PPTP VPN config on Linux
apt-get install pptpd mc
Type ifconfig and inspect the “eth0” section to find out the IP address of your server [inet addr]
mc -e /etc/pptpd.conf
add two lines:
(Assuming that your internal network IP address is 10.5.1.xxx, geeks call this the 10.5.1.0/24 subnet).
(It is important to avoid using the 192.168.1.xxx subnet for your home because most hotels, Linksys boxes, Cisco boxes, TP-LINK and Trendnet default to 192.168.1.xxx
You cannot VPN from one 192.168.1.0/24 network into another 192.168.1.0/24 network)
localip 10.5.1.3 (this address should be your server’s IP address, [inet addr] when you type ifconfig, see above )
remoteip 10.5.1.241-246
Above configuration assigns 6 IP addresses for 6 roaming users to VPN into your home/corporate network simultaneously.
mc -e /etc/ppp/options
find the line that says ms-dns, modify the IP addresses to suit your local environment.
These two IP addresses should be the IP addresses of the DNS servers provided to you by your ISP or use your router if that does the DNS for your network.
The following examples are the OpenDNS servers which anyone can use.
ms-dns 208.67.222.222
ms-dns 208.67.220.220
Create user accounts and passwords for roaming/telecommuting users to access your VPN server (use strong passwords for security)
mc -e /etc/ppp/chap-secrets
e.g.
alice pptpd a-strong-password *
bob pptpd another-strong-password *
The trailing * means these users are allowed to come in from any IP address, if the telecommuter or branch office
has a static or fixed IP address and never roams, then you can replace the * with his/her fixed IP address (or IP address block) for added security.
You typically want to use a “static IP” address for VPN server behind firewall.
Change the Debian box from DHCP to static IP address:
mc -e /etc/network/interfaces
find the line that says iface eth0 inet dhcp
change the above line to iface eth0 inet static
add 4 lines below the iface eth0 inet static line, the actual addresses you use should be your own internal network environment.
address 10.5.1.3
netmask 255.255.255.0
broadcast 10.5.1.255
gateway 10.5.1.1
F2 to save the file, F10 to quit editing
mc -e /etc/resolv.conf
nameserver 216.21.128.22 (note: please use your ISP/cable/DSL company’s DNS servers)
nameserver 216.21.129.22
F2 to save the file, F10 to quit editing.
reboot
One final tweak is to instruct the Linux kernel to “forward” VPN packets.
mc -e /etc/sysctl.conf
fine the line that says:
#net.ipv4.conf.default.forwarding=1
delete the #
save the file.
reboot
With older kernels, you may need to add these (depreciated) steps:
touch /etc/init.d/pptp
chmod 755 /etc/init.d/pptp
mc -e /etc/init.d/pptp edit the file, add one line, save the file.
echo 1 > /proc/sys/net/ipv4/ip_forward
cd /etc/rcS.d
ln -s /etc/init.d/pptp S85-pptp-packet-forward
reboot
