Creating a PPTP VPN provides basic encryption but is better than none.
Install the necessary software (pptpd, pop):
[email protected]:~# sudo apt-get install pptpd ppp
[email protected]:~# sudo vi /etc/pptpd.conf
Add at the bottom of the file:
The value of “remoteip” will be the IP address range that are going to be used for the VPN upon successful connection. Currently, we have here 9 addresses, which is enough for concurrent devices.
Configure the pptpd daemon:
[email protected]:~# sudo vi /etc/ppp/pptpd-options
replace “#ms-dns 10.0.0.1″ with “ms-dns 18.104.22.168″
replace “#ms-dns 10.0.0.2″ with “ms-dns 22.214.171.124″
The addresses above are for the Google Public DNS server and are used for speed you can use any DNS servers.
Configure the username and password that will be used to authenticate client accessing the VPN:
[email protected]:~# sudo vi /etc/ppp/chap-secrets
[UserName] pptpd [Password] *
Replace [UserName] with the username you wish to use these are not local user names just names used to connect.
Replace [Password] with the password you wish to use (I suggest a long random password.
Enable IP forwarding in the kernel which will forward the VPN IP to the public IP:
[email protected]:~# sudo vi /etc/sysctl.conf
Uncomment the line “net.ipv4.ip_forward=1″
For IPv6, uncomment “net.ipv6.conf.all.forwarding=1″
[email protected]:~# sudo sysctl -p
Enable IP forwarding in ufw if you have ufw enabled:
sudo vi /etc/default/ufw
Change the value of “DEFAULTFORWARDPOLICY” from “DROP” to “ACCEPT”
Now we need to enable NAT translation:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
To make sure this setting is held on reboot add the following to the /etc/rc.local file before exit 0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Restart the Networking services in order to start new IPs and PPTPD services:
sudo /etc/init.d/networking restart
sudo /etc/init.d/pptpd restart