PPTP VPN Server On Raspberry PI

About Raspberry PI

It is a super small super recommended PC that you can buy for 25 $.

When using it as a VPN server, there was no particular problem if it was a wired LAN connection, but when using it with a Wi-fi wireless LAN adapter (USB), it is said that sufficient power cannot be stably supplied to the wireless LAN adapter. There was a problem with the old model. Searching in google I found information that to solve this problem, additional capacitors should be added.

If it is the new Raspberry Pi Model B +, I think that it can be operated stably without soldering work such as capacitors.

PPTPD installation and configuration

I think it can be done in five minutes 😊

$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install pptpd
$ sudo vi /etc/pptpd.conf

Uncomment the part that is commented out at the end of the file. Please set the IP of this terminal that is being set as a VPN server for localip. For the time being, please set the IP address fixedly to this terminal by DHCP from the setting screen of the router. As you probably know, you can $ ifconfiglook up the MAC address with.

localip 192.168.123.2
remoteip 192.168.123.234-238, 192.168.123.245

Let’s set the DNS server used by the connected client. In the normal case, 1.1.1.1 I think it's a good idea to insert the IP of the router or even if it is appropriate.

$ sudo vi /etc/ppp/pptpd-optionsms-dns 192.168.0.1

Add a user account that can be accessed with pptp. Note that the password is saved in clear text.

$ sudo vi /etc/ppp/chap-secrets#Username Servername Password Assigned IP
dummy pptpd dummy *

If you do not enable IP forwarding in the Linux itself (disabled by default) and also forward packets whose destination address is not yours, all packets from terminals connected via VPN will be discarded.

$ sudo vi /etc/sysctl.confnet.ipv4.ip_forward = 1 # Uncomment
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0

Even if you do not make this setting, it will connect depending on the machine, but iOS and Mac can be completely cut off. I can’t use it, yes. I think both were set to 1500 by default. The reason why this is cut off is that tunneling by VPN increases the amount of header information used for it, which exceeds 1500.

$ sudo vi /etc/ppp/optionsmtu 1280
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. Pppd
#will ask the peer to send packets of no more than <n> bytes. The
#minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP / IP header + 256
# bytes of data).
mru 1280

As an aside, as mentioned above, the mru config says that 296 bytes is recommended at low speeds.

If you have a separate router (which I think is usually the case), set up port forwarding on your router. 😊

Try connecting with the PPTP protocol from your iPhone/Android/Mac.
For the server IP, set the global IP of the VPN server terminal and router that you have set, or DNS. RSA SecureId is not set, so it is off. Please enter the account and password you set earlier. Since I haven’t set any proxy this time, I usually don’t need to set it.

Firewall

If you need it, You can setup a firewall on your VPN server. Install ufw or IPTables which is fine too

$ sudo apt-get install ufw
$ sudo ufw status

In T\this time, our VPN server is running on the default port 1723, so allow 1723. Other than that, please set it yourself. Or rather, I think that there are many people who have already set IPTables, so please set it yourself.
When will doing forget to allow the ssh ‘s it but commonplace but I take care.

$ sudo ufw allow ssh
$ sudo ufw allow 1723 / tcp

For the time being, leave the default setting as deny

$ sudo ufw default deny
$ sudo vi /etc/default/ufw

Change forward policy to ACCEPT

DEFAULT_FORWARD_POLICY="ACCEPT"

Add NAT settings

$ sudo vi /etc/ufw/before.rules

Add the following line to the beginning of the file. It means forwarding packets from 192.168.123.0/24 to eth0. Of course, if you are using eth other than eth0, please change it. You know what you’re using, but you ifconfigcan check it with a command.

# NAT Table Rules
*nat
: POSTROUTING ACCEPT [0:0]
# Allow forward traffic from eth0:0 to eth0
-A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE

COMMIT

Finally restart ufw to reflect the settings

sudo ufw disable &&  sudo ufw enable

The raspberry pi is now a VPN server. Congrats!

 by the author.

--

--

--

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

Love podcasts or audiobooks? Learn on the go with our new app.

What is Google Safe Search? How to use it?

Announcement of LBank Launches ATC Trading Contest to Share 60,000 ATC

My Opinion of BSC STATION

Cybersecurity: Identification, Authentication, Authorization, Auditing, Accountability, And…

X Swap Protocol

MSFVenom Cheatsheet

🙌 We’ve just completed H1 2021, and we wanted to take a moment to look back at what we’ve achieved.

Getting started with XSS: Cross-Site Scripting Attacks

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maciej

Maciej

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

More from Medium

Installing Docker And Serving An Application From Raspberry Pi Server

Install ROS2 Foxy

Securing Your Linux Server Part II

Bash aliases

Bash shell