ppp & pptpd installation on cpanel
A very basic VPN protocol based on PPP. PPTP was the first VPN protocol supported on the Microsoft Windows platform. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality.
Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.
OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.
Please refer the following article about PPTP vs L2TP vs OpenVPN.
Install ppp & pptpd on your cpanel server.
ppp and poptop should be need to install the VPN server.
yum install ppp
Goto http://poptop.sourceforge.net/yum/stable/ and download pptpd rpm as per your OS architecture.
wget http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/pptpd-1.3.4-2.el6.x86_64.rpm rpm -ivh pptpd-1.3.4-2.el6.x86_64.rpm
Open your pptpd.conf configuration file after installation completed.
End of the file add the following entries
localip 10.22.222.1 remoteip 10.22.222.22-122
Local IP will be assigned to the ppp interface, and the Remote IP range is the range of IPs that will be assigned to VPN clients.
Next open the /etc/ppp/options.pptpd file
Go to the ms-dns lines, add google DNS or your ISPs DNS servers.
ms-dns 126.96.36.199 ms-dns 188.8.131.52
open the file /etc/ppp/chap-secrets to add some users
client server secret IP addresses vpnuser1 pptpd randompass1 * vpnuser2 pptpd randompass2 *
Change vpnuserX and randompassX to anything you like. Also if your clients have a static IP you can enter it instead of the * so that the particular VPN user will only be able to login from the specified IP.
Enable IP forwarding
net.ipv4.ip_forward. Set it to 1
Update the following configuration in your CSF firewall /etc/csf.
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i eth0 -p gre -j ACCEPT iptables -A OUTPUT -p gre -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT
service pptpd stop service pptpd start
Restart CSF firewall.