PPTP VPN Server On Raspberry PI
About Raspberry PI
It is a super small super recommended PC that you can buy for 25 $.
When using it as a VPN server, there was no particular problem if it was a wired LAN connection, but when using it with a Wi-fi wireless LAN adapter (USB), it is said that sufficient power cannot be stably supplied to the wireless LAN adapter. There was a problem with the old model. Searching in google I found information that to solve this problem, additional capacitors should be added.
If it is the new Raspberry Pi Model B +, I think that it can be operated stably without soldering work such as capacitors.
PPTPD installation and configuration
I think it can be done in five minutes 😊
Update your system to the latest version if necessary
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo apt-get install pptpd
pptpd settings (own IP and assigned IP to connected clients)
$ sudo vi /etc/pptpd.conf
Uncomment the part that is commented out at the end of the file. Please set the IP of this terminal that is being set as a VPN server for localip. For the time being, please set the IP address fixedly to this terminal by DHCP from the setting screen of the router. As you probably know, you can
$ ifconfiglook up the MAC address with.
remoteip 192.168.123.234-238, 192.168.123.245
Let’s set the DNS server used by the connected client. In the normal case,
184.108.40.206 I think it's a good idea to insert the IP of the router or even if it is appropriate.
$ sudo vi /etc/ppp/pptpd-optionsms-dns 192.168.0.1
Account settings for connected clients
Add a user account that can be accessed with pptp. Note that the password is saved in clear text.
$ sudo vi /etc/ppp/chap-secrets#Username Servername Password Assigned IP
dummy pptpd dummy *
IP forward settings
If you do not enable IP forwarding in the Linux itself (disabled by default) and also forward packets whose destination address is not yours, all packets from terminals connected via VPN will be discarded.
$ sudo vi /etc/sysctl.confnet.ipv4.ip_forward = 1 # Uncomment
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0
Even if you do not make this setting, it will connect depending on the machine, but iOS and Mac can be completely cut off. I can’t use it, yes. I think both were set to 1500 by default. The reason why this is cut off is that tunneling by VPN increases the amount of header information used for it, which exceeds 1500.
$ sudo vi /etc/ppp/optionsmtu 1280
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. Pppd
#will ask the peer to send packets of no more than <n> bytes. The
#minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP / IP header + 256
# bytes of data).
As an aside, as mentioned above, the mru config says that 296 bytes is recommended at low speeds.
Let’s set up the router
If you have a separate router (which I think is usually the case), set up port forwarding on your router. 😊
Try connecting with the PPTP protocol from your iPhone/Android/Mac.
For the server IP, set the global IP of the VPN server terminal and router that you have set, or DNS. RSA SecureId is not set, so it is off. Please enter the account and password you set earlier. Since I haven’t set any proxy this time, I usually don’t need to set it.
If you need it, You can setup a firewall on your VPN server. Install ufw or IPTables which is fine too
$ sudo apt-get install ufw
$ sudo ufw status
Allowed port settings
In T\this time, our VPN server is running on the default port 1723, so allow 1723. Other than that, please set it yourself. Or rather, I think that there are many people who have already set IPTables, so please set it yourself.
When will doing forget to allow the ssh ‘s it but commonplace but I take care.
$ sudo ufw allow ssh
$ sudo ufw allow 1723 / tcp
For the time being, leave the default setting as deny
$ sudo ufw default deny
Packet forwarding permission settings
$ sudo vi /etc/default/ufw
Change forward policy to ACCEPT
Add NAT settings
$ sudo vi /etc/ufw/before.rules
Add the following line to the beginning of the file. It means forwarding packets from 192.168.123.0/24 to eth0. Of course, if you are using eth other than eth0, please change it. You know what you’re using, but you
ifconfigcan check it with a command.
# NAT Table Rules
: POSTROUTING ACCEPT [0:0]
# Allow forward traffic from eth0:0 to eth0
-A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE
Finally restart ufw to reflect the settings
sudo ufw disable && sudo ufw enable
The raspberry pi is now a VPN server. Congrats!