How to install a VPN Server (PPTP) on Debian/Ubuntu
Linux VPS
**WARNING** PPTP is insecure. It’s better
and arguably easier to setup OpenVPN instead: OpenVPN setup tutorial
Low-end
(cheap) VPS accounts are very popular nowadays and one of the reason is that
people use them for personal VPN purposes.
There are some advantages on using a personal VPN server:
- server resources such as CPU, bandwidth are not shared among others
- you will know for certain what VPN or Internet activity logs are kept on the server (even though many public VPN providers say that they do not keep any logs on servers, you can’t really verify that)
There are some advantages on using a personal VPN server:
- server resources such as CPU, bandwidth are not shared among others
- you will know for certain what VPN or Internet activity logs are kept on the server (even though many public VPN providers say that they do not keep any logs on servers, you can’t really verify that)
PPTP is
probably the most popular VPN protocol. Here is a short installation guide for
Debian Linux (or Ubuntu).
Step 1:
install pptpd
apt-get update
apt-get install pptpd
this will
install bcrelay, ppp, pptpd
Step 2:
configure pptpd and ppp
pico -w /etc/pptpd.conf
(or use your
favorite text editor, like vim)
Add the
local and remote IP pool and the end of file:
localip 10.10.0.1
remoteip 10.10.0.2-10
in the above
example, the VPN server IP will be 10.10.0.1 and the clients connecting to the
VPN will be assigned private IP addresses from 10.10.0.2 to 10.10.0.10. You can
obviously use other IP range or different private IP addresses (ex.:
192.168.x.y)
Save the
file and exit the editor. Now edit the ppp configuration file:
pico -w /etc/ppp/pptpd-options
add the
following at the end of file:
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
#ms-dns 8.8.4.4
proxyarp
nodefaultroute
lock
nobsdcomp
mtu 1490
mru 1490
this is what
you should have in the file. Notice that the ppp daemon will refuse unsecure
CHAP and MSCHAP V1 authentications. MS-CHAP V2 PPTP VPN is not too safe,
either, but is definitely a better option that older CHAP and MS-CHAP V1.
Now you
should add the VPN account username/password to the ppp secrets file. Edit
/etc/ppp/chap-secrets and add something like this:
myusername pptpd mys3cr3tpass 10.10.0.2
myfriendsuser pptpd hisp@ssword 10.10.0.3
Step 3:
enable packets forwarding
Edit
/etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing
the # sign) and changing 0 to 1 so it looks like this:
net.ipv4.ip_forward=1
Save &
exit the editor, then run:
sysctl -p
for the
changes to take effect.
Add the
iptables rule to create the NAT between eth0 and ppp interfaces:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state
RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
Note that
iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and
XEN.
If you use
OpenVZ, you need to use iptables SOURCE like this:
iptables -t nat -A POSTROUTING -j SNAT --to-source
<Public Server IP>
now restart
pptpd by running:
service pptpd restart
that’s all.
Now you should test the connection.
0 comments:
Post a Comment