Update 2016-04-06: It’s been tested on Ubuntu 14.04 and it works just fine.
Update 2016-10-03: It works even on Ubuntu 16.04 but the service for some reason fails to start on boot, if that’s your case run: sudo systemctl enable pptpd
I’ve tried several dozen’s how-tos before I tried this and I can confirm it’s working. First of all make sure that the virtualization you’re using will work with VPN – it doesn’t work with Linux vServer virtualization but it does work with KVM virtualization.
To verify that you have right virtualization platform just type in terminal:
You should see this:
cat: /dev/ppp: No such device or address
Ok so now you know that your virtualization is qualified for setup and here is the howto:
Install the PPTP package:
apt-get install pptpd
In pptpd.conf find lines containing:
and replace 184.108.40.206 with your public IP address
also replace range 10.1.0.1-100 with your desired range – ie. 192.168.123.1-254
So the PPTP will hand out IP addresses within range 192.168.123.1 to 192.168.123.254
In pptpd-options find lines beginning:
And replace the values with following:
ms-dns 220.127.116.11ms-dns 18.104.22.168
If you’re wondering what 22.214.171.124 and 126.96.36.199 means – those are Google’s public DNS servers, anyone can use them. Obviously you can (should) use your provider’s DNS servers unless there is a reason you want Google’s DNS servers. Such reason might be that your provider’s DNS servers are less reliable than Google’s, which is likely, though it’s Google and “Don’t be evil” is long gone…
this file chap-secrets contains username and passwords of your clients. It is also possible to set a static IP address which should be always assigned to specific username. Example of what chap-secrets can contain is this:
ClientsUserName1 * ClientsPassword1 192.168.123.77ClientsUserName2 * ClientsPassword2 192.168.123.78
Or you can add just this:
ClientsUserName1 * ClientsPassword1 *ClientsUserName2 * ClientsPassword2 *
And the IPs within range (192.168.123.1-254) will be automatically assigned to ClientsUserName1 and ClientsUserName2. I personally prefer static settings – ClientsUserName1 gets 192.168.123.77 and so on…
Now add to the very end this line:
ifconfig $1 mtu 1400
You might experiment with higher values like mtu 1500 which might improve throughput a bit.
Now allow PPTP through firewall:
iptables -t nat -A POSTROUTING -j SNAT --to-source 188.8.131.52
Obviously the value 184.108.40.206 replace with your public IP address.
Save the configuration in firewall:
Restart the PPTP server to take settings in effect:
You are done. But if you would like to enable forwarding (remote gateway) as most people probably want then edit sysctl.conf:
find in the sysctl.conf:
and remove the # (=uncomment it).
To enforce the effects run:
So now when a client connects to the VPN he is not only able to connect directly to the other VPN clients but also to use VPN server’s public IP address, so the client is not revealing his actual public IP address. Also there are services which are accessible from only a specific IP address this is a way how to guarantee the client will always have the same public IP address.
On top of that – here is a script how to force firewall to enable PPTP to go through even after reboot:
iptables-save > /etc/iptables.conf
cat > /etc/network/if-pre-up.d/iptables <<END
iptables-restore < /etc/iptables.conf
chmod +x /etc/network/if-pre-up.d/iptables
So now you’re done. Enjoy your VPN and congratulations 😉