**WARNING** PPTP is insecure. It’s better and arguably easier to setup OpenVPN instead: OpenVPN setup tutorial
Low-end (cheap) VPS accounts are very popular nowadays and one of the reason is that people use them for personal VPN purposes.
There are some advantages on using a personal VPN server:
– server resources such as CPU, bandwidth are not shared among others
– you will know for certain what VPN or Internet activity logs are kept on the server (even though many public VPN providers say that they do not keep any logs on servers, you can’t really verify that)
PPTP is probably the most popular VPN protocol. Here is a short installation guide for Debian Linux (or Ubuntu).
Step 1: install pptpd
apt-get update apt-get install pptpd
this will install bcrelay, ppp, pptpd
Step 2: configure pptpd and ppp
pico -w /etc/pptpd.conf
(or use your favorite text editor, like vim)
Add the local and remote IP pool and the end of file:
localip 10.10.0.1 remoteip 10.10.0.2-10
in the above example, the VPN server IP will be 10.10.0.1 and the clients connecting to the VPN will be assigned private IP addresses from 10.10.0.2 to 10.10.0.10. You can obviously use other IP range or different private IP addresses (ex.: 192.168.x.y)
Save the file and exit the editor. Now edit the ppp configuration file:
pico -w /etc/ppp/pptpd-options
add the following at the end of file:
name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 220.127.116.11 #ms-dns 18.104.22.168 proxyarp nodefaultroute lock nobsdcomp mtu 1490 mru 1490
this is what you should have in the file. Notice that the ppp daemon will refuse unsecure CHAP and MSCHAP V1 authentications. MS-CHAP V2 PPTP VPN is not too safe, either, but is definitely a better option that older CHAP and MS-CHAP V1.
Now you should add the VPN account username/password to the ppp secrets file. Edit /etc/ppp/chap-secrets and add something like this:
myusername pptpd mys3cr3tpass 10.10.0.2 myfriendsuser pptpd hisp@ssword 10.10.0.3
Step 3: enable packets forwarding
Edit /etc/sysctl.conf and enable ipv4 forwarding by un-commenting the line (removing the # sign) and changing 0 to 1 so it looks like this:
Save & exit the editor, then run:
for the changes to take effect.
Add the iptables rule to create the NAT between eth0 and ppp interfaces:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
Note that iptables MASQUERADE doesn’t work on OpenVZ VPS containers. Works on KVM and XEN.
If you use OpenVZ, you need to use iptables SOURCE like this:
iptables -t nat -A POSTROUTING -j SNAT --to-source <Public Server IP>
now restart pptpd by running:
service pptpd restart
that’s all. Now you should test the connection.