PPTP VPN Server On Raspberry PI

About Raspberry PI

It is a super small super recommended PC that you can buy for 25 $.

PPTPD installation and configuration

I think it can be done in five minutes 😊

Update your system to the latest version if necessary

$ sudo apt-get update
$ sudo apt-get upgrade

pptpd installation

$ sudo apt-get install pptpd

pptpd settings (own IP and assigned IP to connected clients)

$ sudo vi /etc/pptpd.conf
localip 192.168.123.2
remoteip 192.168.123.234-238, 192.168.123.245

DNS settings

Let’s set the DNS server used by the connected client. In the normal case, 1.1.1.1 I think it's a good idea to insert the IP of the router or even if it is appropriate.

$ sudo vi /etc/ppp/pptpd-optionsms-dns 192.168.0.1

Account settings for connected clients

Add a user account that can be accessed with pptp. Note that the password is saved in clear text.

$ sudo vi /etc/ppp/chap-secrets#Username Servername Password Assigned IP
dummy pptpd dummy *

IP forward settings

If you do not enable IP forwarding in the Linux itself (disabled by default) and also forward packets whose destination address is not yours, all packets from terminals connected via VPN will be discarded.

$ sudo vi /etc/sysctl.confnet.ipv4.ip_forward = 1 # Uncomment
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.lo.send_redirects = 0
net.ipv4.conf.lo.accept_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.eth0.accept_redirects = 0

MTU/MRU settings

Even if you do not make this setting, it will connect depending on the machine, but iOS and Mac can be completely cut off. I can’t use it, yes. I think both were set to 1500 by default. The reason why this is cut off is that tunneling by VPN increases the amount of header information used for it, which exceeds 1500.

$ sudo vi /etc/ppp/optionsmtu 1280
# Set the MRU [Maximum Receive Unit] value to <n> for negotiation. Pppd
#will ask the peer to send packets of no more than <n> bytes. The
#minimum MRU value is 128. The default MRU value is 1500. A value of
# 296 is recommended for slow links (40 bytes for TCP / IP header + 256
# bytes of data).
mru 1280

Let’s set up the router

If you have a separate router (which I think is usually the case), set up port forwarding on your router. 😊

Testing

Try connecting with the PPTP protocol from your iPhone/Android/Mac.
For the server IP, set the global IP of the VPN server terminal and router that you have set, or DNS. RSA SecureId is not set, so it is off. Please enter the account and password you set earlier. Since I haven’t set any proxy this time, I usually don’t need to set it.

Firewall

If you need it, You can setup a firewall on your VPN server. Install ufw or IPTables which is fine too

$ sudo apt-get install ufw
$ sudo ufw status

Allowed port settings

In T\this time, our VPN server is running on the default port 1723, so allow 1723. Other than that, please set it yourself. Or rather, I think that there are many people who have already set IPTables, so please set it yourself.
When will doing forget to allow the ssh ‘s it but commonplace but I take care.

$ sudo ufw allow ssh
$ sudo ufw allow 1723 / tcp
$ sudo ufw default deny

Packet forwarding permission settings

$ sudo vi /etc/default/ufw
DEFAULT_FORWARD_POLICY="ACCEPT"
$ sudo vi /etc/ufw/before.rules
# NAT Table Rules
*nat
: POSTROUTING ACCEPT [0:0]
# Allow forward traffic from eth0:0 to eth0
-A POSTROUTING -s 192.168.123.0/24 -o eth0 -j MASQUERADE

COMMIT
sudo ufw disable &&  sudo ufw enable

DevOps Consultant. I’m strongly focused on automation, security, and reliability.