Compatibility note

I’ve tested instructions and pptp on:
[a] CentOS / RHEL / Fedora Core Linux running 2.6.15+ kernel
[b] Ubuntu and Debian Linux running 2.6.15+ kernel
[c] FreeBSD etc

I’ve found that pptp client is 100% compatible with the following servers/products:
[a] Microsoft Windows VPN Server
[b] Linux PPTP Server
[c] Cisco PIX etc

How do I install PPTP client under Linux?

By default most distro installs PPTP client called PPTP-linux which is the client for the proprietary Microsoft Point-to-Point Tunneling. Use apt-get or yum command to install pptp client:
$ sudo apt-get install pptp-linux network-manager-pptp
Fedora Core user can install client using rpm command:
# rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
# yum --enablerepo=pptp-stable install pptpconfig


[a] network-manager-pptp or pptpconfig – A gui network management framework (PPTP plugin) for network-admin tool (frontend)
[b] pptp-linux – Point-to-Point Tunneling Protocol (PPTP) command line client

How do I configure client using command line (cli)?

You need to edit / create following configuration files

• /etc/ppp/chap-secrets – Add your login name / password for authentication using CHAP. Pppd stores secrets for use in authentication in secrets files.
• /etc/ppp/peers/myvpn-name – A dialup connection authenticated with PAP / CHAP configuration file. You need to add your dialup server name and other information in this file.

Sample configuration data

1. PPTP server name: pptp.vpn.nixcraft.com
2. VPN User Name : vivek
3. VPN Password: VpnPassword
4. Connection name: delhi-idc-01

Open /etc/ppp/chap-secrets file:
# vi /etc/ppp/chap-secrets
OR
$ sudo vi /etc/ppp/chap-secrets
Append line as follows:
vivek PPTP VpnPassword *

Save and close the file.

Create a connection file called /etc/ppp/peers/delhi-idc-01 (replace delhi-idc-01 with your connection name such as office or vpn):
# vi /etc/ppp/peers/delhi-idc-01
Append configuration data as follows:
pty "pptp pptp.vpn.nixcraft.com --nolaunchpppd"
name vivek
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam delhi-idc-01


Close and save the file. Where,

• pty “pptp pptp.vpn.nixcraft.com –nolaunchpppd”: Specifies that the command script is to be used to communicate rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master/slave pair and use the slave as its terminal device. The script will be run in a child process with the pseudo-tty master as its standard input and output. An explicit device name may not be given if this option is used. (Note: if the record option is used in conjunction with the pty option, the child process will have pipes on its standard input and output.). In this case we are using pptp client to establishes the client side of a Virtual Private Network (VPN) using the Point-to-Point Tunneling Protocol (PPTP). pptp.vpn.nixcraft.com is my host name (or IP address) for the PPTP server. –nolaunchpppd option means do not launch pppd but use stdin as the network connection. Use this flag when including pptp as a pppd connection process using the pty option.
• name vivek: VPN username
• remotename PPTP: Set the assumed name of the remote system for authentication purposes to name. If you don’t know name ask to network administrator
• require-mppe-128: Require the use of MPPE, with 128-bit encryption. You must encrypt traffic using encryption.
• file /etc/ppp/options.pptp: Read and apply all pppd options from options.pptp file. Options used by PPP when a connection is made by a PPTP client.
• ipparam delhi-idc-01 : Provides an extra parameter to the ip-up, ip-pre-up and ip-down scripts (optional).

Route traffic via ppp0

To route traffic via PPP0 interface add following route command to /etc/ppp/ip-up.d/route-traffic
# vi /etc/ppp/ip-up.d/route-traffic
Append following sample code (modify NET an IFACE as per your requirments):
#!/bin/bash
NET="10.0.0.0/8" # set me
IFACE="ppp0" # set me
#IFACE=$1
route add -net ${NET} dev ${IFACE}

/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -t nat -F
/sbin/iptables -t nat -X
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
/sbin/iptables -A FORWARD -i ppp0 -o enp0s3 -m state –state RELATED,ESTABLISHE$
/sbin/iptables -A FORWARD -i enp0s3 -o ppp0 -j ACCEPT
ip route del default dev enp0s3
ip route add default dev ppp0

Save and close the file:
# chmod +x /etc/ppp/ip-up.d/route-traffic

Task: connect to PPTP server

Now you need to dial out to your office VPN server. This is the most common use of pppd. This can be done with a command such as:
# pppd call delhi-idc-01
If everything is went correctly you should be online and ppp0 should be up. Remote server will assign IP address and other routing information. Here is the message from my /var/log/messages file:
# tail -f /var/log/messages
Output:

Jun 11 23:38:00 vivek-desktop pppd[30088]: pppd 2.4.4 started by root, uid 0
Jun 11 23:38:00 vivek-desktop pppd[30088]: Using interface ppp0
Jun 11 23:38:00 vivek-desktop pppd[30088]: Connect: ppp0 <--> /dev/pts/4
Jun 11 23:38:03 vivek-desktop pppd[30088]: CHAP authentication succeeded
Jun 11 23:38:03 vivek-desktop kernel: [37415.524398] PPP MPPE Compression module registered
Jun 11 23:38:03 vivek-desktop pppd[30088]: MPPE 128-bit stateless compression enabled
Jun 11 23:38:05 vivek-desktop pppd[30088]: local  IP address 10.5.3.44
Jun 11 23:38:05 vivek-desktop pppd[30088]: remote IP address 10.0.5.18

