[TUT] Create your own PPTP VPN using Ubuntu Linux

[Kotto*N[ix]mouth]

Don't just leech info without commenting. Be it positive or negative, leave something here.

Of course, this can be edited for any Linux distro, but since I use Ubuntu as my example, I'll post it in the Ubuntu sub-forum.

VPN. Virtual Private Network.
Many people want them. Today, I'll be showing you how to make one yourself.
The main purpose (in my opinion) for building your own VPN, is tunneling traffic from a restricted location so you can do what you want to online - and privately. I used my VPN strictly for getting on websites while at school my Senior year. I do not recommend selling spots on this VPN, it won't nearly be as good as the ones you pay for.

This will be a PPTP VPN, hosted by an Ubuntu Linux machine. It isn't the most secure, but it gets the job done.

Okay, let's get started. I have a very old machine running Ubuntu Server 10.10 for my VPN, and for this tutorial I'll be using a Virtual Machine of the same OS. Ubuntu Server is great for turning an old machine into a great server. My VPN only has a 400Mghz processor, 128MB of RAM and a 15GB HDD. Runs like a brute on Linux though. This will work in Ubuntu Desktop Edition, but for computer recourses, I prefer to stick with CLI. So, if you're on Desktop rather than Server, open up the Terminal.

The first command you need to issue is:

Code:

sudo su

This will give you escalated privileges for the time being, allowing you to run as root.

Installing Poptop

PPTP stands for Point to Point Tunneling Protocol. It allows remote users to securely access their network from anywhere on the Internet.
Before Poptop, no solution existed if you wish to connect PPTP clients to Linux servers. Using Poptop, Linux servers can now function seamlessly in a PPTP VPN environment.

To install Poptop, issue this command:

Code:

apt-get install pptpd -y

Now that that is done, we must know more about our machine. Issue this command:

Code:

ifconfig

And learn what your IP address is, and the network interface it's using. Later on in the guide we will be making this a static IP so that it will not change. Odds are, your IP is somewhere in the neighborhood of 192.168.1.X, so you have a Class C network, with a subnet mask of 255.255.255.0

For you new net-workers, that means that you have 253 hosts available on your network, 192.168.1.1 being reserved for your router, and 192.168.1.255 being reserved as your broadcast.

As you can see in my screenshot, my server is using interface “eth0”, and has the IP address 192.168.1.14 on my LAN. Take a note of this.



Now we must configure our server. There are only a few files we need to edit, I use Nano, you can use as you wish.

First we must edit the pptpd.conf file; issue this command:

Code:

nano /etc/pptpd.conf

As long as we are using eth0, we are only interested in the very bottom of that page. If you are using another interface, such as eth1 or wlan1, you can find an option to change it in this file. But, at the bottom, you'll see:

Code:

#localip 192.168.0.1
    #remoteip 192.168.0.234-238,192.168.0.245
    # or
    #localip 192.168.101.1
    #remoteip 192.168.101.200-245

Pay attention to this part, it's hard to explain. Those “#” pretty much tell Ubuntu to ignore the line. We want to make the “localip” line have the IP address of your machine, that you learned from the ifconfig command. The “remoteip” line, holds the IP's that we will give machines connecting to your VPN. A safe bet for this, would be to copy mine. Look at my screenshot if you have any confusion. Here are my bottom lines, which allow 4 hosts to connect to my VPN that will be given the IP's 192.168.1.67, 192.168.1.68, 192.168.1.69, 192.168.1.70, in order of connection:

Code:

#localip 192.168.0.1
    #remoteip 192.168.0.234-238,192.168.0.245
    # or
    localip 192.168.1.14
    remoteip 192.168.1.67,192.168.1.68,192.168.1.69,192.168.1.70

Notice the difference between the bottom two and top three lines. The lines with a # at the beginning of them are ignored, but the bottom two are the ones that PPTPD pays attention to. This can be flipped around, just remember that the # means it will be ignored.
To close and save your changes, hit “Ctrl+x”, press Y to confirm your changes, Enter to save the file.

Remember to remove the # before the lines to uncomment them!!!!



Next we need to add our users to the VPN. These are just stored in a simple text file, so issue the comand:

Code:

nano /etc/ppp/chap-secrets

You should see the following:

Code:

# Secrets for authentication using CHAP
    # client    server    secret    IP addresses

So, here is how it works. Client = PPTP Username. Server = VPN server name (sortof). Secret = Password for user. IP address = self explanatory.

As you can see in my screenshot below, I have a user named kottonmouth, using my pptpd server, with the password “hackforums”, that can connect from any IP address. The “*” is a wildcard, meaning I can use any IP. Where as the user “omni” can only connect from the randomly typed IP address I have entered. Save your changes with “Ctrl+X”, Y, Enter, and you have successfully added users to your VPN.



Now it is time to add a Satic IP address to eth0, so that it will always be 192.168.1.14 (in my case) on your LAN.

Issue the following:

Code:

nano /etc/network/interfaces

We need to Change:

Code:

auto eth0
iface eth0 inet dhcp

To:

Code:

auto eth0
iface eth0 inet static
        address 192.168.1.14
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

Save your changes as before.
Look at my screenshot if you are having any trouble.



Now we need to edit the DNS setting for the static IP. Issue:

Code:

nano /etc/resolv.conf

On the line that says nameserver, I suggest using Google's DNS as it seems faster, so if you wish to take my advice, change the address to “8.8.8.8” as in my screenshot below.



Now remove the DHCP client so this will always stay:

Code:

apt-get remove dhcp3-client

You may have to remove dhcp-client3 instead.

Now, restart your networking with this command:

Code:

/etc/init.d/networking restart

and ping a website (I chose hackforums).



