First install this package:
sudo apt-get install pptpd
Because we do not want our VPN to be public we are going to create users.
I am using nano you can use vi or whatever text editor you like
The format is
[username] [service] [password] [ip]
john pptpd johnspassword *
* means access from all IP addresses is allowed, specify IP only if you have static one.
Editing PPTPD Settings
Look for the localip and remoteip settings. Remove the # (comment character) for both so that these settings will actually be recognized. Change localip to your server IP. If you don’t know your server IP, you may look in your VPS control panel.
The remoteip is basically the IP range that clients (computers that are connected to your VPN) will be assigned. For example, if you want the following IP range: 192.168.120.231-235, your VPN server will be able to assign 192.168.120.232, 192.168.120.233, 192.168.120.234, and 192.168.120.235 to clients. It’s up to you what you want to use for this field.
Personally I choose this settings:
localip 10.0.0.1 remoteip 10.0.0.100-200
So I can get about 200 clients connected.
Add DNS servers to /etc/ppp/pptpd-options
ms-dns 188.8.131.52 ms-dns 184.108.40.206
You can whether add this to end of file or find those lines, uncomment them and change IPs to your desired Public DNS.
Set up Forwarding
It is important to enable IP forwarding on your PPTP server. This will allow you to forward packets between public IP and private IPs that you setup with PPTP. Simply edit /etc/sysctl.conf and add the following line if it doesn’t exist there already:
net.ipv4.ip_forward = 1
To make changes active, run
Create a NAT rule for iptables
This is an important part, if you are using VPS you probably wont use eth0 but venet0 instead, you should check which interface you have by running
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
If you would also like your PPTP clients to talk to each other, add the following iptables rules:
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT
Again, you need to replace eth0 with venet0 if you are using VPS.
I would recommend running
Now your PPTP server also acts as a router.
You can run this command so the VPN service starts on boot
systemctl enable pptpd
I recommend installing iptables-persistent so rules stay even after reboot
sudo apt-get install -y iptables-persistent
At the end restart service
systemctl restart pptpd