How to setup a PPTP VPN on Ubuntu 12.04

Two days ago, my new test server from OVH was delivered. After the usual tinkering, I thought I would try something new.

I actually never installed a VPN, so this was kind of new to me.

There are different types of VPN protocols, and the one I used (PPTP) is the easiest and fastest to install. On the other hand, it’s not as secure as other protocols (as L2PT/IPSec), but as I don’t think I need that much encryption, I’ll go with this one.

Installing a PPTP VPN:

 

1 – Login as root and type in terminal:

apt-get install pptpd

 

2 – Edit the file:

nano /etc/ppp/chap-secrets

and add a user and a password:

# Secrets for authentication using CHAP
# client        server  secret          IP addresses
user               *           password     *

Save and exit

 

3 – Edit the pptpd config file:

nano /etc/pptpd.conf

and uncomment the two last lines:

localip 192.168.0.234-238,192.168.0.245
remoteip 192.168.1.234-238,192.168.1.245

Save and exit

 

4 – Enable IP forwarding:

nano /etc/sysctl.conf

and uncomment the line:

#net.ipv4.ip_forward=1

Save and exit

 

5 - Set iptables/MTU rules to allow forwarding. Enter:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

iptables -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu

 

6 – Set pptpd to start on boot:

chmod +x /etc/init.d/pptpd
/usr/sbin/update-rc.d -f pptpd defaults

 

7 – Set the iptables rules to run on boot as well. Create the script:

nano /etc/iptables.sh

and enter exactly:

#!/bin/sh
IPT=”/sbin/iptables”

$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPT -o eth0 -A FORWARD -p tcp –tcp-flags SYN,RST SYN -m tcpmss –mss 800:1536 -j TCPMSS –clamp-mss-to-pmtu

Save and exit

 

8 – Set the script to run at boot:

chown root /etc/iptables.sh
chmod 700 /etc/iptables.sh

 

Edit the default network interfaces file

nano /etc/network/interfaces

and add:

pre-up /etc/iptables.sh

just like this:

# The primary network interface
auto eth0
iface eth0 inet dhcp
pre-up /etc/iptables.sh

Save and exit

 

9 – Edit pptpd-options:

nano /etc/ppp/pptpd-options

and add this two lines below the commented “ms-dns” (DNS configuration) :

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Save and exit

 

10 – Reboot the server and test your new VPN.

 

, ,

No comments yet.

Leave a Reply


4 + eight =

%d bloggers like this: