How to install a VPN Server on Debian/Ubuntu Linux VPS

VPS have gained popularity due to their affordability and the fact that individuals can use them as personal VPN servers. Some of the benefits of a personal VPN server include the possibility of knowing exactly what details of your online activity are kept on the server. This is important because while many VPN providers promise a no logging policy, you can’t really verify that. Furthermore, you would not have to share servers resources like CPU and bandwidth with other users. Although PPTP is not the most secure protocol available, it is a very popular option, particularly for mobile device users. In this simple guide, you will find out how to install a VPN server running PPTP for Ubuntu or Debian Linux.

  1. Install pptpd
    apt-get update
    apt-get install pptpd
    With this, you will install bcrelay, ppp, pptpd.
  2. The next step is to configure pptpd and ppp
    pico-w /etc/pptpd.conf
    You can also use your favourite text editor, such as vim.
  3. Add local and remote IP pool and the end of file:
    localip 10.10.0.1 (this would be the VPN server’s IP)
    remoteip from10.10.0.2 to 10.10.0.10. These would be the private IP addresses assigned to the clients connecting to the VPN. Other IP range or different private IP addresses can also be used.
  4. Save the file and exit the editor. Then edit the ppp configuration file: pico -w/etc/ppp/pptpd-options
  5. The below would need to be added at the end of file:
    name pptdpd
    refuse-pap
    refuse-chap
    refuse-mschap
    require-mschap-v2
    require-mppe-128
    ms-dns 8.8.8.8
    #ms-dns 8.8.4.4
    proxyarp
    nodefaultroute
    lock
    nobsdcomp
    mtu 1490
    mru 1490
  6. Keep in mind that the ppp daemon will refuse CHAP and MS-CHAP V1 authentications as they are deemed as insecure. Although MS-CHAP V2 PPTP VPN is not the safest option, it is still a better alternative than CHAP and MS-CHAP V1.
    You would need to add the VPN account username and password to the ppp secrets file. Then edit /etc/ppp/chap-secrets and add along the following lines:
    myusername pptpd mys3cr3tpass 10.10.0.2
    myfrienduser pptpd hisp@ssword 10.10.0.3
  7. Enable packets forwarding
    Edit/etc/ sysctl.conf and enable ipv4 forwarding by un-commenting the line (remove the #) and change 0 to 1. It should look like this: net.ipv4.op_forward=1
    Save and exit the editor and run the following to make sure that the changes are applied: sysctl -p
  8. Add the optables rule to create the NAT between eth0 and ppp interfaces like these:
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    iptables -A FORWARD -i eth0 -o ppp0 -m state –state RELATED, ESTABLISHED -j ACCEPT
    iptables -A FORWARD -i ppp0 -o eth 0 -j ACCEPT
    It is important to keep in mind that iptables MASQUERADE doesn’t work on OpnVZ VPS containers, but on KVM and XEN. In order to be able to use OpenVZ, you have to use iptables SOURCE such as this: iptables -t nat -A POSTROUTING -j SNAT –to-source

Finally restart pptpd by running the following: service pptpd restart. The final step is to test the connection to confirm everything was set up correctly.