Setting up a pptp vpn server on Debian and Ubuntu

Standard

Yesterday I decided to setup a vpn server so a friend and I could play some coop mode on call of duty 5. This was so easy to setup I thought I would share it with the rest of the world:

Step 1.  Installing pptpd – the pptpd is the daemon that runs the pptp server. To install this just use apt-get:

$ apt-get install ssh pptpd -y

Step2. Next you will need to modify the pptpd.conf

$ vi /etc/pptpd.conf

Then scroll down to the bottom and modify the following lines with the subnets you would like assigned:

# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
localip 192.168.2.0
remoteip 192.168.2.2-238,192.168.2.245

Step 3. The vpn server is now configured and now you must setup authenticated users:

$ vi /etc/ppp/chap-secrets

The config file is very straight forward and I have an example of a user included:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
clown           pptpd  bigshoes               "*"

Step 4. When pptpd was installed it started automatically so we will need to restart it to apply the changes:

$ /etc/init.d/pptpd restart

Then just to make sure all is good lets check to make sure the service is listening:

 $ netstat -anp | grep pptpd
tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      7565/pptpd
unix  2      [ ]         DGRAM                    15781    7565/pptpd

If you see a listen on port 1723 you are ready to connect.

Optional: Now, if you would like to add internet access over this vpn, you can do this:

 $ vi /etc/sysctl.conf

and find the line for ipv4 forwarding and make sure it = 1:

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

The use iptables to get the net forwarded:

$ /sbin/iptables -P FORWARD ACCEPT
$ /sbin/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE

Optionally you can install bind9 and have a DNS resolver you can use for the vpn connection:

$ apt-get install bind9 -y

Then start it:

$ /etc/init.d/bind9 start

The configuration of the vpn client that is connecting can be modified to use this DNS resolver now to allow for more control.

Connecting to the vpn from a Windows 7 client ( Click images to zoom in):

Step 1. Open the Network and Sharing center

Step 2. Set up a new connection or network

Step 3. Connect to a workplace

Step 4. No create a new connection if other connections exist

Step 5. Use my internet cconnection:

Step 6. Enter the internet address and name of the vpn connection

Step 7. Enter the username and password:

Step 8. Connect!!

This should pretty much cover all you need for the installation of a basic Debian or Ubuntu PPTP vpn server. Enjoy!

32 Comments

  1. Pingback: What is Personal VPN ? | Personal VPN

  2. Pingback: What are the advantages of Personal VPN instead of anonymous proxy? | Personal VPN

  3. Pingback: Personal VPN

  4. Hi, this is a very good How To. It is just what I was looking for. Thanks.

    I do have a question though. The ISP for my server does not provide a static IP address, so I will need to use a DNS resolver. Could you explain how to deal with the DNS resolver on the Windows 7 client?

    Thank you very much.

    rats

  5. Great tutorial, but I have a little problem! It seems that my server does not have kernel support for PPP. Do you know how to fix it?

    Here’s the error:

    pppd: This system lacks kernel support for PPP. This could be because
    the PPP kernel module could not be loaded, or because PPP was not
    included in the kernel configuration. If PPP was included as a
    module, try `/sbin/modprobe -v ppp’. If that fails, check that
    ppp.o exists in /lib/modules/`uname -r`/net.
    See README.linux file in the ppp distribution for more details.

  6. Pingback: Pptp vpn

  7. hi there

    I tried to do all you siad, but when I edit pptpd.conf , pptpd server stop working and don’t start working again, till I replace it with the original one, would you help me, please?

    send me pptpd.conf edited one if you can;)

  8. Hi!

    I’m using a mobile broadband as the internet connection for my VPN-tunnel.
    The internet connection is up, and a ddclient is updating dyndns with the correct public IP-address.

    But how should I configure my pptpd.conf (remote ip)?

  9. I have set up PPTP VPN server on ubuntu.
    But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
    i need to limit that to one user at the time.
    anybody knows how it can be done?

  10. Hello there. Thanks for very nice PPTP VPN manual. I got just one question. IS it possible to monitor users traffic on VPN ? Give users quota for VPN ? Problem is on my server is users making too mutch traffic and i need to stop this. Thanks for any help. lu

  11. Hi

    The tutorial worked great, just one issue. When I connect with XP, how can configure the VPN connection to use Default Internet Connection’s DNS settings? I think the new VPN connection is trying to locate it’s own DNS and failing and hence loosing all the Internet.

    Can you please help?

    Thx

  12. Pingback: VOIP, Asterisk, SIP and Ubuntu « Bangladesh Android IOS developer

  13. Pingback: creating VPN problem

  14. Pingback: VOIP, Asterisk, SIP and Ubuntu | Research Paper and Publication

  15. Pingback: Install PPTP server on Ubuntu 12.04 | 凡人牧白

  16. thanks
    $ /sbin/iptables -P FORWARD ACCEPT
    $ /sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

    worked for me!

  17. Pingback: 우분투 pptp VPN 서버 구축하기. | Rathole - Vr4t's Lab.

  18. Pingback: 우분투 pptp vpn 서버 구축 | Vr4t's Lab - Rathole

  19. hi again, after restarting the server i need to manually input
    $ /sbin/iptables -P FORWARD ACCEPT
    $ /sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE

    is there a way to make this permanently ?

  20. add it to the end of /etc/rc.local right before exit 0


    Ththhtht:

    hi again, after restarting the server i need to manually input
    $ /sbin/iptables -P FORWARD ACCEPT
    $ /sbin/iptables –table nat -A POSTROUTING -o eth0 -j MASQUERADE
    is there a way to make this permanently ?

  21. Hi I tested your config and it works great. I tested it on a LAN environment. I have this problem on how to reach from my LAN computers to the computers connecting via pptp vpn.

    pc======Lan========PPT Server ===== vpn clients

    basically I want to connect using rdp from pc in my lan going to vpn clients. I can ping the ip of the vpn client but I can’t connect using rdp.

Leave a Reply

css.php