Month: January 2016

PPTPD VPN server installation and configuration

This howto describes the steps in how to setup a PPTP VPN on Centos, Fedora, Debian, and Ubuntu with basic RSA authentication.

Before the installation make sure to have your Yum repos updated with the Epel repos.

CentOS and Red Hat Enterprise Linux 5.x

 wget http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm && sudo rpm -Uvh epel-release-5*.rpm

CentOS and Red Hat Enterprise Linux 6.x

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm && sudo rpm -Uvh epel-release-6*.rpm

CentOS and Red Hat Enterprise Linux 7.x

 wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm && sudo rpm -Uvh epel-release-7*.rpm

Step 1. Install PPTPD

CentOS/RedHat 5:

yum install pptpd.x86_64 -y

CentOS/RedHat 6:

yum install pptpd.x86_64 -y

Fedora 20:

yum install pptpd.x86_64 -y

Ubuntu/Debian:

apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

echo > /etc/pptpd.conf

paste the following content into the pptpd.conf file

 

#start of custom file
#logwtmp
option /etc/ppp/options.pptpd
localip 192.168.0.1   # local vpn IP 
remoteip 192.168.0.100-200  # ip range for connections
listen 23.216.x.x # eth0 my example public IP and network interface
#end of custom file

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets

usernameForuser1 *  setpassword1here  *

usernameForuser2 *  setpassword2here  *

Step 4. Optional settings in /etc/ppp/options.pptpd

echo > /etc/ppp/options.pptpd

Paste the following to your options.pptp

 

#custom settings for a simple fast pptp server
ms-dns 8.8.8.8
ms-dns 4.2.2.2
lock
name pptpd
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
 require-mppe-128

 

Step 5. Enable network forwarding in /etc/sysctl.conf

vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

use the following command to apply the change:

sysctl -p

Step 6. Configure firewall (don’t skip this step even if you have firewall disabled.)

# sudo nano /etc/rc.local
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp –syn -s 192.168.0.0/24 -j TCPMSS –set-mss 1356

Step 7. Start PPTP VPN server

Fedora/Debian:

service pptpd restart

Centos/Fedora:
/etc/init.d/pptpd restart-kill && /etc/init.d/pptpd start

Note: To avoid starting pptp on every reboot you can automated by running chkconfig pptp on

 

The log of the VPN server, by default, is combined with system log located at /var/log/messages.

Source: https://www.photonvps.com/billing/knowledgebase.php?action=displayarticle&id=58

SSH tunnelling – TCP port forward from local dev to public facing ssh server

A little bg story: I’m writing a rails app, which is hosted inside the corporate network, and no incoming traffic is permitted. I need to expose the internal port 3000 to the public.

Short answer: SSH forwarding.

$ ssh -R 3000:localhost:3000 [email protected]

For some reason, the forwarding only works when I set both the local and remote port as 3000.

There is one more thing you need to do to enable this. SSH doesn’t by default allow remote hosts to forwarded ports. To enable this open /etc/ssh/sshd_config and add the following line somewhere in that config file.

GatewayPorts yes

Make sure you add it only once!

$ sudo vim /etc/ssh/sshd_config

And restart SSH

$ sudo service ssh restart

Source:
http://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding