====== Ubuntu PPTP VPN internet gateway ======
This is tested on [[https://m.do.co/c/8281e8db08bd|Digital Ocean - use this link to get 10$]]
=== Setup PPTP Server ===
First we need to install pptp server using apt-get
# sudo apt-get install pptpd
Then we need to configure the pptpd.
# sudo nano /etc/pptpd.conf
Add server IP and client IP at the end of the file. You can add like below:
localip 192.168.0.1
remoteip 192.168.0.100-200
This sets up the PPTP server to use IP 192.168.0.1 while distributing the IP range 192.168.0.100 to 192.168.0.200 to PPTP clients. Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.
Configure DNS servers to use when clients connect to this PPTP server
# sudo nano /etc/ppp/pptpd-options
Uncomment the ms-dns and add google like below or OpenDNS
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Now add a VPN user in /etc/ppp/chap-secrets file.
# sudo nano /etc/ppp/chap-secrets
The first column is username. Second column is server name, you can put “pptpd” in there. Third column is password. The last column is the IP addresses, you can put * to allow all IP.
# client server secret IP addresses
username * myPassword *
Finally start your server
# /etc/init.d/pptpd restart
=== Setup IP Forwarding ===
To enable IPv4 forward. Change /etc/sysctl.conf file, add forward rule below.
# sudo nano /etc/sysctl.conf
Uncomment the line
net.ipv4.ip_forward=1
Then reload the configuration
sudo sysctl -p
Add forward rule in iptables
# sudo nano /etc/rc.local
adding to the bottom just before the exit 0
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356
This example is using 192.168.0 for its PPTP subnet. The second rule adjusts the MTU size :
You are done. Just reboot your server and you should be able to connect to using PPTPD and send all your traffic through this server.
=== Setup Windows VPN connection ===
* Create a new PPTP connection
* Select Type of VPN: **Point to Point Tunneling Protocol (PPTP)**
* Select Data encryption: **Require encryption (disconnect if server declines)**
* Select **Allow theese protocols** and uncheck everything but the **Microsoft CHAP Version 2 (MS-CHAP v2)**
=== Setup Linux VPN connection ===
* $ sudo pptpsetup --create MYCONNECTION --server vpn.ourcompany.com --domain DOMAINNAME --username myname --password ******* --encrypt --start
* pon MYCONNECTION