in General, Security

Installing and configuring PPTP VPN server on lenny

If you would like to setup a Virtual Private Network (VPN) for Windows clients, PPTP is a great choice. It’s easy to set up on the server and you don’t need any additional software for the Windows clients to connect.

1. Install the required packages

apt-get install pptpd

2. Configure the IP range assigned to clients (pico /etc/pptpd.conf)

localip 192.168.1.2
remoteip 192.168.1.10-20

Using this config the clients are assigned any IP address between and including 192.168.1.10 and 192.168.1.20.

3. Restart the PPTP daemon

/etc/init.d/pptpd restart

4. Create a user allowed to connect (pico /etc/ppp/chap-secrets)

user1 pptpd secretpassword *

Passwords are not encrypted. This allows the a user with the username: user1 and the password: secretpassword to login from any ip address.

5. Enable IP forward at startup to allow the VPN clients to connect to the server’s local network. (pico /etc/sysctl.conf)

net.ipv4.ip_forward=1

Also run this command to activate the IP forward instantly:

echo 1 > /proc/sys/net/ipv4/ip_forward

6. Create a routing rule to allow the VPN clients to route network traffic through the server.

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Read this tutorial to learn how to create iptables rules on startup:
Loading iptables rules on startup

Write a Comment

Comment

13 Comments

  1. I’m not too sure what the “POSTROUTING” and “MASQUERADE” in “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE” should be set to.

    Care to explain?

  2. DLS without that iptable rule the clients cant connect to the internet 😀

  3. how can we monitor PPTP Users and the traffic and bandwidth …. everything…?

  4. Hello there. Thanks for very nice PPTP VPN manual. I got just one question. IS it possible to monitor users traffic on VPN ? Give users quota for VPN ? Problem is on my server is users making too mutch traffic and i need to stop this. Thanks for any help. lu

  5. Lukas, use tc utility with htb tool to shape the traffic. Examine lartc.org please.
    And you can monitor the usage with snmp + mrtg. I don’t know if there is some tool out of the box for doing everything this.

  6. /etc/init.d/pptpd restart
    Restarting PPTP:
    Stopping PPTP: pptpd.
    Starting PPTP Daemon: pptpd.

    work perfectly thx

  7. No se pudo establecer la conexión remota porque se produjo un error en los túneles VPN probados. Puede que el servidor VPN esté inaccesible. Si la conexión está intentando usar un túnel L2TP/IPsec, es posible que los parámetros de seguridad necesarios para la negociación IPsec no estén configurados correctamente.