If you get replies and an IP back, you're good to go. Issue “Ctrl+C” to stop the ping.

No we must enable ip-masquerading:

Code:

nano /etc/rc.local

Add the following above the line that says “exit 0”:

Code:

# PPTP IP forwarding
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Then issue:

Code:

nano /etc/sysctl.conf

And uncomment this by removing the # in front of it:

Code:

net.ipv4.ip_forward=1

Next we must enable internet throughput by adding a DNS server for the VPN and the clients that connect to it. Execute:

Code:

nano /etc/ppp/pptpd-options

We're looking for a specific part here. Below is the section we're looking for. We need to remove the #'s before the lines "ms-dns", and change the IP's to copy what I have; 8.8.8.8 and 8.8.4.4
Just copy what I have, and you should be good to go.

Code:

# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by a Windows
# client. See KB311218 in Microsoft's knowledge base for more information.
ms-dns 8.8.8.8
ms-dns 8.8.4.4

So now we have the Server set up, our IP set to static so it's always the same, lets test it. We must restart the VPS by issuing these commands:

Code:

killall pptpd

To stop it, then:

Code:

pptpd

To restart it.

To confirm my connection, I used my iPhone on the same LAN. Below are my settings of configuration on my phone, and my confirmed connection to it. I DON'T THINK YOU WILL BE ABLE TO BROWSE THE WEB FROM THE VPN WHILE IT IS ON YOUR LAN. This will confuse your network since you are using the same device on two different Ips, and you will not be able to receive any packets.
I apologize for the image sizes.

---

To use this VPN, we must first port forward our machine on port 1723 TCP, then connect from a remote location. A good way to test this out is by having a friend you can trust try and connect.

I hope this helped you guys out. I know this tutorial needs some work, I just felt like writing one so here it is, haha. If you have any questions feel free to post.

[Kotto*N[ix]mouth]

135 views, and 0 replies? Really?

[ShellsRus]

Can I use this VPN on Xbox Live? I know how to connect to a VPN on Xbox, but will it work?

[Kotto*N[ix]mouth]

Can I use this VPN on Xbox Live? I know how to connect to a VPN on Xbox, but will it work?

If you're using a VPN on your own LAN, then yes, but I doubt it'll do what you are wanting it too. You'll have the same IP.

[chris0147]

Kottonmouth, Could you please help me with my VPN? I'm using Xen CentOS 5.5 64-bit.

I have installed PPTP VPN on my server. When I connect to my server main IP which it is 74.11.33.57. I can connect and get access to the server without no problem, but when I try to connect to another ip which it is 74.11.33.19. I can connect to that IP but the connection is closed after I have connected.

here's the iptables:

Code:

[root@server1 ~]#iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  172.16.36.0/24       anywhere            to:74.11.44.57
SNAT       all  --  172.16.1.0/24        anywhere            to:74.11.44.19

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#

Here is the confirguration for /etc/ppp/chap-secrets.

Code:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
testvpn         pptpd   mypassword                 172.16.36.0/24
myusername     pptpd   mypassword                 172.16.1.0/24

Do you know what is wrong and do you know how to fix it?

[Kotto*N[ix]mouth]

Here is the confirguration for /etc/ppp/chap-secrets.

Code:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
testvpn         pptpd   mypassword                 172.16.36.0/24
myusername     pptpd   mypassword                 172.16.1.0/24

Do you know what is wrong and do you know how to fix it?

My first glance at your problem and I wonder why you don't have an asterisk for your IP's...
it should be like this:

testvpn pptpd mypassword *

What does your /etc/pptpd.conf look like?

[chris0147]

It loosk like this:

Code:

@64.87.33.57's password:
Last login: Sun Oct 23 16:06:05 2011 from 2.29.10.138
[root@server1 ~]#/etc/pptpd.conf
-bash: /etc/pptpd.conf: Permission denied
[root@server1 ~]#nano /etc/pptpd.conf
  GNU nano 1.3.12            File: /etc/pptpd.conf                    Modified


#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one
remote
#          IP for each simultaneous client.
#
# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
localip 172.16.36.1
remoteip 172.16.36.2-254

However, I think I have fixed the problem using with IP tables issue:

Code:

[root@server1 ~]#iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
SNAT       all  --  172.16.36.0/24       anywhere            to:74.11.44.57
SNAT       all  --  172.16.1.0/24        anywhere            to:74.11.44.19

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@server1 ~]#

Here is the confirguration for /etc/ppp/chap-secrets.

Code:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
testvpn         pptpd   mypassword                 172.16.36.0/24
myusername     pptpd   mypassword                 172.16.1.1

I can now be able to connect to any sites using with random IP's like 74.11.44.57, 74.11.44.19, 74.11.44.3 and so on. It works fine, but my problem is when I tried to connect to a site called neobux using with random IP's, I cannot be able to connect it and it will only works if I use an IP of 74.11.44.57. It was working fine at the other day, but not today or yesterday. I'd find it strange, I'm not sure why and what the real trouble is.

Do you know why i can't connect to that site using with random IP's when there is no response while other sites are working fine? :S

[Kotto*N[ix]mouth]

In /etc/pptpd.conf, you have this:

remoteip 172.16.36.2-254

That is assuming your LAN is 172.16.36.X, which I'm sure it is not. To be honest, I'm not sure how this will work out, I'll have to test it out sometime and get back to you.
But you can't give the addresses away unless they are on your own LAN (rather, the LAN of the VPS)

[haphazard]

Now this is what I am fuckin talkin about
brilliant

[Muted]

Amazing tutorial, detailed, layed out, and comes with images a+ from muted.