How to: Install a VPN Server (PPTP) on Debian/Ubuntu Linux VPS

OpenVZ require ppp support to be enabled from your vps control panel provider


if you still get errors (usually Couldn't open the /dev/ppp device: No such device or address and Please load the ppp_generic kernel module.) from the /var/log/ files about ppp kernel modules ask your provider assistance to give it a fix.After the fix if you receive another error ( like Couldn't set tty to PPP discipline: Invalid argument ) ask again to your provider to fully enable ppp.

The following command lines assume you are running the shell as normal user, if you are logged in as root no need to add the command sudo

Step 1: install pptpd

bash$ sudo apt-get update

bash$ sudo apt-get install pptpd

this will install bcrelay, ppp, pptpd

Step 2: configure pptpd and ppp

bash$ sudo pico -w /etc/pptpd.conf


bash$ sudo vi /etc/pptpd.conf

Modify the local and remote IP lines and the end of file:



if you are on a OpenVZ vps use:

localip YOUR-VPS-IP


bash$ pico -w /etc/ppp/pptpd-options


bash$ vi /etc/ppp/pptpd-options

Be sure the following lines are un-commented (aka the # is not at the beginning of the line):

name pptpd












mtu 1490

mru 1490

Now you should add the VPN account username/password to the ppp secrets file. Edit /etc/ppp/chap-secrets and add something like this:

myusername pptpd mys3cr3tpass *

myfriendsuser pptpd hisp@ssword *

myusername/myfrienduser is the username you choose to log in from your vpn client, mys3cr3tpass/hisp@ssword is the password you choose to log in from your vps client.

The word pptpd and * can be left alone.

Step 3: enable packets forwarding

bash$ sudo pico -w /etc/sysctl.conf


bash$ sudo vi /etc/sysctl.conf

Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing the # sign) and changing 0 to 1 so it looks like this:


Save & exit the editor, then run:

bash$ sudo sysctl -p

for the changes to take effect.
Add the iptables rule to create the NAT between eth0 and ppp interfaces:

bash$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

bash$ sudo iptables –table nat –append POSTROUTING –out-interface ppp0 -j MASQUERADE

bash$ sudo iptables -I INPUT -s YOUR-VPS-ADDRESS -i ppp0 -j ACCEPT

bash$ sudo iptables –append FORWARD –in-interface eth0 -j ACCEPT

Note that iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and XEN.
If you use OpenVZ, you need to use iptables SOURCE like this:

bash$ sudo iptables -t nat -A POSTROUTING -j SNAT –to-source <Public Server IP>

You need to replace <Public Server IP> with your VPS ip address.

To save the iptables rule install iptables-persistent:

bash$ sudo apt-get install iptables-persistent

then run:

bash$ sudo /sbin/iptables-save > /etc/iptables/rules

now start pptpd by running:

bash$ sudo service pptpd start


If you are on Windows XP and from the vpn server you get the following error messages:

vpsp ptpd[998]: CTRL: Starting call (launching pppd, opening GRE)

vps pppd[999]: Plugin /usr/lib/pptpd/ loaded.

vps pppd[999]: pppd 2.4.5 started by root, uid 0

vps pppd[999]: Using interface ppp0

vps pppd[999]: Connect: ppp0 <–> /dev/pts/1

vps pptpd[998]: GRE: Bad checksum from pppd.

vps pptpd[998]: CTRL: EOF or bad error reading ctrl packet length.

vps pptpd[998]: CTRL: couldn't read packet header (exit)

vps pptpd[998]: CTRL: CTRL read failed

vps pppd[999]: Modem hangup

vps pppd[999]: Connection terminated.

vps pppd[999]: Exit.

then you MUST try the connection from a Windows 7 before yelling at the VPN server.

Like it? Share it
Tweet This Share on Facebook Share on Google Plus Pinterest linkedin