How to setup a PPTP VPN on Ubuntu 12.04

Two days ago, my new test server from OVH was delivered. After the usual tinkering, I thought I would try something new.

I actually never installed a VPN, so this was kind of new to me.

There are different types of VPN protocols, and the one I used (PPTP) is the easiest and fastest to install. On the other hand, it's not as secure as other protocols (as L2PT/IPSec), but as I don't think I need that much encryption, I'll go with this one.

Installing a PPTP VPN:

 

1 - Login as root and type in terminal:

apt-get install pptpd

 

2 - Edit the file:

nano /etc/ppp/chap-secrets

and add a user and a password:

# Secrets for authentication using CHAP # client        server  secret          IP addresses user               *           password     *

Save and exit

 

3 - Edit the pptpd config file:

nano /etc/pptpd.conf

and uncomment the two last lines:

localip 192.168.0.234-238,192.168.0.245 remoteip 192.168.1.234-238,192.168.1.245

Save and exit

 

4 - Enable IP forwarding:

nano /etc/sysctl.conf

and uncomment the line:

#net.ipv4.ip_forward=1

Save and exit

 

5 - Set iptables/MTU rules to allow forwarding. Enter:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu

 

6 - Set pptpd to start on boot:

chmod +x /etc/init.d/pptpd
/usr/sbin/update-rc.d -f pptpd defaults

 

7 - Set the iptables rules to run on boot as well. Create the script:

nano /etc/iptables.sh

and enter exactly:

#!/bin/sh IPT="/sbin/iptables" $IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE $IPT -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu

Save and exit

 

8 - Set the script to run at boot:

chown root /etc/iptables.sh
chmod 700 /etc/iptables.sh

 

Edit the default network interfaces file

nano /etc/network/interfaces

and add:

pre-up /etc/iptables.sh

just like this:

# The primary network interface auto eth0 iface eth0 inet dhcp pre-up /etc/iptables.sh

Save and exit

 

9 - Edit pptpd-options:

nano /etc/ppp/pptpd-options

and add this two lines below the commented "ms-dns" (DNS configuration) :

ms-dns 8.8.8.8 ms-dns 8.8.4.4

Save and exit

 

10 - Reboot the server and test your new VPN.