Overview
Setup PPTP Server
PPTP Installation
# Ubuntu
$ sudo apt-get install pptpd
# CentOS
$ sudo yum -y install epel-release
$ sudo yum -y install pptpd
Setup IP Address
- Now you should edit
/etc/pptpd.conf
and add the following lines
$ vim /etc/pptpd.conf
localip 10.0.0.1
remoteip 10.0.0.100-200
NOTE: Where localip is IP address of your server and remoteip are IPs that will be assigned to clients that connect to it.
Setup Authentication for PPTP
$ vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
MiteshShah pptpd MyPassword *
NOTE: Where client is the username, server is type of service – pptpd for our example, secret is the password, and IP addresses specifies which IP address may authenticate.
By setting *
in IP addresses field, you specify that you would accept username/password pair for any IP.
Add DNS Server
$ vim /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Restart PPTP Service
$ sudo service pptpd restart
Setup Forwarding
- It is important to enable IP forwarding on your PPTP server.
- This will allow you to forward packets between public IP and private IPs that you setup with PPTP.
$ sudo vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
$ sudo sysctl -p
Create a NAT rule for iptables
$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
# If you would also like your PPTP clients to talk to each other, add the following iptables rules
$ sudo iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
$ sudo iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
$ sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT
Setup PPTP Clients
- Install PPTP Client
$ sudo apt-get install network-manager-pptp network-manager-pptp-gnome pptp-linux
- Open Network Connections, VPN tab, click on Add button.
- Select Point-to-Point Tunneling Protocol (PPTP) from the list then click Create button
- On the Gateway type the PPTP Server public IP Address
- Click on the Advanced button to open PPTP advanced Options.
- On the Security and Compression check ONLY Use Point-to-Point Encryption (MPPE), Security: All available (Default), allow Deflate data compression, Use TCP header compression.
Troubleshooting PPTP
Fix GRE Protocol
Issue:
- If you are behind firewall/squid you may be face GRE Protocol errors
Dec 7 05:08:38 li724-160 pptpd[25197]: GRE: read(fd=7,buffer=60a400,len=8260) from network failed: status = -1 error = Protocol not available
Dec 7 05:37:28 li724-160 pptpd[2253]: GRE: read(fd=7,buffer=60a400,len=8260) from network failed: status = -1 error = Protocol not available
Dec 7 05:37:28 li724-160 pptpd[2253]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
FIX
- Add necessary Kernel module
$ sudo modprobe ip_gre
$ sudo modprobe ip_nat_pptp
$ sudo modprobe ppp_mppe
$ sudo modprobe ip_conntrack_pptp