OpenVZ require ppp support to be enabled from your vps control panel provider
Settings
if you still get errors (usually Couldn't open the /dev/ppp device: No such device or address and Please load the ppp_generic kernel module.) from the /var/log/ files about ppp kernel modules ask your provider assistance to give it a fix.After the fix if you receive another error ( like Couldn't set tty to PPP discipline: Invalid argument ) ask again to your provider to fully enable ppp.
The following command lines assume you are running the shell as normal user, if you are logged in as root no need to add the command sudo
Step 1: install pptpd
bash$ sudo apt-get update
bash$ sudo apt-get install pptpd
this will install bcrelay, ppp, pptpd
Step 2: configure pptpd and ppp
bash$ sudo pico -w /etc/pptpd.conf
or
bash$ sudo vi /etc/pptpd.conf
Modify the local and remote IP lines and the end of file:
localip 192.168.0.1
remoteip 192.168.0.234-238
if you are on a OpenVZ vps use:
localip YOUR-VPS-IP
remoteip 192.168.0.234-238
bash$ pico -w /etc/ppp/pptpd-options
or
bash$ vi /etc/ppp/pptpd-options
Be sure the following lines are un-commented (aka the # is not at the beginning of the line):
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
nodefaultroute
lock
nobsdcomp
mtu 1490
mru 1490
Now you should add the VPN account username/password to the ppp secrets file. Edit /etc/ppp/chap-secrets and add something like this:
myusername pptpd mys3cr3tpass *
myfriendsuser pptpd hisp@ssword *
myusername/myfrienduser is the username you choose to log in from your vpn client, mys3cr3tpass/hisp@ssword is the password you choose to log in from your vps client.
The word pptpd and * can be left alone.
Step 3: enable packets forwarding
bash$ sudo pico -w /etc/sysctl.conf
or
bash$ sudo vi /etc/sysctl.conf
Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing the # sign) and changing 0 to 1 so it looks like this:
net.ipv4.ip_forward=1
Save & exit the editor, then run:
bash$ sudo sysctl -p
for the changes to take effect.
Add the iptables rule to create the NAT between eth0 and ppp interfaces:
bash$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
bash$ sudo iptables –table nat –append POSTROUTING –out-interface ppp0 -j MASQUERADE
bash$ sudo iptables -I INPUT -s YOUR-VPS-ADDRESS -i ppp0 -j ACCEPT
bash$ sudo iptables –append FORWARD –in-interface eth0 -j ACCEPT
Note that iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and XEN.
If you use OpenVZ, you need to use iptables SOURCE like this:
bash$ sudo iptables -t nat -A POSTROUTING -j SNAT –to-source <Public Server IP>
You need to replace <Public Server IP> with your VPS ip address.
To save the iptables rule install iptables-persistent:
bash$ sudo apt-get install iptables-persistent
then run:
bash$ sudo /sbin/iptables-save > /etc/iptables/rules
now start pptpd by running:
bash$ sudo service pptpd start
PS:
If you are on Windows XP and from the vpn server you get the following error messages:
vpsp ptpd[998]: CTRL: Starting call (launching pppd, opening GRE)
vps pppd[999]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
vps pppd[999]: pppd 2.4.5 started by root, uid 0
vps pppd[999]: Using interface ppp0
vps pppd[999]: Connect: ppp0 <–> /dev/pts/1
vps pptpd[998]: GRE: Bad checksum from pppd.
vps pptpd[998]: CTRL: EOF or bad error reading ctrl packet length.
vps pptpd[998]: CTRL: couldn't read packet header (exit)
vps pptpd[998]: CTRL: CTRL read failed
vps pppd[999]: Modem hangup
vps pppd[999]: Connection terminated.
vps pppd[999]: Exit.
then you MUST try the connection from a Windows 7 before yelling at the VPN server.