I’m moving to Japan very soon and remembered that Google Voice won’t be working once I step onto Land of the Rising Sun. So I figured I should setup a VPN tunneling for me to access services that is available only in the US. Setting up PPTPD is fairly easy and straight forward. I’m using SoftLayer BYOC (Build Your Own Cloud) which cost $70/month for 2TB bandwidth (inbound bandwidth is free – unlike Rackspace cloud).
I picked the Ubuntu 10.04 Lucid Lynx for this example, but you can use any distro you prefer.
First, you need to install the PPTP daemon (server), and we are going to use apt-get to install it.
apt-get install pptpd
Once it is installed, let’s create user accounts for your VPN server by editing the chap-secrets file. Use any editor you like, I personally prefer Nano.
nano -w /etc/ppp/chap-secrets
Each users should be added in new line with following structure
yourusername pptpd yourpassword *
Next step is to configure localip/remoteip assignment on pptpd.conf
nano -w /etc/pptpd.conf
Since my local router is on 192.168.0.1, I wanted to avoid using the same IP assignment for my VPN connection. so I’m using 192.168.111.xxx instead on pptpd.conf
localip 192.168.111.1 remoteip 192.168.111.234-238,192.168.111.245
Now, let’s get IP forwarding working by editing sysctl.conf file
nano -w /etc/sysctl.conf
then uncomment this line
net.ipv4.ip_forward=1
Save the file and reload the configuration.
sysctl -p
Next is to edit rc.local file for iptables rule
nano -w /etc/rc.local
Add these line right above exit line. (eth1 is my public ethernet port, adjust as needed)
/sbin/iptables -t nat -A POSTROUTING -s 192.168.111.0/24 -o eth1 -j MASQUERADE /sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356
Last but not least, let’s define the DNS to use with our pptpd. Currently I’m using Google Public DNS – It is fast and reliable; I know some of you prefer OpenDNS.
nano -w /etc/ppp/options
Uncomment the entries with ms-dns 192.168.1.1 and 192.168.1.2 then replace the IP with Google Public DNS IPs so it look like this
ms-dns 8.8.8.8 ms-dns 8.8.4.4
You are done! Next is just reboot your server and you should be able to connect to using PPTPD and send all your traffic thru this server. For more pptpd.conf reference, you can find them here.
If you have tips,comment, or unable to get it to work feel free to post them here.
MIke Says:
I am trying to save pptpd.conf file but it is not letting me save. I am using gedit editor.
Posted on November 16th, 2010 at 10:07 pm
James Says:
Are you logged in as root?
Posted on November 16th, 2010 at 10:12 pm
MIke Says:
Thanks. I was able to save the changes using root. But now the instruction is to reboot the server. And what are the steps after that to make connection to google voice. I am a novice here.Thanks again.
Posted on November 16th, 2010 at 10:43 pm
jonny rocket Says:
what??? no google voise? that sux.
Posted on November 17th, 2010 at 8:42 am
Chris Says:
Netflix fails to work using this setup or any setup with pptpd.
The problem seems to be with udp and broadcasts. Even with bcrelay. Did you manage you use Netflix on your test setup?
Cheers,
Posted on December 3rd, 2010 at 6:59 pm
Dean Says:
Chris, I got it to work by uninstalling my firewall on the server
Try this rules /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Posted on December 3rd, 2010 at 7:09 pm
Mohammad Rafiq Says:
If we want to use public IP for each vpn user account instad of private IP so how we have to configur the VPN server ?
Posted on February 20th, 2011 at 10:43 pm
Travelinrob Says:
I did all of the steps and rebooted my server. Is there a test I can run on the server to see that it is working properly? Connection to the VPN fails from my client (VPN in Network Manager). Are there specific settings I need to use? I just put my server address, username and password. Do I need to forward a port(s) on my router to the server?
Thanks.
Posted on February 25th, 2011 at 3:57 am
tkral Says:
Does this allow you to see shares on other computers on the same network as the pptpd server?
Thanx
Posted on March 14th, 2011 at 10:57 pm
sa144 Says:
I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?
Posted on August 1st, 2011 at 3:41 am
nodje Says:
I get this error message on Ubuntu after the second iptable rule:
/sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-ms
iptables v1.4.4: multiple -s flags not allowed
how come?
did anyone bumped into this?
Posted on October 31st, 2011 at 5:27 am
Sloun Says:
Hi, great tutorial.
One thing I don’t understand, why have you added this rule -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356 ?
Cheers.
Posted on November 1st, 2011 at 7:55 pm
Philip Says:
Great stuff ! Very helpful :)
Posted on November 12th, 2011 at 9:20 am
Samiul R Says:
Thanks
For giving this Info in public
Posted on December 8th, 2011 at 5:26 pm
windows 7 vpn Says:
This post is great. Very informative. I will be checking back regularly.
Posted on December 20th, 2011 at 12:52 am