If you are trying to set up VPN on linux operating system you have come to the right place. Most people consider linux to be more advanced when compared to windows as it relates to security and stability. Just to note a few of the popular instances are linux, Centos OS, Ubunto, Linux mint etc.
Although installing some of the most common software like, Skype, Web browsers, Music players are pretty easy using the software repositories, it could be quite intimidating for a newbie to configure VPN or install a new printer if it doesn’t work out-of-box.
VPN as we know is a virtual private network and there are two types of VPN architecture (OpenVPN and PPTP VPN). We will focus on setting up VPN using PPTP VPN on Ubuntu and its derivatives
Server side setup
The server will be responsible to assign IP addresses to all the client machines in the network, be it Linux, Windows or Mac clients.
We need to install the PPTP package on the server. One can simply use the standard “apt-get” command to install. It is advisable to update the repositories first. Use the following commands. It will only take a few seconds for the installation to complete.
sudo apt-get update
sudo apt-get install pptdp
Now you will have to edit the pptd.conf file. The file resides in the following path, “/etc/pptpd.conf”
If you have GUI you can do it with your favorite text editor (e.g. Gedit).
sudo gedit /etc/pptpd.conf
Or you could use “nano” to edit the file right from the terminal.
sudo nano /etc/pptpd.conf
If you have not used nano before, you might as well check out this discussion on Ask Ubuntu [http://askubuntu.com/questions/54221/how-to-edit-files-in-a-terminal-with-nano] for help.
Add the following two lines to “pptpd.conf.”
What does these lines do? The VPN server will use the localip inside the VPN and an IP with in the range 172.20.0.100 to 300 (e.g., 172.20.0.120, 172.20.0.124, etc.,) will be assinged to the clients that connect to the server.
STEP 4 – Add New Users
You will have to use “nano” or a text editor or Gedit like you did with editing the pptpd.config file above. The file will have all the information about users and is stored in the following file, “/etc/ppp/chap-secrets”
Edit this file to add new users. You will have the enter certain details in the right order for this to work. First you will have to enter the client’s name, followed by the server, the password and IP address.
So a couple of new client added to the VPN might look like this.
computer1 pptpd password *
computer2 pptpd password *
You can either use a specific IP address, but it is better to use asterisk, which means that any IP address in the range assigned could be used to login.
STEP 5 – Assign DNS Server (Optional)
If you want to use OpenDNS, you should use these IP addresses 22.214.171.124 & 126.96.36.199. If you would like to use Google’s DNS, you will have to use the IPs 188.8.131.52 and 184.108.40.206. To use OpenDNS you can add these lines to the file.
Almost everything on the server side is done. Now it is time to wake the daemon. To start PPTPD, you will have to use the following terminal command.
service pptpd start
Now you need to setup proper forwarding. This time you will have to edit the file “/etc/systl.conf”
There should be the following line in this file.
net.ipv4.ip_forward = 1
If it doesn’t exist, copy paste this into the file and save the file and update it using the command,
Finally if you wish the clients to communicate with one another, you will have to add the following rules.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
In the above rule, you will have to replace “eth0” with the internet connection that is used by the server. You can use the commands, iwconfig and ifconfig to figure this out.
# iptables –table nat –append POSTROUTING –out-interface ppp0 -j
# iptables -I INPUT -s 172.20.0.0/20 -i ppp0 -j ACCEPT
# iptables –append FORWARD –in-interface eth0 -j ACCEPT
The above rule also requires you to use the correct internet connection like for the first rule. That’s it everything on the server side has been configured and clients could now handshake with the server now.
Client side setup
It really doesn’t matter what operating system the clients run. You can find tutorials to configure Windows and Mac OSX on the internet. There are even services like Switch VPN, that can help you connect you Android device to the VPN server quite easily. However, here we are going to see how one can easily setup a Debian-based client for VPN.
STEP 1 – pptp installed
The client should have pptp installed. We have already done this step on the server. You will just have to do this again on your clients with the following terminal commands on Debian-based distros.
sudo apt-get update
sudo apt-get install pptp-linux
Now you will have to load the ppp_mppe module, which could be triggered with the following command.
Create client configuration file in the following directory (/etc/ppp/peers/). You can name this file whatever you want. But you will have to remember this file name to connect to the VPN server.
pty “pptp –nolaunchpppd”
If you had named this file “vpncomputer1”, you should use the following command to connect to the server.
pppd call vpncomputer1
Finally for proper routing, you will have to execute the following line.
ip route add 172.20.0.0/20 dev ppp0
The above steps can use used several times to add multiple clients to the server.