sudo apt-get install pptpd ufw
Allow Ports 22 and 1723 on UFW and Enable UFW
Warning: if you are connected to SSH on a port other than 22, please adjust the first command accordingly so you don’t get kicked off.
sudo ufw allow 22
sudo ufw allow 1723
sudo ufw enable
use your favourite editor in this case I use “sudo nano /etc/ppp/pptpd-options” and make sure you have the following parameters for encryption.
Add the following for MS-DNS and MS-WINS:
*note, I’m using my router default gateway for ms-dns and ms-wins where my server is getting internet connection from.
Use your favourite editor “sudo nano /etc/pptpd.conf”, add:
*note, in my case I only have one network card and I’m using eth0 to connect to internet.
Add the following line at end of the file:
These values do not have to correspond to your network. It is best to pick un-accessible/unused addresses here if you only want to use the VPN for Internet access like me.
The format for “/etc/ppp/chap-secrets” is [Username] [Service] [Password] [Allowed IP Address]
Add something like this to the end (replacing test and testpass with whatever you want):
test pptpd testpass *
Finally, you can reboot the pptpd server with:
sudo /etc/init.d/pptpd restart
Un-comment the following line in “/etc/sysctl.conf”:
The following command reloads the configuration (you can also just reboot at the end of this guide):
sudo sysctl -p
Change the option “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”
Add the following either at the beginning of “/etc/ufw/before.rules” or just before the *filter rules (recommended):
# NAT table rules
:POSTROUTING ACCEPT [0:0]
# Allow forward traffic to eth0
-A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE
# Process the NAT table rules