PPTP VPN Server on Debian/Ubuntu

PPTP VPN Server on Debian/Ubuntu

Quick setup: Copy and Paste

This section is for the impatient. All you have to do is login to your Debian/Ubuntu server and copy paste the following commands and you’ll have a working VPN server in less than 2 mins.
In this section I assume you’re logged in as the root user, do NOT have any instance of pptpd installed now or earlier and the “net.ipv4.ip_forward” is commented in the /etc/sysctl.conf file.

apt-get install pptpd -y
update-rc.d pptpd defaults
echo "localip 192.168.1.1" >>; /etc/pptpd.conf
echo "remoteip 192.168.1.2-254" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/pptpd-options
echo "ms-dns 8.8.4.4" >> /etc/ppp/pptpd-options
echo "username * Pa55w0rd *" >> /etc/ppp/chap-secrets
service pptpd restart
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 192.168.1.0/24 -j TCPMSS  --clamp-mss-to-pmtu

Install the PPTPD package

On Debian/Ubuntu operating systems
apt-get install pptpd -y
update-rc.d pptpd defaults

Setup VPN and DNS IP addresses

 Edit the following file
nano /etc/pptpd.conf
And add the following lines to the end
localip 192.168.1.1
remoteip 192.168.1.2-254
You can use any private IP address range just make sure it is not already used in your local network and the local IP and the remote IP are in the same range.
Edit the following file to mention DNS servers
nano /etc/ppp/pptpd-options
Add the following lines to the end
ms-dns 8.8.8.8
ms-dns 8.8.4.4
You can use any DNS server here I’m using Google Public DNS just as an example.

Add usernames and passwords

Edit the following file
nano /etc/ppp/chap-secrets
and add username/password combinations one in each line in the following format

username * password *

Example

kirthan * rsEsss *
user2 * vPnpass *

If only you are going to use this VPN server a single username/password combination is enough.

Restart the pptpd service

service pptpd restart

Enable forwarding and create iptables rules

Our main purpose of setting up this VPN server is to access website right ? So our traffic has to be forwarded out of the VPN server’s public network interface.
Enable port forwarding on Linux by editing the sysctl.conf file

nano /etc/sysctl.conf

Add or find and comment out the following line





net.ipv4.ip_forward=1

Save, close the file and run the following command to make the changes take effect.

sysctl -p

The following iptables firewall rules allow port 1723, GRE and perform NAT


iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
In the last rule replace “eth0″ with the interface connecting to the internet on your VPN server. Finally the following rule is required to ensure websites load properly
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 192.168.1.0/24 -j TCPMSS  --clamp-mss-to-pmtu
Replace 192.168.1.0/24 with the IP address range used in the “remoteip” option in the /etc/pptpd.conf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation. To save the IPTables rules 

Create a VPN connection on your computer

Open the network setting and create new vpn connection
and add the Vpn server detail like password username ip

Free OpenVPN and PPTP VPN

Click on this link : Free vpn server


 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Start and Stop ssh-agent

Below is the bash script used to start and stop ss-agent #!/bin/bash ## in .bash_profile SSHAGENT=`which ssh-agent` SSHAGENTARGS="...