Task: Disconnect PPTP server vpn connection

Simply kill pppd service, enter:
# killall pppd
OR
# kill {pppd-PID}

AUTO Start

nano /etc/network/interfaces

auto ppp0
iface ppp0 inet ppp
provider delhi-idc-01
pre-up pppd call delhi-idc-01

Step 1 – Prerequisites

First we need to install some of the software packages needed for Cacti to run properly. Software which is not included or enabled in the base CentOS 6 installation are:

• rrdtool
• apache
• mysql
• cron
• gcc

Let’s use yum to get these installed.

Centos 6:
yum -y install mysql-server php php-cli php-mysql net-snmp-utils rrdtool \
  php-snmp gcc mysql-devel net-snmp-devel autoconf automake libtool dos2unix wget help2man

Centos 7:
yum -y install mariadb-server php php-cli php-mysql net-snmp-utils rrdtool \
  php-snmp gcc mariadb-devel net-snmp-devel autoconf automake libtool dos2unix wget help2man

gcc and the devel packages are required for the installation of spine, hence that’s why we include it here.

Now let’s make sure that our webserver and the database are automatically starting up after a reboot. Use the following commands to enable these:

CentOS 6:
chkconfig httpd on
chkconfig mysqld on
chkconfig crond on

CentOS 7:
systemctl enable httpd.service
systemctl enable mariadb.service
systemctl enable crond.service

Now that we did make sure that these services start after a reboot, let’s start them manually now in order to continue the installation. Cron may already be running so don’t panic if you don’t see the usual start message:

CentOS 6:
service httpd restart
service mariadb restart
service crond restart

CentOS 7:
systemctl restart httpd.service
systemctl restart mariadb.service
systemctl restart crond.service

Step 2 – Cacti Files

Let’s now move to the actualy installation of Cacti. First we need to download and extract it. As of version 0.8.8, a fully patched Cacti including the Plugin Architecture (PIA) is officially available, so we’re downloading that one:

cd /var/www/html
wget http://www.cacti.net/downloads/cacti-0.8.8g.tar.gz
tar -xzvf cacti-0.8.8g.tar.gz

I usually suggest to create a symbolic link to the newly created directory “cacti-0.8.8b”. This will make upgrades to never Cacti versions easier:

ln -s cacti-0.8.8g cacti

Step 3 – Cron and file permissions

Cacti uses cron (scheduled task) in order to execute its polling process.  It’s always a good idea to run this under a special user. Let’s create the system “cacti” user now:

adduser -d /var/www/html/cacti -s /sbin/nologin cacti

Having done that, we can now  add a new cron entry to your system for a 5 minute polling interval using the following command:

echo "*/5 * * * * cacti php /var/www/html/cacti/poller.php &>/dev/null" >> /etc/cron.d/cacti

Finally, we also need to make sure that the permissions on the log and rra directories are set correctly:

cd /var/www/html/cacti
chown -R cacti.apache rra log  
chmod 775 rra log

Step 4 – Cacti Database

Now that we have extracted the cacti files, we can move on preparing the database for the final installation step. Your first step should be securing the mysql database. The following command will help you with this task on a CentOS system. Make sure to select a strong password for root, e.g. MyN3wpassw0rd

/usr/bin/mysql_secure_installation

Let’s create a new database and assign a special user to it:

mysqladmin -u root -p create cacti
mysql -p cacti < /var/www/html/cacti/cacti.sql
mysql -u root -p

With the last command, you should be seing a mysql prompt where you can enter mysql commands. Here we are going to create the special cacti user. That user only needs to be able to connect from the local system and should have a strong password as well. Enter the following commands and make sure to replace the password:

GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'MyV3ryStr0ngPassword';
flush privileges;
exit

We now have the cacti files and the cacti database setup. The last step before moving to the web-based installer is setting the database credentials within the Cacti config file:

cd /var/www/html/cacti/include/
vi config.php

Change the $database_ lines to fit your new settings:

$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cactiuser";
$database_password = "MyV3ryStr0ngPassword";
$database_port = "3306";
$database_ssl = false;

Depending on your installation, you should also uncomment the following line. In our example we have to make sure the following line is there:

$url_path = "/cacti/";

Step 5 – Adding firewall rules

The following settings will add access rules to http and https from outside:

Centos 7:
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --reload

Step 6 – Important PHP Settings

The default PHP installation usually has not configured the correct timezone or php error reporting. While not required to run Cacti, it’s highly recommended to enable error reporting to syslog for troubleshooting issues with plugins or other scripts.

The following lines need to be enabled/configued in your /etc/php.ini file:

; Defines the default timezone used by the date functions
; http://php.net/date.timezone
date.timezone = Europe/Berlin

and

; Log errors to syslog (Event Log on NT, not valid in Windows 95).
error_log = syslog

Step 7 – Running the Web-based installer

Let’s move on to the web-based installer.

Login with admin/admin and you’re ready to go !

Please go to “Console -> System Utilities” and click on “Rebuild Poller Cache” after the first login!