How to Install and Configure PPTP VPN on Debian

Valic —  January 8, 2013 — 2 Comments

In the following how-to I will show you how to install and configure a PPTP VPN on Debian.

Step1. Install PPTPD 

apt-get install pptpd

Step2. Configure PPTP

After installing PPTPD , open the file /etc/pptpd.conf.

nano /etc/pptpd.conf

Then go to the end of the file where you can see examples of localip and remoteip.
Below them add your own values for localip and remoteip.

localip 10.10.10.1
remoteip 10.10.10.2-100

Now, uncomment the ms-dns lines from /etc/ppp/pptpd-options file and change them to to the dns servers provided by your ISP.

nano /etc/ppp/pptpd-options

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Step3. Add usernames and passwords.

Edit the file /etc/ppp/chap-secrets to add usernames and passwords:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
user_1  pptpd   password_1 *
user_2  pptpd   password_2 *

Step4.  IP Forwarding and Firewall Rules

You need to enable IP forwarding by editing the  /etc/sysctl.conf file and set net.ipv4.ip_forward to 1.

net.ipv4.ip_forward = 1

Make the changes to sysctl.conf take effect:

sysctl -p

Configure iptables to do NAT:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

If are on a VPS the ipt_MASQUERADE module is most likely disabled. Use the following rule instead:

iptables -t nat -A POSTROUTING -s 10.10.10.0/24 -o venet0:0 -j SNAT --to 123.123.123.123

Replace 123.123.123.123 with your  public IP address.

Now you need  to allow TCP port 1723 and the GRE protocol:

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT

NOTE: Again,  replace eth0 with venet0:0 if are on a VPS.

Now restart  PPTP server.

/etc/init.d/pptpd restart

Now  PPTP Server is ready for use.

Valic

Posts Twitter Facebook

Editor in Chief at Debian-Tutorials, Linux enthusiast.

2 responses to How to Install and Configure PPTP VPN on Debian

  1. How to resolve problem of wrong MAC address for a static IP address assigned to use internet through wired connection.please kindly tell me the process to overcome this problem. I have searched a lot but couldnt find any proper solution. I would like to browse in Debian OS as it gives good safety over attack.
    Thank You

  2. Tell me what error do you get

Leave a Reply

*

Text formatting is available via select HTML. <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>