Setup VPN With PPTP on Linux


One of the commonly asked questions from our users is how to add another IP address to their server. You can assign your own private IP address to your droplet by creating a VPN tunnel. Whether you want to build your own Virtual Private Network (VPN), or assign an SSL certificate to that IP address, you have several options. From all of the possible options, the most optimal ones are between PPTP and OpenVPN. A Point-To-Point Tunneling Protocol (PPTP) allows you to implement your own VPN very quickly, and is compatible with most mobile devices. Even though PPTP is less secure than OpenVPN, it is also faster and uses less CPU resources.

PPTP Installation

You will have to select one server to be responsible for handling out IPs to others and authenticating all of your servers into your VPN. This will become your PPTP Server.

On CentOS

$ sudo rpm -i
$ sudo yum -y install pptpd

On Ubuntu

$ sudo apt-get update && sudo apt-get upgrade
$ sudo apt-get install pptpd

Now you should edit /etc/pptpd.conf and add the following lines


Where localip is IP address of your server and remoteip are IPs that will be assigned to clients that connect to it.
Next, you should setup authentication for PPTP by adding users and passwords. Simply add them to /etc/ppp/chap-secrets

# Secrets for authentication using CHAP
# client  server  secret  IP addresses
box1 pptpd password *

Where client is the username, server is type of service – pptpd for our example, secret is the password, and IP addresses specifies which IP address may authenticate. By setting * in IP addresses field, you specify that you would accept username/password pair for any IP.
Add DNS servers to /etc/ppp/pptpd-options


Now you can start PPTP daemon

$ sudo service pptpd restart

Verify that it is running and accepting connections

$ sudo netstat -alpn | grep :1723
tcp        0      0  *               LISTEN      15442/pptpd

Setup Forwarding

It is important to enable IP forwarding on your PPTP server. This will allow you to forward packets between public IP and private IPs that you setup with PPTP. Simply edit /etc/sysctl.conf and add the following line if it doesn’t exist there already:

net.ipv4.ip_forward = 1

To make changes active, run

$ sudo sysctl -p

Create a NAT rule for iptables

$ sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

If you would also like your PPTP clients to talk to each other, add the following iptables rules

$ sudo iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
$ sudo iptables -I INPUT -s -i ppp0 -j ACCEPT
$ sudo iptables --append FORWARD --in-interface eth0 -j ACCEPT

Now your PPTP server also acts as a router.

If you would like to restrict which servers can connect to your droplets, you can setup an iptables rule that restricts TCP connects to port 1723.

Setup Clients on OS X

Open System Preferences → Network → Create a new service → Interface: VPN → VPN Type: PPTP → Create → Fill in Service Address and Account Name → Authentication Settings... → Fill in Password → Advanced... → Check in Send all traffic over VPN connection → OK → Apply → Connect

This post reference How To Setup Your Own VPN With PPTP I hope you like this tutorial. Share this tutorials on your favorite media to show your appreciation. Thanks!

0.00 avg. rating (0% score) - 0 votes