Linux/Ubuntu: How to setup pptp vpn server
Mon Aug 29 2022 13:48:11 GMT+0000 (Coordinated Universal Time)
Saved by @marcopinero #bash
# warning: this is not script, it's a set of instructions. #these steps create pptp vpn server so all clients can reach all others clients. ##################### SERVER SIDE (UBUNTU SERVER 16.04+) ###################### sudo apt-get install pptpd sudo update-rc.d pptpd defaults # I had to use this on 16.04... it fixes autostart problem: sudo systemctl enable pptpd #edit file "/etc/pptpd.conf": example using nano: $> sudo nano /etc/pptpd.conf #add the following lines: localip 10.20.0.1 remoteip 10.20.1.100-200 #100 clients #save it #edit file "/etc/ppp/chap-secrets": example using nano: $> sudo nano /etc/ppp/chap-secrets #add all clients with fixed ip addresses (change user1, user2... and password1, password2,.. according to your preference): user1 pptpd password1 10.20.1.100 user2 pptpd password2 10.20.1.101 user3 pptpd password3 10.20.1.200 : #save it #edit/add this line at "/etc/systl.conf": net.ipv4.ip_forward = 1 #save change: sudo sysctl -p #Configure iptables for forwarding (let clients see all each other): iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 10.20.0.0/16 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface enp0s8 -j ACCEPT iptables-save #restart your service: sudo service pptpd restart ##################### CLIENT SIDE FOR UBUNTU SERVER ###################### ## Start client side (Ubuntu Server (w/o GUI)): ## ## ============================================================ ## 1) Configure pptp: (Change your <vpn server address>) ## (in this example we named the provider as "pptpserver") ## ============================================================ sudo apt-get install pptp-linux sudo nano /etc/ppp/peers/pptpserver # add the following lines: pty "pptp <vpn server address> --nolaunchpppd" lock noauth nobsdcomp nodeflate name server password 13132828 remotename pptpserver persist maxfail 0 holdoff 5 require-mppe-128 # and save (ctrl-o ctrl-x) # ================================================================== # 2) Create config file for adding route automatically when startup: # this is necessary in order to not use vpn internet connection # (use same name of provider, in my case "pptpserver") # ================================================================== sudo nano /etc/ppp/ip-up.d/pptpserver # add the wollowings lines: #!/bin/bash # This script is called with the following arguments: # Arg Name # $1 Interface name # $2 The tty # $3 The link speed # $4 Local IP number # $5 Peer IP number # $6 Optional ''ipparam'' value foo /sbin/route add -net 10.20.0.0 netmask 255.255.0.0 dev ppp0 # and save (ctrl-o ctrl-x) #... then set execute permission: sudo chmod +x /etc/ppp/ip-up.d/pptpserver # ============================================================ # STARTUP CONNECTION # ============================================================ # ------------------------------------ # 1) Manual startup: # ------------------------------------ sudo pon pptpserver # ------------------------------------ # 2) Auto startup on boot: # ------------------------------------ # # a) USING INTERFACES: Edit interfaces file: # sudo nano /etc/network/interfaces # add the following lines to the end: auto tunnel iface tunnel inet ppp provider pptpserver # and save (ctrl-o ctrl-x) # then restart networking: sudo /etc/init.d/networking restart # # b) USING SERVICE SYSTEMCTL # sudo nano /etc/systemd/system/pppoe.service # add these lines: [Unit] Description=PPPoE connection [Service] Type=oneshot RemainAfterExit=true ExecStart=/usr/bin/pon pptpserver ExecStop=/usr/bin/poff -a [Install] WantedBy=default.target # and save # then change permissions: sudo chmod +x /etc/systemd/system/pppoe.service # then reload daemons: systemctl daemon-reload # and it will connect on boot. #start: sudo systemctl start pppoe #stop: sudo systemctl stop pppoe
Comments