Installing and configuring PPTPd server

Below I will describe how pptpd is installed and configured. On the test I will install in Ubuntu Server 18.04.

Ubuntu installation command:

sudo apt-get install ppp pptpd

For example, open the configuration file in the nano text editor (ctrl+x to exit, y/n to save or cancel changes):

sudo nano /etc/pptpd.conf

Add the lines at the end of the file that indicate the IP server on the local network and the range for clients:

localip 192.168.5.1
remoteip 192.168.5.100-254

We enable authorization, encryption and specify DNS addresses by adding lines to the file:

sudo nano /etc/ppp/pptpd-options
auth
require-mppe
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Add users (* means that the user will receive IP automatically from the range):

sudo nano /etc/ppp/chap-secrets
USERNAME1 pptpd PASSWORD "*"
USERNAME2 pptpd PASSWORD "192.168.5.250"

Restart pptpd so that the changes to the configuration files apply:

sudo /etc/init.d/pptpd restart

Example iptables rules for pptpd:

sudo iptables -A INPUT -p gre -j ACCEPT
sudo iptables -A INPUT -m tcp -p tcp --dport 1723 -j ACCEPT

The rules below are needed if packet forwarding is used.
Ifconfig command can see if your network interface name is different from eth0.

sudo iptables -A INPUT -i ppp+ -j ACCEPT
sudo iptables -A OUTPUT -o ppp+ -j ACCEPT
sudo iptables -F FORWARD
sudo iptables -A FORWARD -j ACCEPT
sudo iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
sudo iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

Be sure to save the added rules, otherwise, after restarting the system, they will not be:

sudo service iptables save

To enable packet forwarding, add one line to the file:

sudo nano /etc/sysctl.d/99-sysctl.conf
net.ipv4.ip_forward=1

Apply the changes:

sudo sysctl --system

Done, you can connect to the server.

See also my articles:
Configuring PPTP (VPN) server on Mikrotik
Configuring a VPN Server in Windows Server
How to configure IPTables
Installing Accel-ppp on Ubuntu 18

Leave a comment

Leave a Reply

Discover more from IT Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading