vpn:pptpd

PPTPd VPN

Let's get started with the tutorial below!

Installation

(Optional) Scrap off all the junk you won't need if it is a new box: 

wget -O master.tar.gz http://github.com/maxexcloo/Minimal/tarball/master; tar zxvf *.gz; cd *Minimal*; sh minimal.sh ssh

If you are still using only root (have its benefits when you are just setting up your server), you will probably need to re-enable root login.

Edit /etc/ssh/sshd_config and find:

PermitRootLogin no

Replace it with:

PermitRootLogin yes

Save the file, exit the editor, and restart your SSHd server:

/etc/init.d/ssh restart

Install PPTPD:

apt-get install pptpd

Enable forwarding by editing /etc/sysctl.conf find:

#net.ipv4.ip_forward=1

Replace it with:

net.ipv4.ip_forward=1

Save the file, exit the editor, and apply the changes:

sysctl -p

Towards the end of /etc/pptpd.conf, add, or uncomment these lines: 

localip 10.84.1.1
remoteip 10.84.1.101-200

Create your users by editing your /etc/ppp/chap-secrets file by adding it in the following format: 

# Secrets for authentication using CHAP
# client		server	secret			IP addresses
andy			pptpd	1234			*
john			pptpd	abcd			*

Create a new file which will manage the routing with iptables by creating /etc/init.d/vpnforward: 

#! /bin/sh

case "$1" in
	start)
		iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
		iptables -A INPUT -p 47 -j ACCEPT
		iptables -A FORWARD -i ppp+ -o vent0 -j ACCEPT
		iptables -t nat -A POSTROUTING -s 10.84.1.0/24 -j SNAT --to-source 127.0.0.1
		echo "iptables entries for VPN forwarding added"
		;;
	stop)
		echo "nothing to unload"
		;;
	*)
		echo "Usage: /etc/init.d/vpnforward {start|stop}"
		exit 1
esac

exit 0

Make it executable:

chmod a+x /etc/init.d/vpnforward

Add it to your boot sequence so you don't need to make the changes each time your VPS reboot:

update-rc.d vpnforward defaults

*note: use this command if you want to remove it from auto-run at boot:

update-rc.d -f vpnforward remove

Edit /etc/ppp/pptpd-options with the following options: 

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Congratulations, you now have a working PPTPd VPN!

  • vpn/pptpd.txt
  • Last modified: 2022/10/13 09:12
  • by 127.0.0.1