How to setup pptp VPN server on Linux [Tutorial]

I’m moving to Japan very soon and remembered that Google Voice won’t be working once I step onto Land of the Rising Sun. So I figured I should setup a VPN tunneling for me to access services that is available only in the US. Setting up PPTPD is fairly easy and straight forward. I’m using SoftLayer BYOC (Build Your Own Cloud) which cost $70/month for 2TB bandwidth (inbound bandwidth is free – unlike Rackspace cloud).

I picked the Ubuntu 10.04 Lucid Lynx for this example, but you can use any distro you prefer.

First, you need to install the PPTP daemon (server), and we are going to use apt-get to install it.

apt-get install pptpd

Once it is installed, let’s create user accounts for your VPN server by editing the chap-secrets file. Use any editor you like, I personally prefer Nano.

nano -w /etc/ppp/chap-secrets

Each users should be added in new line with following structure

yourusername pptpd yourpassword *

Next step is to configure localip/remoteip assignment on pptpd.conf

nano -w /etc/pptpd.conf

Since my local router is on 192.168.0.1, I wanted to avoid using the same IP assignment for my VPN connection. so I’m using 192.168.111.xxx instead on pptpd.conf

localip 192.168.111.1
remoteip 192.168.111.234-238,192.168.111.245

Now, let’s get IP forwarding working by editing sysctl.conf file

nano -w /etc/sysctl.conf

then uncomment this line

net.ipv4.ip_forward=1

Save the file and reload the configuration.

sysctl -p

Next is to edit rc.local file for iptables rule

nano -w /etc/rc.local

Add these line right above exit line. (eth1 is my public ethernet port, adjust as needed)

/sbin/iptables -t nat -A POSTROUTING -s 192.168.111.0/24 -o eth1 -j MASQUERADE
/sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356

Last but not least, let’s define the DNS to use with our pptpd. Currently I’m using Google Public DNS – It is fast and reliable; I know some of you prefer OpenDNS.

nano -w /etc/ppp/options

Uncomment the entries with ms-dns 192.168.1.1 and 192.168.1.2 then replace the IP with Google Public DNS IPs so it look like this

ms-dns 8.8.8.8
ms-dns 8.8.4.4

You are done! Next is just reboot your server and you should be able to connect to using PPTPD and send all your traffic thru this server. For more pptpd.conf reference, you can find them here.

If you have tips,comment, or unable to get it to work feel free to post them here.

  • MIke

    I am trying to save pptpd.conf file but it is not letting me save. I am using gedit editor.

  • James

    Are you logged in as root?

  • MIke

    Thanks. I was able to save the changes using root. But now the instruction is to reboot the server. And what are the steps after that to make connection to google voice. I am a novice here.Thanks again.

  • http://ms1.gotdns.com jonny rocket

    what??? no google voise? that sux.

  • Chris

    Netflix fails to work using this setup or any setup with pptpd.
    The problem seems to be with udp and broadcasts. Even with bcrelay. Did you manage you use Netflix on your test setup?

    Cheers,

  • Dean

    Chris, I got it to work by uninstalling my firewall on the server

    Try this rules /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

  • http://www.bitdg.com Mohammad Rafiq

    If we want to use public IP for each vpn user account instad of private IP so how we have to configur the VPN server ?

  • Travelinrob

    I did all of the steps and rebooted my server. Is there a test I can run on the server to see that it is working properly? Connection to the VPN fails from my client (VPN in Network Manager). Are there specific settings I need to use? I just put my server address, username and password. Do I need to forward a port(s) on my router to the server?

    Thanks.

  • tkral

    Does this allow you to see shares on other computers on the same network as the pptpd server?

    Thanx

  • sa144

    I have set up PPTP VPN server on ubuntu.
    But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
    i need to limit that to one user at the time.
    anybody knows how it can be done?

  • nodje

    I get this error message on Ubuntu after the second iptable rule:

    /sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-ms

    iptables v1.4.4: multiple -s flags not allowed

    how come?

    did anyone bumped into this?

  • Sloun

    Hi, great tutorial.
    One thing I don’t understand, why have you added this rule -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356 ?

    Cheers.

  • Philip

    Great stuff ! Very helpful :)

  • http://www.vpnserverwindows7.net Ignacio Graig

    Thanks for sharing this manual, however I cannot save pptpd.conf. Sorry for being newbie, I am just having CentOS as my 2nd system and it is more like a hobby. Would appreciate it if you could help.

  • Nigrl

    For those with the command error at this command
    /sbin/iptables -I FORWARD -p tcp -syn -i ppp+ -j TCPMSS -set-mss 1356

    It is a double — required before -syn and the -set-mes so it should be

    /sbin/iptables -I FORWARD -p tcp –syn -i ppp+ -j TCPMSS –set-mss 1356

    For those who can’t edit files, etc, the guide OMITS to mention this is all being done as ROOT, so before you type any commands type
    sudo -i
    … and then the commands will be all running as root and at the end of typing the commands, you need to exit to cease being root. Alternative, which is safer is insert sudo before each command.

  • warfie

    that’s the server, how to set a client to work with a server set like this?

  • Pieter

    Hey,

    You forgot the underscore in ip_forward. Thanks for the tutorial!

  • d1t1

    run gedit as rootd