A photo of Mitesh Shah

Mitesh Shah

Linux Enthusiast
System Administrator

Email Skype Github Twitter Resume Hire Me Keybase LinkedIn Stackoverflow


How to Setup Your Own VPN With PPTP

Overview

Setup PPTP Server

PPTP Installation

# Ubuntu
$ sudo apt-get install pptpd
# CentOS
$ sudo yum -y install epel-release
$ sudo yum -y install pptpd
Setup IP Address
  • Now you should edit /etc/pptpd.conf and add the following lines
$ vim /etc/pptpd.conf
localip 10.0.0.1
remoteip 10.0.0.100-200

NOTE: Where localip is IP address of your server and remoteip are IPs that will be assigned to clients that connect to it.

Setup Authentication for PPTP
$ vim /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client	server	secret			IP addresses
MiteshShah	pptpd	MyPassword		*

NOTE: Where client is the username, server is type of service – pptpd for our example, secret is the password, and IP addresses specifies which IP address may authenticate.
By setting * in IP addresses field, you specify that you would accept username/password pair for any IP.

Add DNS Server
$ vim /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Restart PPTP Service
$ sudo service pptpd restart

Setup Forwarding

  • It is important to enable IP forwarding on your PPTP server.
  • This will allow you to forward packets between public IP and private IPs that you setup with PPTP.
$ sudo vim  /etc/sysctl.conf
net.ipv4.ip_forward = 1

$ sudo sysctl -p

Create a NAT rule for iptables

$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

# If you would also like your PPTP clients to talk to each other, add the following iptables rules
$ sudo iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
$ sudo iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
$ sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT

Setup PPTP Clients

  • Install PPTP Client
$ sudo apt-get install network-manager-pptp network-manager-pptp-gnome pptp-linux
  • Open Network Connections, VPN tab, click on Add button.
  • Select Point-to-Point Tunneling Protocol (PPTP) from the list then click Create button

PPTP VPN Setup

  • On the Gateway type the PPTP Server public IP Address

PPTP VPN Setup

  • Click on the Advanced button to open PPTP advanced Options.
  • On the Security and Compression check ONLY Use Point-to-Point Encryption (MPPE), Security: All available (Default), allow Deflate data compression, Use TCP header compression.

PPTP Advance Options

Troubleshooting PPTP

Fix GRE Protocol

Issue:

  • If you are behind firewall/squid you may be face GRE Protocol errors
Dec  7 05:08:38 li724-160 pptpd[25197]: GRE: read(fd=7,buffer=60a400,len=8260) from network failed: status = -1 error = Protocol not available
Dec  7 05:37:28 li724-160 pptpd[2253]: GRE: read(fd=7,buffer=60a400,len=8260) from network failed: status = -1 error = Protocol not available
Dec  7 05:37:28 li724-160 pptpd[2253]: CTRL: GRE read or PTY write failed (gre,pty)=(7,6)

FIX

  • Add necessary Kernel module
$ sudo modprobe ip_gre
$ sudo modprobe ip_nat_pptp
$ sudo modprobe ppp_mppe
$ sudo modprobe ip_conntrack_pptp




Post Navigation