====== PPTPd VPN ======
Let's get started with the tutorial below!
===== Installation =====
(Optional) Scrap off all the junk you won't need if it is a new box:
wget -O master.tar.gz http://github.com/maxexcloo/Minimal/tarball/master; tar zxvf *.gz; cd *Minimal*; sh minimal.sh ssh
If you are still using only `root` (have its benefits when you are just setting up your server), you will probably need to re-enable root login.
Edit `/etc/ssh/sshd_config` and find:
`PermitRootLogin no`
Replace it with:
`PermitRootLogin yes`
Save the file, exit the editor, and restart your SSHd server:
`/etc/init.d/ssh restart`
Install PPTPD:
`apt-get install pptpd`
Enable forwarding by editing `/etc/sysctl.conf` find:
`#net.ipv4.ip_forward=1`
Replace it with:
`net.ipv4.ip_forward=1`
Save the file, exit the editor, and apply the changes:
`sysctl -p`
Towards the end of `/etc/pptpd.conf`, add, or uncomment these lines:
localip 10.84.1.1
remoteip 10.84.1.101-200
Create your users by editing your `/etc/ppp/chap-secrets` file by adding it in the following format:
# Secrets for authentication using CHAP
# client server secret IP addresses
andy pptpd 1234 *
john pptpd abcd *
Create a new file which will manage the routing with `iptables` by creating `/etc/init.d/vpnforward`:
#! /bin/sh
case "$1" in
start)
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A FORWARD -i ppp+ -o vent0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.84.1.0/24 -j SNAT --to-source 127.0.0.1
echo "iptables entries for VPN forwarding added"
;;
stop)
echo "nothing to unload"
;;
*)
echo "Usage: /etc/init.d/vpnforward {start|stop}"
exit 1
esac
exit 0
Make it executable:
`chmod a+x /etc/init.d/vpnforward`
Add it to your boot sequence so you don't need to make the changes each time your VPS reboot:
`update-rc.d vpnforward defaults`
*note: use this command if you want to remove it from auto-run at boot:
`update-rc.d -f vpnforward remove`
Edit `/etc/ppp/pptpd-options` with the following options:
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Congratulations, you now have a working PPTPd VPN!