Creating a PPTP VPN provides basic encryption but is better than none.
Install the necessary software (pptpd, pop):
user@ubuntu:~# sudo apt-get install pptpd ppp
user@ubuntu:~# sudo vi /etc/pptpd.conf
Add at the bottom of the file:
localip 192.168.2.1 remoteip 192.168.2.2-10
The value of “remoteip” will be the IP address range that are going to be used for the VPN upon successful connection. Currently, we have here 9 addresses, which is enough for concurrent devices.
Configure the pptpd daemon:
user@ubuntu:~# sudo vi /etc/ppp/pptpd-options #require-mppe-128 replace “#ms-dns 10.0.0.1″ with “ms-dns 22.214.171.124″ replace “#ms-dns 10.0.0.2″ with “ms-dns 126.96.36.199″
The addresses above are for the Google Public DNS server and are used for speed you can use any DNS servers.
Configure the username and password that will be used to authenticate client accessing the VPN:
user@ubuntu:~# sudo vi /etc/ppp/chap-secrets # client server secret IP addresses [UserName] pptpd [Password] *
Replace [UserName] with the username you wish to use these are not local user names just names used to connect.
Replace [Password] with the password you wish to use (I suggest a long random password.
Enable IP forwarding in the kernel which will forward the VPN IP to the public IP:
user@ubuntu:~# sudo vi /etc/sysctl.conf Uncomment the line “net.ipv4.ip_forward=1″
For IPv6, uncomment “net.ipv6.conf.all.forwarding=1″
user@ubuntu:~# sudo sysctl -p
Enable IP forwarding in ufw if you have ufw enabled:
sudo vi /etc/default/ufw
Change the value of “DEFAULT_FORWARD_POLICY” from “DROP” to “ACCEPT”
Now we need to enable NAT translation:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
To make sure this setting is held on reboot add the following to the /etc/rc.local file before exit 0
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Restart the Networking services in order to start new IPs and PPTPD services:
sudo /etc/init.d/networking restart sudo /etc/init.d/pptpd restart