wave
Uncategorized

How To Setup Your Own VPN With PPTP on Linux (CentOS, Ubuntu, Debian).

Mohammed Naser

Mohammed Naser

A virtual private network (VPN) is network that extends a private network (i.e. LAN) across a public network, such as the Internet. It enables a communications between computers and devices across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.

This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. Basically, if two computers are connected through a VPN, they can communicate directly the same way as if they were in local network. Although the two computers could be physically very distant, the other computers on the internet are not able to intercept their communication.

Server side setup and configuration

The most popular VPN solutions are OpenVPN and PPTP. We will use PPTP. Before we proceed and setup our own VPN network, we should have one computer that will be the VPN server. That computer will be responsible for assigning IP addresses to the clients, establishing initial connection between the clients or between client and the server, handling the security protocols and users/clients authentication. In order to install PPTP we will execute the following command:

# apt-get install pptpd

Alternatively, if we are using CentOS we should execute:

# rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
# yum -y install pptpd

Next step is to edit the default configuration file /etc/pptpd.conf, using our favourite editor and add the following lines:

localip 172.16.0.1
remoteip 172.16.0.100-200

In this case, 172.16.0.1 is the IP that will be used inside the VPN by the VPN server, and An IP from the range 172.16.0.100-200 will be assigned to each client that will be authenticated.

Now we need to add new users. The file that contains the users and their password is /etc/ppp/chap-secrets. The client should be entered with the following information in the following order:

# client        server  secret                  IP addresses

In order to create new client called client1 that will be able to use the pptpd server from any location using the password password1 we should add the following line, in the following case, the asterisk means that anyone IP address can use that login information:

client1  pptpd    password1   *

The last thing that we need to do before starting our VPN server is to add DNS server. We can add the DNS servers provided by or internet provider or we can use Google DNS servers and insert them in the file.

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now we can start the pptpd daemon using the command:

service pptpd start

In order to verify that it is running and listening for incoming connections, we should execute:

netstat -alpn | grep pptp

The output should look something like this:

tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN      20934/pptpd
unix  2      [ ]         DGRAM                    5992346  20934/pptpd

In order for VPN server to work properly and be able to forward the requests we should make sure that the following line exists in /etc/systl.conf.

net.ipv4.ip_forward = 1

If it does not exist, we need to add it and then apply the configuration using the following command:

sysctl -p

If we want the clients to be able to communicate to each other inside the VPN network we should create the following iptables rules:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
# iptables --table nat --append POSTROUTING --out-interface ppp0 -j
# iptables -I INPUT -s 172.16.0.0/16 -i ppp0 -j ACCEPT
# iptables --append FORWARD --in-interface eth0 -j ACCEPT

Client side setup and configuration

In order for a client computer to be able to connect to our VPN server, we should install the PPTP client using the following command (the first one is for CentOS, the second is for Debian/Ubuntu):

# yum -y install pptp
# apt-get install pptp-linux

The VPN client request the ppp_mppe module, so we need to load it:

# modprobe ppp_mppe

Client configuration should be created in /etc/ppp/peers/ folder. In order to configure the parameters for the server we want to use, we should create the configuration file using our favorite editor and set the following parameters (we are at client1 now):

pty "pptp  --nolaunchpppd"
name client1
password password1
remotename PPTP
require-mope-128

If our config files in the example above, was named /etc/ppp/peers/vpnserver, then in order to start the client and connect to the VPN server we should execute:

# pppd call vpnserver

After starting the client, check the log files for possible errors or successful connection info using the following command:

# cat /var/log/syslog | grep pptp

We should explicitly set proper routing for the VPN traffic on our clients:

ip route add 172.16.0.0/16 dev ppp0

Once this is done, we can repeat the procedure and add more client and they will all be able to communicate to each other inside secured virtual private network. The computer can communicate using any protocol or service, such as HTTP, SMTP, telnet, MySQL, FTP etc. PPTP server doesn’t demand high usage of CPU resources, but still, all traffic is 128-bit encrypted. This provides decent level of security and protection for our sensitive data and information.

Would you like to know about Zuul, a CI/CD project gating tool? Download our white paper and get reading!

How to up your DevOps game with Project Gating

Share on Social Media:

OpenStack

Cluster API driver for OpenStack Magnum

Mohammed Naser

Public Cloud

9000 MTUs (jumbo frames) in all Public Cloud Regions

Mohammed Naser

Uncategorized

OpenInfra Summit Berlin 2022 VEXXHOST Recap

Mohammed Naser

Go to Top