How To: PPTP VPN on Ubuntu 12.04 (pptpd)

PPTP VPN on Ubuntu 12.04 (pptpd)

Install Software
sudo apt-get install pptpd ufw

Allow Ports 22 and 1723 on UFW and Enable UFW
Warning: if you are connected to SSH on a port other than 22, please adjust the first command accordingly so you don’t get kicked off.

sudo ufw allow 22
sudo ufw allow 1723
sudo ufw enable

Edit /etc/ppp/pptpd-options
use your favourite editor in this case I use “sudo nano /etc/ppp/pptpd-options” and make sure you have the following parameters for encryption.

refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128

Add the following for MS-DNS and MS-WINS:
ms-dns 192.168.0.1
ms-wins 192.168.0.1

*note, I’m using my router default gateway for ms-dns and ms-wins where my server is getting internet connection from.

Enable Logging:debug
lock
nobsdcomp

Edit /etc/pptpd.conf
Use your favourite editor “sudo nano /etc/pptpd.conf”, add:
bcrelay eth0

*note, in my case I only have one network card and I’m using eth0 to connect to internet.

Add the following line at end of the file:
localip 10.99.99.10
remoteip 10.99.99.11-199

These values do not have to correspond to your network. It is best to pick un-accessible/unused addresses here if you only want to use the VPN for Internet access like me.

Edit /etc/ppp/chap-secrets
The format for “/etc/ppp/chap-secrets” is [Username] [Service] [Password] [Allowed IP Address]
Add something like this to the end (replacing test and testpass with whatever you want):
test pptpd testpass *

Reboot pptpd
Finally, you can reboot the pptpd server with:
sudo /etc/init.d/pptpd restart

Edit /etc/sysctl.conf
Un-comment the following line in “/etc/sysctl.conf”:
net.ipv4.ip_forward=1

The following command reloads the configuration (you can also just reboot at the end of this guide):
sudo sysctl -p

Edit /etc/default/ufw
Change the option “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”

Edit /etc/ufw/before.rules
Add the following either at the beginning of “/etc/ufw/before.rules” or just before the *filter rules (recommended):

# NAT table rules
*nat

:POSTROUTING ACCEPT [0:0]
# Allow forward traffic to eth0
-A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE

# Process the NAT table rules
COMMIT

 

How To: PPTP VPN on Ubuntu 12.04 (pptpd)
How To: PPTP VPN on Ubuntu 12.04 (pptpd)