Setup PPP VPN on Debian/Ubuntu

Updated on November 21, 2023
Setup PPP VPN on Debian/Ubuntu header image

Install Packages

Install the pptpd package on your VPS with the following command:

apt-get install pptpd

Configuration

Insert new settings to /etc/pptpd.conf and /etc/ppp/pptpd-options by running the following commands:

cat >/etc/pptpd.conf <<EOF
option /etc/ppp/pptpd-options
logwtmp
localip 192.168.10.1
remoteip 192.168.10.101-200
EOF

cat >/etc/ppp/pptpd-options <<EOF
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
ms-dns 8.8.8.8
ms-dns 208.67.222.222
debug
dump
idle 300
EOF

Edit /etc/ppp/chap-secrets to insert VPN users.

FIRST_USERNAME	pptpd	PASSWORD1	*
SECOND_USERNAME	pptpd	PASSWORD2	*

Restart the pptpd service.

/etc/init.d/pptpd restart

Enable Forwarding

Run this command to enable IPv4 forwarding. IPv4 forwarding must be enabled for the VPN to work properly.

sed -i 's/#net\.ipv4\.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf

Make this change permanent.

sysctl -p

Setup Routing

Create a network startup script to configure iptables.

touch /etc/network/if-pre-up.d/route

Insert content to the script:

cat >/etc/network/if-pre-up.d/route <<EOF
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 192.168.10.0/24 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT
EOF

Setup this script to be executable.

chmod +x /etc/network/if-pre-up.d/route

Run the script to apply these rules to iptables.

/etc/network/if-pre-up.d/route

Complete

Now you can connect to your own VPN server from your PC or mobile device.