A very basic VPN protocol based on PPP. PPTP was the first VPN protocol supported on the Microsoft Windows platform. The PPTP specification does not actually describe encryption or authentication features and relies on the PPP protocol being tunneled to implement security functionality.

Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs) or as part of the delivery of services by ISPs. It does not provide any encryption or confidentiality by itself; it relies on an encryption protocol that it passes within the tunnel to provide privacy.

OpenVPN is an open source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It uses a custom security protocol[2] that utilizes SSL/TLS for key exchange. It is capable of traversing network address translators (NATs) and firewalls.

Please refer the following article about PPTP vs L2TP vs OpenVPN.


Install ppp & pptpd on your cpanel server.

ppp and poptop should be need to install the VPN server.

yum install ppp

Goto http://poptop.sourceforge.net/yum/stable/ and download pptpd rpm as per your OS architecture.

wget http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/pptpd-1.3.4-2.el6.x86_64.rpm

rpm -ivh pptpd-1.3.4-2.el6.x86_64.rpm

Open your pptpd.conf configuration file after installation completed.

vi /etc/pptpd.conf

End of the file add the following entries


Local IP will be assigned to the ppp interface, and the Remote IP range is the range of IPs that will be assigned to VPN clients.

Next open the /etc/ppp/options.pptpd file

vi /etc/ppp/options.pptpd

Go to the ms-dns lines, add google DNS or your ISPs DNS servers.


open the file /etc/ppp/chap-secrets to add some users

client        server  secret                  IP addresses
vpnuser1     pptpd randompass1 *
vpnuser2     pptpd randompass2 *

Change vpnuserX and randompassX to anything you like. Also if your clients have a static IP you can enter it instead of the * so that the particular VPN user will only be able to login from the specified IP.

Enable IP forwarding

open /etc/sysctl.conf

net.ipv4.ip_forward. Set it to 1


Update the following configuration in your CSF firewall /etc/csf.

vi csfpre.sh

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -A OUTPUT -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp0 -j ACCEPT

vi csfpost.sh

service pptpd stop
service pptpd start

Restart CSF firewall.

csf -r

Thants all….

Get Free cPanel Knowledge Base

Thank you for subscribing.

Something went wrong.

4.00 avg. rating (82% score) - 5 votes