How to: Install a VPN Server (PPTP) on Debian/Ubuntu Linux VPS

OpenVZ require ppp support to be enabled from your vps control panel provider

Settings










if you still get errors (usually Couldn’t open the /dev/ppp device: No such device or address and Please load the ppp_generic kernel module.) from the /var/log/ files about ppp kernel modules ask your provider assistance to give it a fix.After the fix if you receive another error ( like Couldn’t set tty to PPP discipline: Invalid argument ) ask again to your provider to fully enable ppp.

The following command lines assume you are running the shell as normal user, if you are logged in as root no need to add the command sudo



Step 1: install pptpd

bash$ sudo apt-get update

bash$ sudo apt-get install pptpd



this will install bcrelay, ppp, pptpd

Step 2: configure pptpd and ppp

bash$ sudo pico -w /etc/pptpd.conf

or

bash$ sudo vi /etc/pptpd.conf

Modify the local and remote IP lines and the end of file:

localip 192.168.0.1

remoteip 192.168.0.234-238

if you are on a OpenVZ vps use:

localip YOUR-VPS-IP

remoteip 192.168.0.234-238

bash$ pico -w /etc/ppp/pptpd-options

or

bash$ vi /etc/ppp/pptpd-options



Be sure the following lines are un-commented (aka the # is not at the beginning of the line):

name pptpd

refuse-pap

refuse-chap

refuse-mschap

require-mschap-v2

require-mppe-128

ms-dns 8.8.8.8

ms-dns 8.8.4.4

proxyarp

nodefaultroute

lock

nobsdcomp

mtu 1490

mru 1490

Now you should add the VPN account username/password to the ppp secrets file. Edit /etc/ppp/chap-secrets and add something like this:

myusername pptpd mys3cr3tpass *

myfriendsuser pptpd hisp@ssword *

myusername/myfrienduser is the username you choose to log in from your vpn client, mys3cr3tpass/hisp@ssword is the password you choose to log in from your vps client.

The word pptpd and * can be left alone.

Step 3: enable packets forwarding

bash$ sudo pico -w /etc/sysctl.conf

or

bash$ sudo vi /etc/sysctl.conf

Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing the # sign) and changing 0 to 1 so it looks like this:

net.ipv4.ip_forward=1

Save & exit the editor, then run:

bash$ sudo sysctl -p



for the changes to take effect.
Add the iptables rule to create the NAT between eth0 and ppp interfaces:

bash$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

bash$ sudo iptables –table nat –append POSTROUTING –out-interface ppp0 -j MASQUERADE

bash$ sudo iptables -I INPUT -s YOUR-VPS-ADDRESS -i ppp0 -j ACCEPT

bash$ sudo iptables –append FORWARD –in-interface eth0 -j ACCEPT



Note that iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and XEN.
If you use OpenVZ, you need to use iptables SOURCE like this:

bash$ sudo iptables -t nat -A POSTROUTING -j SNAT –to-source <Public Server IP>



You need to replace <Public Server IP> with your VPS ip address.

To save the iptables rule install iptables-persistent:

bash$ sudo apt-get install iptables-persistent

then run:

bash$ sudo /sbin/iptables-save > /etc/iptables/rules



now start pptpd by running:

bash$ sudo service pptpd start



PS:

If you are on Windows XP and from the vpn server you get the following error messages:

vpsp ptpd[998]: CTRL: Starting call (launching pppd, opening GRE)

vps pppd[999]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.

vps pppd[999]: pppd 2.4.5 started by root, uid 0

vps pppd[999]: Using interface ppp0

vps pppd[999]: Connect: ppp0 <–> /dev/pts/1

vps pptpd[998]: GRE: Bad checksum from pppd.

vps pptpd[998]: CTRL: EOF or bad error reading ctrl packet length.

vps pptpd[998]: CTRL: couldn’t read packet header (exit)

vps pptpd[998]: CTRL: CTRL read failed

vps pppd[999]: Modem hangup

vps pppd[999]: Connection terminated.

vps pppd[999]: Exit.



then you MUST try the connection from a Windows 7 before yelling at the VPN server.

Leave a comment

Your email address will not be published. Required fields are marked *