Point-to-Point Tunneling Protocol (PPTP) is a protocol (set of communication rules) that permits corporations to expand their own corporate network by using private “tunnels” over the public Internet.
It was developed by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies.
In this tutorial you will learn to install and configure PPTP vpn on Linux Server.
We are using follwoing ip addresses for this tutorial.
172.10.0.1 PPTP server local IP
205.22.12.11 PPTP server Public IP
172.10.0.10 PPTP Client local ip assigned by VPN Server
208.30.80.112 PPTP Client Public IP
PPTP Installation on vpn server
First of all install PPTP on vpn server using below command.
On CentOS 6 x64:
root@linuxpcfix [~] yum install pptpd
On Ubuntu 12.10 x64:
open the pptp.conf configuration file and append the following lines
localip 172.10.0.1 (server local IP)
remoteip 172.10.0.100-100
Next, we have to setup authentication for PPTP through adding users and passwords see below
# client server secret IP addresses
user1 pptpd gajendra *
Then open /etc/ppp/options.pptpd file and Add DNS servers as following
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Now you start PPTP server:
root@linuxpcfix [~] netstat -plan |grep :1723
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 19594/pptpd
root@linuxpcfix [~] #
Then enable IP forwarding on your PPTP server. This will permit you to forward packets between public IP and private IPs that you setup with PPTP.
net.ipv4.ip_forward = 1
root@linuxpcfix [~] sysctl -p
Now time to create NAT rules in iptables
If you would also like your PPTP clients to talk to each other, the append the following rules in iptables:
root@linuxpcfix [~] iptables -I INPUT -s 172.10.0.0/24 -i ppp0 -j ACCEPT
root@linuxpcfix [~] iptables –append FORWARD –in-interface eth0 -j ACCEPT
Clients Side Configuration
On your client servers, install PPTP client:
Enable necessary Kernel module
Create a new file /etc/ppp/peers/pptpserver and append the following lines,
pty “pptp 205.22.12.11 (PPTP-Server-Public-IP) –nolaunchpppd”
name username
password user password
remotename pptpd
require-mppe-128
Note:- Replacing name and password with your own values:
Finally execute the following command to access PPTP server through PPTP clients.
If you are able to make successful connection from PPTP server then logs output shuld be as below.
Nov 28 18:08:21 PPA pptpd[24304]: CTRL: Client 205.22.12.11 control connection finished
Nov 28 18:09:35 PPA pptpd[30135]: CTRL: Client 205.22.12.11 control connection started
Nov 28 18:09:36 PPA pptpd[30135]: CTRL: Starting call (launching pppd, opening GRE)
Nov 28 18:09:36 PPA pppd[30137]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
Nov 28 18:09:36 PPA pppd[30137]: pppd 2.4.5 started by root, uid 0
Nov 28 18:09:36 PPA pppd[30137]: Using interface ppp0
Nov 28 18:09:36 PPA pppd[30137]: Connect: ppp0 <--> /dev/pts/2
Nov 28 18:09:36 PPA pppd[30137]: peer from calling number 205.22.12.11 authorized
Nov 28 18:09:36 PPA pppd[30137]: MPPE 128-bit stateless compression enabled
Nov 28 18:09:36 PPA pppd[30137]: Cannot determine ethernet address for proxy ARP
Nov 28 18:09:36 PPA pppd[30137]: local IP address 172.10.0.1
Nov 28 18:09:36 PPA pppd[30137]: remote IP address 208.30.80.112
You can also see PPTP Client side system logs
Nov 28 18:09:43 dns2 pppd[1255]: pppd 2.4.5 started by root, uid 0
Nov 28 18:09:43 dns2 pppd[1255]: Using interface ppp0
Nov 28 18:09:43 dns2 pppd[1255]: Connect: ppp0 <--> /dev/pts/1
Nov 28 18:09:43 dns2 pptp[1256]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Nov 28 18:09:43 dns2 pptp[1266]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 ‘Start-Control-Connection-Request’
Nov 28 18:09:43 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Nov 28 18:09:43 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Nov 28 18:09:44 dns2 pptp[1266]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 ‘Outgoing-Call-Request’
Nov 28 18:09:44 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Nov 28 18:09:44 dns2 pptp[1266]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer’s call ID 0).
Nov 28 18:09:44 dns2 pppd[1255]: CHAP authentication succeeded
Nov 28 18:09:44 dns2 kernel: PPP MPPE Compression module registered
Nov 28 18:09:44 dns2 pppd[1255]: MPPE 128-bit stateless compression enabled
Nov 28 18:09:44 dns2 pppd[1255]: local IP address 208.30.80.112
Nov 28 18:09:44 dns2 pppd[1255]: remote IP address 172.10.0.1
Next verify the PPTP client network interface it will look like as below.
ppp0 Link encap:Point-to-Point Protocol
inet addr:172.10.0.10 P-t-P:172.10.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:50 (50.0 b) TX bytes:56 (56.0 b)
You ping your PPTP server on private ip address.
PING 64.71.184.8 (172.10.0.1) 56(84) bytes of data.
64 bytes from 172.10.0.1: icmp_seq=1 ttl=55 time=29.0 ms
64 bytes from 172.10.0.1: icmp_seq=2 ttl=55 time=28.9 ms
64 bytes from 172.10.0.1: icmp_seq=3 ttl=55 time=28.9 ms
64 bytes from 172.10.0.1: icmp_seq=4 ttl=55 time=28.9 ms
64 bytes from 172.10.0.1: icmp_seq=5 ttl=55 time=29.0 ms
64 bytes from 172.10.0.1: icmp_seq=6 ttl=55 time=28.9 ms
If you are able to ping your PPTP server that mean you have successfully configure your own private network on public internet.
I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry since more than 14 years.
