In this guide I will be explaining how you can create a PPTP (Point to point tunnelling protocol) VPN using Ubuntu Server 10.04 LTS release, this should also work for other versions of Ubuntu Server too!
Ok so there are many types of VPN’s (PPTP, L2TP etc. etc.) PPTP is not the most secure type of VPN but is proberbly the easiest to setup and therefore I will be using this method (its only a home VPN after all!) Also…. you donât need to mess with certificates (like with L2TP+IPsec or SSL VPNs) on both sides of the connection.
VPN-ing into your server will allow you to connect to every possible service running on it, as if you were sitting next to it on the same network, without individually forwarding every port combination for every service you would like to access remotely.
Using a VPN connection also has the upshot of, if desired, granting access to other computers on the network as if you where in it locally from anywhere across the internet.
So lets get going….
Ok firstly we must install pptpd to install the daemon on your Ubuntu server, from the command line (logged in as root) execute the following command:-
apt-get install pptpd
Once installed we have a few configuration files we need to change…
we need to edit the main pptpd configuration…
nano /etc/pptpd.conf
and now add the following lines to it…
localip 192.168.0.2
remoteip 192.168.0.30,192.168.0.245
Where the âlocalipâ is the address of the server, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your networkâs requirements.
Now we need to edit the â/etc/ppp/pptpd-optionsâ configuration file:
nano /etc/ppp/pptpd-options
Append to the end of the file, the following directives:
ms-dns 192.168.0.1
nobsdcomp
noipx
mtu 1490
mru 1490
Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting too and, again, it is your responsibility to adjust this to your networkâs configuration.
Edit the chap secrets file:-
nano /etc/ppp/chap-secrets
Add to it the authentication credentials for a userâs connection, in the following syntax:-
username <TAB> * <TAB> users-password <TAB> *
Restart the connectionâs daemon for the settings to take affect:
/etc/init.d/pptpd restart
If you donât want to grant yourself access to anything beyond the server, then your done on the server side. – Your PPTP Server is setup and ready to go! 🙂
Don’t forgot to port forward port number 1723 on your router to point to the Ubunut Linux Server 🙂
You want more (Enable forwarding)??
While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network.
By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to âjumpâ through the VPN server, to all other devices on the network.
To achieve this we will be flipping the switch on the âforwardingâ parameter of the system.
Edit the âsysctlâ file:
nano /etc/sysctl.conf
Find the ânet.ipv4.ip_forwardâ line and change the parameter from 0 (disabled) to 1 (enabled):
net .ipv4.ip_forward=1
You can either restart the system or issue this command for the setting to take affect:
sysctl -p
With forwarding enabled, all the server side settings are prepared.
I would recommend using a âSplit Tunnelâ connection mode for the VPN client.
A more in depth explanation about the recommended âSplit Tunnelâ mode, as well as instructions for Ubuntu Linux users can be found in the âSetting up a âSplit Tunnelâ VPN (PPTP) Client on Ubuntu 10.04â guide.
This guide originated from http://sysadmingeek.com/articles/setting-up-a-vpn-pptp-server-on-debian/Â – I wouldn’t want to see a good tutorial dissapear! – So I’m mirroring it 🙂