Setup PPP VPN on Debian/Ubuntu
Published on October 1, 2014•Updated on November 21, 2023
Install Packages
Install the pptpd package on your VPS with the following command:
apt-get install pptpd
Configuration
Insert new settings to /etc/pptpd.conf
and /etc/ppp/pptpd-options
by running the following commands:
cat >/etc/pptpd.conf <<EOF
option /etc/ppp/pptpd-options
logwtmp
localip 192.168.10.1
remoteip 192.168.10.101-200
EOF
cat >/etc/ppp/pptpd-options <<EOF
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
ms-dns 8.8.8.8
ms-dns 208.67.222.222
debug
dump
idle 300
EOF
Edit /etc/ppp/chap-secrets
to insert VPN users.
FIRST_USERNAME pptpd PASSWORD1 *
SECOND_USERNAME pptpd PASSWORD2 *
Restart the pptpd service.
/etc/init.d/pptpd restart
Enable Forwarding
Run this command to enable IPv4 forwarding. IPv4 forwarding must be enabled for the VPN to work properly.
sed -i 's/#net\.ipv4\.ip_forward=1/net.ipv4.ip_forward=1/' /etc/sysctl.conf
Make this change permanent.
sysctl -p
Setup Routing
Create a network startup script to configure iptables.
touch /etc/network/if-pre-up.d/route
Insert content to the script:
cat >/etc/network/if-pre-up.d/route <<EOF
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 192.168.10.0/24 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT
EOF
Setup this script to be executable.
chmod +x /etc/network/if-pre-up.d/route
Run the script to apply these rules to iptables.
/etc/network/if-pre-up.d/route
Complete
Now you can connect to your own VPN server from your PC or mobile device.