VPN setup
VPN setup

VPN is one of the way to encrypt data via a network. This article will guide you to setup PPTP VPN server using Ubuntu. There are many type of VPN but PPTP still a popular choice due to easy installation. We will be using Ubuntu as the VPN server, but basically the method is the same if you’re using another distro.
PPTP is compatible with most server type, especially Windows, that is why it still popular protocol especially with personal computer.

How to install on the server?
PPTP works in a client server model. There are a few steps to setup the server.

1. Install PPTP package
To install the PPTP package, just run the below command;

apt-get install pptpd

This will install the required package to make PPTP available.

2. Configure the pptpd.conf file.
Next, we need to configure the /etc/pptpd.conf file. In my sample, I will be use 192.168.0.100 to 192.168.0.200 as VPN IP range for the client connected to the VPN. I have to add the setting below for my configuration use.

localip 10.1.1.1
remoteip 10.1.1.100-200

debug
set log All   # or whatever you want to log

3. DNS Configuration
After that, we need to edit /etc/ppp/pptpd-options for the DNS configuration.
In my server, the active setting for my VPN is :

name pptpd
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp 
ms-dns 1.1.1.1
ms-dns 8.8.8.8
debug
logfile /pptpd.log
dump

4. User password.
Next steps are to setup username and password and store inside /etc/ppp/chap-secrets file. The format is similar as below ;

# Secrets for authentication using CHAP
# client  server  secret IP addresses
user1  *   pass092303    *
user2  *   pass2104      *
user3  *   pass1980      *
user4  *   pass8379      *
user5  *   pass1OD6f     *

To add a new user, just add username and password in this file, then restart the pptpd service.

5. Setup forwarding.
This is very important for the PPTP to work correctly, as we need to forward the network packets between public IP and private IP. To setup IP forwarding, we need to edit /etc/sysctl.conf.

net.ipv4.ip_forward=1

To make setting active, run ‘sysctl -p’ or just reboot the server.

6. Setup firewall.
This is a very tricky part and can cause server cannot access if wrongly configured but I will cover for the VPN part only.

###############################################################
### VPN RULES
### ens32 IS YOUR ETH DEVICE
###############################################################
iptables -A INPUT -i ens32 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i ens32 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
iptables -A FORWARD -i ppp+ -o ens32 -j ACCEPT
iptables -A FORWARD -i ens32 -o ppp+ -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
iptables -A FORWARD -p tcp -s 10.1.1.0/24 -j TCPMSS --syn --set-mss 1356
iptables -I INPUT -s 10.1.1.0/8 -i ppp+ -j ACCEPT
iptables --append FORWARD --in-interface ens32 -j ACCEPT
##############################################################
### REPLACE XXX.XXX.XXX.XXX WITH YOUR PUBLIC IP ADDRESS
##############################################################
iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d xxx.xxx.xxx.xxx -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -s xxx.xxx.xxx.xxx -d 0/0 -m state --state ESTABLISHED -j ACCEPT

7. Restart PPTP server
Finally, restart the PPTP server.

/etc/init.d/pptpd restart

8. Setup VPN connection in Windows 10.
To setup the VPN connection to the server is very easy using Windows 10. Just refer my picture at the beginning of the post. Replace xxx.xxx.xxx.xxx with server IP and using created username and password.

Leave a Reply

Your email address will not be published. Required fields are marked *