
VPN is one of the way to encrypt data via a network. This article will guide you to setup PPTP VPN server using Ubuntu. There are many type of VPN but PPTP still a popular choice due to easy installation. We will be using Ubuntu as the VPN server, but basically the method is the same if you’re using another distro.
PPTP is compatible with most server type, especially Windows, that is why it still popular protocol especially with personal computer.
How to install on the server?
PPTP works in a client server model. There are a few steps to setup the server.
1. Install PPTP package
To install the PPTP package, just run the below command;
apt-get install pptpd
This will install the required package to make PPTP available.
2. Configure the pptpd.conf file.
Next, we need to configure the /etc/pptpd.conf file. In my sample, I will be use 192.168.0.100 to 192.168.0.200 as VPN IP range for the client connected to the VPN. I have to add the setting below for my configuration use.
localip 10.1.1.1 remoteip 10.1.1.100-200 debug set log All # or whatever you want to log
3. DNS Configuration
After that, we need to edit /etc/ppp/pptpd-options for the DNS configuration.
In my server, the active setting for my VPN is :
name pptpd require-mschap-v2 require-mppe-128 proxyarp nodefaultroute lock nobsdcomp ms-dns 1.1.1.1 ms-dns 8.8.8.8 debug logfile /pptpd.log dump
4. User password.
Next steps are to setup username and password and store inside /etc/ppp/chap-secrets file. The format is similar as below ;
# Secrets for authentication using CHAP # client server secret IP addresses user1 * pass092303 * user2 * pass2104 * user3 * pass1980 * user4 * pass8379 * user5 * pass1OD6f *
To add a new user, just add username and password in this file, then restart the pptpd service.
5. Setup forwarding.
This is very important for the PPTP to work correctly, as we need to forward the network packets between public IP and private IP. To setup IP forwarding, we need to edit /etc/sysctl.conf.
net.ipv4.ip_forward=1
To make setting active, run ‘sysctl -p’ or just reboot the server.
6. Setup firewall.
This is a very tricky part and can cause server cannot access if wrongly configured but I will cover for the VPN part only.
############################################################### ### VPN RULES ### ens32 IS YOUR ETH DEVICE ############################################################### iptables -A INPUT -i ens32 -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -i ens32 -p gre -j ACCEPT iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE iptables -A FORWARD -i ppp+ -o ens32 -j ACCEPT iptables -A FORWARD -i ens32 -o ppp+ -j ACCEPT iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu iptables -A FORWARD -p tcp -s 10.1.1.0/24 -j TCPMSS --syn --set-mss 1356 iptables -I INPUT -s 10.1.1.0/8 -i ppp+ -j ACCEPT iptables --append FORWARD --in-interface ens32 -j ACCEPT ############################################################## ### REPLACE XXX.XXX.XXX.XXX WITH YOUR PUBLIC IP ADDRESS ############################################################## iptables -A INPUT -p icmp --icmp-type 8 -s 0/0 -d xxx.xxx.xxx.xxx -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p icmp --icmp-type 0 -s xxx.xxx.xxx.xxx -d 0/0 -m state --state ESTABLISHED -j ACCEPT
7. Restart PPTP server
Finally, restart the PPTP server.
/etc/init.d/pptpd restart
8. Setup VPN connection in Windows 10.
To setup the VPN connection to the server is very easy using Windows 10. Just refer my picture at the beginning of the post. Replace xxx.xxx.xxx.xxx with server IP and using created username and password.