PPTPd VPN
Let's get started with the tutorial below!
Installation
(Optional) Scrap off all the junk you won't need if it is a new box:
wget -O master.tar.gz http://github.com/maxexcloo/Minimal/tarball/master; tar zxvf *.gz; cd *Minimal*; sh minimal.sh ssh
If you are still using only root
(have its benefits when you are just setting up your server), you will probably need to re-enable root login.
Edit /etc/ssh/sshd_config
and find:
PermitRootLogin no
Replace it with:
PermitRootLogin yes
Save the file, exit the editor, and restart your SSHd server:
/etc/init.d/ssh restart
Install PPTPD:
apt-get install pptpd
Enable forwarding by editing /etc/sysctl.conf
find:
#net.ipv4.ip_forward=1
Replace it with:
net.ipv4.ip_forward=1
Save the file, exit the editor, and apply the changes:
sysctl -p
Towards the end of /etc/pptpd.conf
, add, or uncomment these lines:
localip 10.84.1.1 remoteip 10.84.1.101-200
Create your users by editing your /etc/ppp/chap-secrets
file by adding it in the following format:
# Secrets for authentication using CHAP # client server secret IP addresses andy pptpd 1234 * john pptpd abcd *
Create a new file which will manage the routing with iptables
by creating /etc/init.d/vpnforward
:
#! /bin/sh case "$1" in start) iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p 47 -j ACCEPT iptables -A FORWARD -i ppp+ -o vent0 -j ACCEPT iptables -t nat -A POSTROUTING -s 10.84.1.0/24 -j SNAT --to-source 127.0.0.1 echo "iptables entries for VPN forwarding added" ;; stop) echo "nothing to unload" ;; *) echo "Usage: /etc/init.d/vpnforward {start|stop}" exit 1 esac exit 0
Make it executable:
chmod a+x /etc/init.d/vpnforward
Add it to your boot sequence so you don't need to make the changes each time your VPS reboot:
update-rc.d vpnforward defaults
*note: use this command if you want to remove it from auto-run at boot:
update-rc.d -f vpnforward remove
Edit /etc/ppp/pptpd-options
with the following options:
name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd ms-dns 8.8.8.8 ms-dns 8.8.4.4
Congratulations, you now have a working PPTPd VPN!