Step by Step guide to install and configure the PPTP VPN server Ubuntu Linux

First install pptp package to configure

1. apt-get install pptpd

2. Adjust the IP settings at the bottom to your needs. (local ip – your Ubuntu server IP, remote IP – Preferred IP range for VPN clients)

sudo vi /etc/pptpd.conf
localip 192.168.20.211
remoteip 192.168.20.181-190,192.168.20.195

3. Specify the user names and passwords you want to give access to your vpn:

sudo vi /etc/ppp/chap-secrets

make sure the correct hostname under the server name (my VPN server name is ubuntu-svr)

# client    server          secret          IP addresses
vpnuser     ubunut-svr      p@$$w0rd        *

As in pptp there is no key file security depends solely on the password. Which is why you should choose a long (eg. 32 characters), random password.

4. Change the server name & Preferred DNS servers

sudo vi /etc/ppp/pptpd-options

name ubuntu-svr
ms-dns [DNS Server IP]
ms-dns [DNS Server IP]

5. Now we need to set up ip-masquerading:

sudo nano /etc/rc.local

Add the following lines above the line that says ‘exit 0‘

# PPTP IP forwarding
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

6. Optionally I recommend securing your SSH server against brute force attacks:

# SSH Brute Force Protection

iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –set –name SSH
iptables -A INPUT -i eth0 -p tcp –dport 22 -m state –state NEW -m recent –update –seconds 60 –hitcount 8 –rttl –name SSH -j DROP

You may have to change ‘eth 0? to another interface, depending on which interface is configured for LAN

7. Uncomment this line in /etc/sysctl.conf: or if you don’t have, enter the entry

net.ipv4.ip_forward=1

7. Reboot or you can restart the pptpd service

/etc/init.d/pptpd restart

You may need to forward port 1723 TCP and GRE to the LAN IP of your vpn-server. Refer to your router’s manual or to portforward.com for vendor specific instructions.

Done. Enjoy!

 

——–

root@ubuntu:/var/log# netstat -anp | grep pptpd

tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 870/pptpd
unix 2 [ ] DGRAM 8233 870/pptpd

 

 

If you stop and check, you cannot see the running process or listening port for PPTP

 

root@ubuntu:~# netstat -anp | grep pptpd

tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 870/pptpd

unix 2 [ ] DGRAM 8233 870/pptpd

root@ubuntu:~#

root@ubuntu:~# /etc/init.d/pptpd stop

Stopping PPTP: pptpd.

root@ubuntu:~#

root@ubuntu:~# netstat -anp | grep pptpd