4.ip_forward=1, save and exit. Then run the sysctl -p command to make the modification effective.


  2. Add iptables forwarding rules.

    1. iptables -t nat -A POSTROUTING -s -j MASQUERADE
  3. Run the following commands to save the settings and restart the firewall:

    1. /etc/init.d/iptables save
    2. /etc/init.d/iptables restart


Configure the PPTP service

  1. Run the /etc/init.d/pptpd restart command to restart the PPTP service.

    Note: Because PPTP has not yet started running, the message “Shutting down pptpd [FAILED]” is prompted and an alarm is generated when you run the /etc/init.d/pptpd restart command to restart the PPTP service. You can ignore the message and alarm and run the preceding command again. Then the message and alarm will disappear.


  2. Run the following command to make pptpd and iptables autorun:

    1. chkconfig pptpd on
    2. chkconfig iptables on

The PPTP VPN server is successfully installed. Go to the Network and Sharing Center to set a new connection or network. Then you can access a network by a VPN connection.

Configure the CentOS PPTP VPN client

  1. Run the yum install -y ppp pptp pptp-setup command to install the software package.



  2. Run the following command to connect to the VPN server:

    pptpsetup --create test --server IP--username (user name) --password (password) --encrypt --start

    Note: Enter the actual IP address, user name, and password used to log on to the VPN server.


  3. When the system prompts that the client address has been allocated, run the ifconfig command to display the ppp0 network adapter.


  4. Run the ip route replace default dev ppp0 command to add the default route.


After the default route is successfully added, you can access the Internet.


The browser cannot open the web page

  • Symptom: The PPTP VPN can be connected and the website domain is pingable, but no web page can be opened in the browser.


  • Analysis: The MTU setting is incorrect.

  • Solution A: Run the ifconfig ppp0 mtu 1472 command on the CentOS server with VPN configured.


    Note: Solution A only takes effect temporarily. To fix the problem once and for all, see Solution B.

  • Solution B:

    1. Add ifconfig ppp0 mtu 1472 to the /etc/ppp/ip-up file.

      1. $ vi /etc/ppp/ip-up
      2. ......
      3. [ -x /etc/ppp/ip-up.local ] && /etc/ppp/ip-up.local "$@"


    2. Click Control Panel > Network > Network and Sharing Center to test the troubleshooting results.

The obtained IP address is incorrect

  • Symptom: The client successfully connects to VPN but the obtained IP address is incorrect. The obtained IP address is not the one allocated by the VPN server but is the IP address of the intranet adapter of ECS, see the following figure:


  • Analysis: When this problem occurs, follow these steps for troubleshooting (assume that the VPN client is named as testvpn):

  • Solution:

    1. Add the noipdefault parameter to the /etc/ppp/peers/testvpn configuration file on the ppp client.


    2. Run the following commands to restart the client. The correct IP address can be obtained after VPN is successfully reconnected.

      1. poff testvpn
      2. pon testvpn

      Note: When the client restarts, the noipdefault parameter may be overwritten by parameters transferred from the server. If this problem occurs, check the server configuration.

You can log on to Alibaba Cloud community for free consultation, or contact Alibaba Cloud Marketplace sellers for help.

Thank you! We've received your feedback.