Posted on

Setting up a PPTP Server on Ubuntu 12.04 LTS

Creating a PPTP VPN provides basic encryption but is better than none.

Install the necessary software (pptpd, pop):

user@ubuntu:~# sudo apt-get install pptpd ppp

Configure PPTP

user@ubuntu:~# sudo vi /etc/pptpd.conf

Add at the bottom of the file:


The value of “remoteip” will be the IP address range that are going to be used for the VPN upon successful connection. Currently, we have here 9 addresses, which is enough for concurrent devices.

Configure the pptpd daemon:

user@ubuntu:~# sudo vi /etc/ppp/pptpd-options
replace “#ms-dns″ with “ms-dns″
replace “#ms-dns″ with “ms-dns″

The addresses above are for the Google Public DNS server and are used for speed you can use any DNS servers.

Configure the username and password that will be used to authenticate client accessing the VPN:

user@ubuntu:~# sudo vi /etc/ppp/chap-secrets
# client server secret IP addresses
[UserName] pptpd [Password] *

Replace [UserName] with the username you wish to use these are not local user names just names used to connect.

Replace [Password] with the password you wish to use (I suggest a long random password.

Enable IP forwarding in the kernel which will forward the VPN IP to the public IP:

user@ubuntu:~# sudo vi /etc/sysctl.conf
Uncomment the line “net.ipv4.ip_forward=1″

For IPv6, uncomment “net.ipv6.conf.all.forwarding=1″

user@ubuntu:~# sudo sysctl -p

Enable IP forwarding in ufw if you have ufw enabled:

sudo vi /etc/default/ufw

Change the value of “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”

Now we need to enable NAT translation:

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To make sure this setting is held on reboot add the following to the /etc/rc.local file before exit 0

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Restart the Networking services in order to start new IPs and PPTPD services:

sudo /etc/init.d/networking restart
sudo /etc/init.d/pptpd restart