Step 1. Install PPTPD

If your OS is CentOS/RedHat 5:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.rhel5.x86_64.rpm
rpm -Uhv pptpd-1.3.4-2.rhel5.x86_64.rpm

If your OS is CentOS/RedHat 6:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm

If you are using Ubuntu:

apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

vi /etc/pptpd.conf

localip 192.168.0.1
remoteip 192.168.0.101-200

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets

usernameForuser1 *  setpassword1here  *

usernameForuser2 *  setpassword2here  *

Step 4. Optional settings in /etc/ppp/options.pptpd

vi /etc/ppp/options.pptpd

ms-dns 8.8.8.8
ms-dns 4.4.4.4

Step 5. Enable network forwarding in /etc/sysctl.conf
vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

use the following command to apply the change:

sysctl -p

Step 6. Configure firewall

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart
If you are using CSF firewall, you may refer to this post on firewall settings.

Step 7. Start PPTP VPN server

If your OS is CentOS or Redhat, using the following command:

service pptpd restart

To start PPTP Daemon automatically when rebooting next time, use command:

chkconfig pptpd on

If your OS is Ubuntu, you just reboot your machine.

 

Setting up an SSL secured Webserver with CentOS

 

This guide will explain how to set up a site over https. The tutorial uses a self signed key so will work well for a personal website or testing purposes. This is provided as is so proceed at your own risk and take backups!

 

1. Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache’s interface to OpenSSL. Use yum to get them if you need them.

 

yum install mod_ssl openssl

Yum will either tell you they are installed or will install them for you.

 

2. Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

 

# Generate private key 
openssl genrsa -out ca.key 1024 

# Generate CSR 
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.

 

restorecon -RvF /etc/pki

Then we need to update the Apache SSL configuration file

 

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you’ve used the method above it will be

 

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:

 

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Quit and save the file and then restart Apache

 

/etc/init.d/httpd restart

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won’t let you connect at all but you can override this.

 

3. Setting up the virtual hosts

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this

 

<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

 

NameVirtualHost *:443

and then a VirtualHost record something like this:

 

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

Restart Apache again using

 

/etc/init.d/httpd restart

 

4. Configuring the firewall

You should now have a site working over https using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:

 

iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

Requirement: Vacation, Sendmail, SquirrelMail, SquirrelMail Local User Autoresponder and Mail Forwarder plugin, SquirrelMail Compatibility plugin, vsftp and CentOS 5

1. Download vacation-1.2.6.3.tar.gz from the link below: –
http://vacation.sourceforge.net

2. Extract the vacation to a temporary directory as below: –
tar xvfz vacation-1.2.6.3.tar.gz -C /tmp

3. Change directory to /tmp/vacation-1.2.6.3 as below: –
cd /tmp/vacation-1.2.6.3

4. Run the “make” command as below: –
make

5. Copy the “vacation” binary to “/usr/bin” as below: –
cp vacation /usr/bin

6. Create a softlink in the Sendmail’s restricted shell utility “smrsh” as below: –
cd /etc/smrsh
ln -s /usr/bin/vacation vacation

7. Next, lets proceed with installing and configuring SquirrelMail’s Local User Autoresponder and Mail Forwarder Plugin. Download local_autorespond_forward-3.0-1.4.0.tar.gz from the link below: –
http://www.squirrelmail.org/plugin_view.php?id=264

8. Extract the local_autoresponder_forward to SquirrelMail’s plugin directory (in CentOS 5) as below: –
tar xvfz local_autorespond_forward-3.0-1.4.0.tar.gz -C /usr/share/squirrelmail/plugins

9. Download the Compatibility plugin from the link below: –
http://www.squirrelmail.org/plugin_view.php?id=152

10. Extract the compatibility plugin to SquirrelMail’s plugin directory (in CentOS 5) as below: –
tar xvfz compatibility-2.0.8-1.0.tar.gz -C /usr/share/squirrelmail/plugins

11. Run the SquirrelMail’s config command as below: –
cd /usr/share/squirrelmail/config
./conf.pl

12. Patch your SquirrelMail according to your version as below: –
patch -p0 < patches/compatibility_patch-1.4.8.diff

13. In SquirrelMail Configuration Main Menu, key-in “8″ to enter Plugins menu. Next, key-in the number that refer to “local_autorespond_forward” to install the plugin

14. Create the local_autorespond_forward configuration file as below: –
cd /usr/share/squirrelmail/plugin/local_autorespond_forward
cp config.php.sample config.php

15. Edit the config.php file and change the following as below: –
$ftp_passive = 1;

16. Next, you need to enable the vsftp service in init level 3, 4 and 5 as below: –
chkconfig --level 345 vsftp on

17. Let’s start the vsftp service as below: –
service vsftp start

You can now begin to use the SquirrelMail’s local_autorespond_forward plugin to configure the vacation email responder for Sendmail.