VPS have gained popularity due to their affordability and the fact that individuals can use them as personal VPN servers. Some of the benefits of a personal VPN server include the possibility of knowing exactly what details of your online activity are kept on the server. This is important because while many VPN providers promise a no logging policy, you can’t really verify that. Furthermore, you would not have to share servers resources like CPU and bandwidth with other users. Although PPTP is not the most secure protocol available, it is a very popular option, particularly for mobile device users. In this simple guide, you will find out how to install a VPN server running PPTP for Ubuntu or Debian Linux.
- Install pptpd
apt-get update
apt-get install pptpd
With this, you will install bcrelay, ppp, pptpd. - The next step is to configure pptpd and ppp
pico-w /etc/pptpd.conf
You can also use your favourite text editor, such as vim. - Add local and remote IP pool and the end of file:
localip 10.10.0.1 (this would be the VPN server’s IP)
remoteip from10.10.0.2 to 10.10.0.10. These would be the private IP addresses assigned to the clients connecting to the VPN. Other IP range or different private IP addresses can also be used. - Save the file and exit the editor. Then edit the ppp configuration file: pico -w/etc/ppp/pptpd-options
- The below would need to be added at the end of file:
name pptdpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
#ms-dns 8.8.4.4
proxyarp
nodefaultroute
lock
nobsdcomp
mtu 1490
mru 1490 - Keep in mind that the ppp daemon will refuse CHAP and MS-CHAP V1 authentications as they are deemed as insecure. Although MS-CHAP V2 PPTP VPN is not the safest option, it is still a better alternative than CHAP and MS-CHAP V1.
You would need to add the VPN account username and password to the ppp secrets file. Then edit /etc/ppp/chap-secrets and add along the following lines:
myusername pptpd mys3cr3tpass 10.10.0.2
myfrienduser pptpd hisp@ssword 10.10.0.3 - Enable packets forwarding
Edit/etc/ sysctl.conf and enable ipv4 forwarding by un-commenting the line (remove the #) and change 0 to 1. It should look like this: net.ipv4.op_forward=1
Save and exit the editor and run the following to make sure that the changes are applied: sysctl -p - Add the optables rule to create the NAT between eth0 and ppp interfaces like these:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state –state RELATED, ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth 0 -j ACCEPT
It is important to keep in mind that iptables MASQUERADE doesn’t work on OpnVZ VPS containers, but on KVM and XEN. In order to be able to use OpenVZ, you have to use iptables SOURCE such as this: iptables -t nat -A POSTROUTING -j SNAT –to-source
Finally restart pptpd by running the following: service pptpd restart. The final step is to test the connection to confirm everything was set up correctly.