Linux

How to setup a PPTP VPN Server

Let’s be clear, there IS a instruction for this on many sites but they do not tell you what you need to do in order to setup VPN on VPS, so I’m going to save your troubleshooting time.

Most of ISPs allow VPN but I recommend you checking their policy, especially if you are planning to use VPN for torrenting or any other similar activities.

First login into your VPS Panel and enable TUN/TAP and PPP. If you do not have such option contact your ISP to enable this for you.

With a PPTP server, you can setup a VPN server easily. Having a virtual private network is beneficial to both individual users and businesses alike.

This tutorial explains how you can install a PPTP server on Linux.

Installing PPTPD (Ubuntu/Debian)

sudo apt-get install pptpd -y

Installing PPTPD RedHat (Cent OS/Fedora)

yum install ppp pptp pptp-setup

Adding users

Because we do not want our VPN to be public we are going to create users.
We are going to edit this file, I am using VI you can use NANO if you like

vi /etc/ppp/chap-secrets

Format is

[username] [service] [password] [ip]

Example

john pptpd johnspassword *

* means access from all IP addresses is allowed, specify IP only if you have static one.

Editing PPTPD Settings

We are going to edit this file

vi /etc/pptpd.conf

Look for the localip and remoteip settings.
Remove the # (comment character) for both so that these settings will actually be recognized. Change localip to your server IP. If you don’t know your server IP, you may look in your VPS control panel.

The remoteip is basically the IP range that clients (computers that are connected to your VPN) will be assigned.
For example, if you want the following IP range: 192.168.120.231-235, your VPN server will be able to assign 192.168.120.232, 192.168.120.233, 192.168.120.234, and 192.168.120.235 to clients. It’s up to you what you want to use for this field.

Personally I choose this settings:

localip 10.0.0.1
remoteip 10.0.0.100-200

So I can get about 200 clients connected.

Add DNS servers to /etc/ppp/pptpd-options

ms-dns 8.8.8.8
ms-dns 8.8.4.4

You can whether add this to end of file or find those lines, uncomment them and change IPs to your desired Public DNS.

Setup Forwarding

It is important to enable IP forwarding on your PPTP server. This will allow you to forward packets between public IP and private IPs that you setup with PPTP. Simply edit /etc/sysctl.conf and add the following line if it doesn’t exist there already:

net.ipv4.ip_forward = 1

To make changes active, run sysctl -p

Create a NAT rule for iptables

This is an important part, if you are using VPS you probably wont use eth0 but venet0 instead, you should check which interface you have by running ifconfig

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

If you would also like your PPTP clients to talk to each other, add the following iptables rules:

iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT

Again, you need to replace eth0 with venet0 if you are using VPS.

I would recommend running

sudo iptables-save

Now your PPTP server also acts as a router.

Your VPN is ready! I recommend running this so it starts after reboot

systemctl enable pptpd

If you face any problems or have any questions post them in the comments and I’ll be happy to assist you.

About the author

Luka Paunovic

I am Linux System Administrator and student of Business economics at John Naisbitt University.
Love to blog and read blogs.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *