Easiest way to setup Ubuntu as a VPN server
WARNING: PPTP IS AN INSECURE PROTOCOL! Not only has the encryption been breached, but it sends your authentication in clear text and is easily intercepted. It has been estimated that the amount of time required to brute-force the password is roughly equivalent to the time required to brute-force a single DES key. Consider using OpenVPN or another VPN architecture instead of PPTP!
I used this guide to set up a PPTP VPN server on my Ubuntu 12.04 server.
To summarize the main points in the link, though:
1: Install pptpd
and ufw
. iptables
can be used in place of ufw, but for the sake of easiness, ufw
is better if you don't know iptables
.sudo apt-get install pptpd ufw
2: Open the ports needed. The guide suggests 22 (SSH) and 1723 for the pptp vpn.
sudo ufw allow 22 sudo ufw allow 1723 sudo ufw enable
3: Edit /etc/ppp/pptpd-options
. Open the file with your favorite editor (mine's nano, so the command for me is sudo nano /etc/ppp/pptpd-options
), and comment out these lines by putting a #
before them, if you want this to work universally on all OSes:
refuse-pap refuse-chap refuse-mschap
You can comment this line if you want to disable encryption: require-mppe-128
4: While editing /etc/ppp/pptpd-options
, add DNS servers for the VPN. This example uses OpenDNS servers:
ms-dns 208.67.222.222 ms-dns 208.67.220.220
5: Edit /etc/pptpd.conf
. Open the file with your favorite editor (mine's nano, so the command for me is sudo nano /etc/pptpd.conf
). You need to add the local VPN IPs for the system, so add:
localip 10.99.99.99 remoteip 10.99.99.100-199
If your system is a VPS, use the public IP for "localip". If it is not and is on a local network, use your computer's network IP. Use different IPs and ranges if these IPs exist on your subnet!
If you don't know your public IP of your VPS, find it by running dig +short myip.opendns.com @resolver1.opendns.com
6: Edit /etc/ppp/chap-secrets
. Open the file with your favorite editor (mine's nano, so the command for me is sudo nano /etc/ppp/chap-secrets
), and add the auth data.
The format for /etc/ppp/chap-secrets
is:
[Username] [Service] [Password] [Allowed IP Address]
An example would be: sampleuser pptpd samplepassword *
7: Restart pptpd. Run this command in terminal: sudo /etc/init.d/pptpd restart
8: Edit /etc/sysctl.conf
. Open the file with your favorite editor (mine's nano, so the command for me is sudo nano /etc/sysctl.conf
). Un-comment the following line (by removing the #
at the beginning of it) in /etc/sysctl.conf
: net.ipv4.ip_forward=1
Reload the configuration: sudo sysctl -p
9: This step assumes you have ufw.
Edit /etc/default/ufw
and change the option DEFAULT_FORWARD_POLICY
from DROP
to ACCEPT
10: This step assumes you have ufw.
Edit /etc/ufw/before.rules
, and add the following either at the beginning of /etc/ufw/before.rules
or just before the *filter
rules (recommended):
# NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Allow forward traffic to eth0 -A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE # Process the NAT table rules COMMIT
If you have kernel version 3.18 and newer (you can check this by running uname -r
), also add the following lines before the # drop INVALID packets ...
line:
-A ufw-before-input -p 47 -j ACCEPT
11: Restart the firewall, to refresh the rule sets and to apply the rules we added to the /etc/ufw/*.rules
files: sudo ufw disable && sudo ufw enable
Warning: If you have other ports you need open, such as for HTTPS if your server hosts a website, you need to individually add those ports to the allowed list with sudo ufw allow <PORT>
UPDATE: As of Sierra, macOS no longer supports PPTP vpn. This answer is not valid for macOS clients Sierra and beyond.
PPTP via PoPToP is easy
apt-get install pptpd
- edit
/etc/pptpd.conf
and set the remoteip option to a range on your network that is NOT served by your DHCP server. - edit
/etc/ppp/chap-secrets
and add a username and password
e.g.
vpnuser pptpd vpnpassword *
This is all it takes to setup pptp. Now test it with your OS X client.
PPTP VPN on Ubuntu 12.04 Example
Here is a quick tutorial to set up a basic PPTP VPN server on Ubuntu 12.04.
Install Necessary Packages
sudo apt-get install ppp pptpd
Configure PPTP IP Ranges on the Server
sudo nano /etc/pptpd.conf
Add the following lines in end
localip 10.89.64.1
remoteip 10.89.64.100-150
This sets up the PPTP server to use IP 10.89.64.1 while distributing the IP range 10.89.64.100 to 10.89.64.150 to PPTP clients. Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.
Configure DNS Servers to Use When Clients Connect to this PPTP Server
sudo nano /etc/ppp/pptpd-options
Modify OR Add the following lines in end
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Create a PPTP User
sudo nano /etc/ppp/chap-secrets
Append a line at the bottom so your file looks something like:
# client server secret IP addresses
test pptpd abcd1234 *
Configure NAT for PPTP Connections
Without this step you will be able to connect but your connection will not be able to load any web connection from this server.
sudo nano /etc/rc.local
Add the following to the bottom right before “exit 0” line:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Assuming eth0, you can use ifconfig
to check network name.
Enable IPv4 forwading:
sudo nano /etc/sysctl.conf
Uncomment the following line:
net.ipv4.ip_forward=1
Then reload the configuration:
sudo sysctl -p
Reboot your VPS and everything should work swimmingly from any PPTP client.
Client side configuration
For Mac, make sure you added PPTP VPN connection. Besides that you only need to setup server address, account name, and password in authentication settings. No pain here.
For Linux, NetworkManager to add VPN connections. Make sure you added PPTP VPN connection. And the configuration I use is here:
How To Debug and Fix PPTP/VPN Client Connection
And for Windows