How to setup a PPTP VPN on Ubuntu 12.04

Two days ago, my new test server from OVH was delivered. After the usual tinkering, I tought I would try something new.

I actually never installed a VPN, so this was kind of new to me.

There are different types of VPN protocols, and the one I used (PPTP) is the easiest and fastest to install. On the other hand, it's not as secure as other protocols (like L2PT/IPSec or OpenVPN), but as I don't think I need that much encryption, I'll go with this one.

Installing a PPTP VPN:

1 - Login as root and type in terminal:

apt-get install pptpd

2 - Edit the file:

nano /etc/ppp/chap-secrets

and add a user and a password:

# Secrets for authentication using CHAP # client server  secret IP addresses user password  *
Save and exit 3 - Edit the pptpd config file: nano /etc/pptpd.conf and uncomment the two last lines:

localip 192.168.0.234-238,192.168.0.245

remoteip 192.168.1.234-238,192.168.1.245

Save and exit 4 - Enable IP forwarding: nano /etc/sysctl.conf and uncomment the line:
#net.ipv4.ip_forward=1
Save and exit 5 - Set iptables/MTU rules to allow forwarding. Enter: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu 6 - Set pptpd to start on boot: chmod +x /etc/init.d/pptpd /usr/sbin/update-rc.d -f pptpd defaults 7 - Set the iptables rules to run on boot as well. Create the script: nano /etc/iptables.sh and enter exactly:

#!/bin/sh

IPT="/sbin/iptables"

$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE

$IPT -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu

Save and exit

8 - Set the script to run at boot:

chown root /etc/iptables.sh
chmod 700 /etc/iptables.sh

 

Edit the default network interfaces file

nano /etc/network/interfaces

and add:

pre-up /etc/iptables.sh

just like this:

# The primary network interface auto eth0 iface eth0 inet dhcp pre-up /etc/iptables.sh

Save and exit

 

9 - Edit pptpd-options:

nano /etc/ppp/pptpd-options

and add this two lines below the commented "ms-dns" (DNS configuration) :

ms-dns 8.8.8.8 ms-dns 8.8.4.4

Save and exit

 

10 - Reboot the server and test your new VPN.