A photo of Mitesh Shah

Mitesh Shah

Linux Expert | Automation Enthusiast | Security Consultant

Email Skype Github Twitter Resume Hire Me Keybase LinkedIn Stackoverflow


How to Setup Your Own VPN With PPTP

6 minutes to read (689 words) ()

Overview

Setup PPTP Server

PPTP Installation

# Ubuntu
$ sudo apt-get install pptpd
# CentOS
$ sudo yum -y install epel-release
$ sudo yum -y install pptpd
Setup IP Address
  • Now you should edit /etc/pptpd.conf and add the following lines
$ vim /etc/pptpd.conf
localip 10.0.0.1
remoteip 10.0.0.100-200

NOTE: Where localip is IP address of your server and remoteip are IPs that will be assigned to clients that connect to it.

Setup Authentication for PPTP
$ vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
MiteshShah	pptpd	MyPassword		*

NOTE: Where client is the username, server is type of service – pptpd for our example, secret is the password, and IP addresses specifies which IP address may authenticate.
By setting * in IP addresses field, you specify that you would accept username/password pair for any IP.

Add DNS Server
$ vim /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Restart PPTP Service
$ sudo service pptpd restart

Setup Forwarding

  • It is important to enable IP forwarding on your PPTP server.
  • This will allow you to forward packets between public IP and private IPs that you setup with PPTP.
$ sudo vim  /etc/sysctl.conf
net.ipv4.ip_forward = 1

$ sudo sysctl -p

Create a NAT rule for iptables

$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

# If you would also like your PPTP clients to talk to each other, add the following iptables rules
$ sudo iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
$ sudo iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
$ sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT

Setup PPTP Clients

  • Install PPTP Client
$ sudo apt-get install network-manager-pptp network-manager-pptp-gnome pptp-linux
  • Open Network Connections, VPN tab, click on Add button.
  • Select Point-to-Point Tunneling Protocol (PPTP) from the list then click Create button

PPTP VPN Setup

  • On the Gateway type the PPTP Server public IP Address

PPTP VPN Setup

  • Click on the Advanced button to open PPTP advanced Options.
  • On the Security and Compression check ONLY Use Point-to-Point Encryption (MPPE), Security: All available (Default), allow Deflate data compression, Use TCP header compression.

PPTP Advance Options

Troubleshooting PPTP

Fix GRE Protocol

Issue:

  • If you are behind firewall/squid you may be face GRE Protocol errors
Dec  7 05:08:38 li724-160 pptpd[25197]: GRE: read(fd=7,buffer=60a400,len=8260) from network failed: status = -1 error = Protocol not available
Dec  7 05:37:28 li724-160 pptpd[2253]: GRE: read(fd=7,buffer=60a400,len=8260) from network failed: status = -1 error = Protocol not available
Dec  7 05:37:28 li724-160 pptpd[2253]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)

FIX

  • Add necessary Kernel module
$ sudo modprobe ip_gre
$ sudo modprobe ip_nat_pptp
$ sudo modprobe ppp_mppe
$ sudo modprobe ip_conntrack_pptp




Post Navigation