How to Install Poptop VPN Server on CentOS 7

Continuing the VPN series, today we cover Poptop, or pptpd. It is easier to configure than other VPN software, but MS-CHAP-v2 encryption that it uses is not really secure, as we come to expect from Microsoft software. Nevertheless I have experienced situations where Poptop succeeds where other VPN  like OpenVPN and Softether fail, so this article might be useful to some people.

So lets tstart, poptop is in epel repository, so we will add it and install ptppd package.

yum -y install epel-release
yum -y install ppp pptpd net-tools iptables-services

Next we need to configure it. Easiest way is to backup old configuration file and just paste new one which I will provide in the article. So lets do just that.

mv  /etc/pptpd.conf /etc/pptpd.conf.orig

echo 'option /etc/ppp/options.pptpd
remoteip' > /etc/pptpd.conf

This means that your poptop interface will be and the clients will get assigned private ip on the same subnet, from 2 trough 254. Public IP will off course be same as server's, that is why we are running the VPN.

Next we get to the to the options.pptpd file which might or might not exist, but anyways we will create it. Off course we will first backup it if exists.

mv -f /etc/ppp/options.pptpd /etc/ppp/options.pptpd.orig

echo 'name pptpd
ms-dns' > /etc/ppp/options.pptpd

You can have many accounts and there is setting to limit the number, but we will add just one for testing, with username linoxide and password linoxide:

mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.orig

echo 'linoxide pptpd linoxide *' > /etc/ppp/chap-secrets

The asterisk means that user can be connected from any ip which is useful if you are going to connect from different devices and computers. If you want to bind account to one ip, you can type that ip there instead of *. If you want one more account, repeate the previous comand, only this time use >> instead > because we want to append rather than overwrite entire file. So something like this

echo 'geek pptpd geek *' >> /etc/ppp/chap-secrets

So there you go, we actually have two users now. Next we need to setup forwarding, so those next two lines are for that:

echo net.ipv4.ip_forward = 1 >> /etc/sysctl.conf

sysctl -p

Next lets just disable firewalls to keep things simple:

systemctl stop firewalld.service
systemctl disable firewalld.service
service iptables save
service iptables stop
chkconfig iptables off
iptables -F
chmod +x /etc/rc.d/rc.local

And then we need just to setup masquerading and post-routing and we are done.

echo "iptables -t nat -A POSTROUTING -o YOUR-NIC -j MASQUERADE" >> /etc/rc.d/rc.local


service pptpd restart

Instead YOUR-NIC you need to put name of your network facing interface, if you don't know the name type ifconfig (that is why we installed net-tools at the start).

Connecting to Poptop VPN server

Since Poptop is easy and article is not too long, we can include making the connection guide in same article with server guide. Best (and worst, depend how you look at it) thing about Poptop is that you don't need any certificates, only username and password, so connecting is straightforward. At the moment, I have at my disposal Android phone with Android 4.0 so I will use that to connect.


No need to write too much here, because pictures tell everything. I actually omitted the middle picture to conceive IP of my server, but adding credentials easy, just make sure you check the encryption check mark because we turned on encryption on server. You can also turn off the encryption on both server and client because it is not secure anyways, but for now it is on. Next thing, on your phone you need to go to some site that shows your ip address, like for example this one. And you should then see the IP address of the server, which means that all went well and you followed this guide correctly.


Poptop is probably easiest and most straightforward way to have VPN configured on your VPS. Despite that its encryption algorithm was declared insecure, usability of Poptop have been proven in numerous occasions and this VPN server has its uses. If nothing, it is good as staring point on your journey to world of Virtual Private Network software and after learning the basics you can better understand more complex solutions like OpenVPN, Softeter, StrongSWAN and the like.

1 thought on “How to Install Poptop VPN Server on CentOS 7”... add one

  1. Thanks Mihajlo, I spent hours trying to get OpenVPN working with its nonexistent documentation and realized that software is garbage. Then I found Poptop and your tutorial and now the pain in my head is all gone :-)


Leave a Comment