Tuesday, July 19, 2011

VPN Server on Debian

Install the pptp server package:

sudo apt-get install pptpd

Edit the “/etc/pptpd.conf” configuration file:

sudo vim /etc/pptpd.conf

Add to it:



that means Clients will get the IPs from 100 to 200.

Edit the “/etc/ppp/pptpd-options” configuration file:

sudo vim /etc/ppp/pptpd-options

Append to the end of the file, the following directives:




mtu 1490

mru 1490

Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network’s configuration.

Edit the chap secrets file:

sudo vim /etc/ppp/chap-secrets

Add to it the authentication credentials for a user’s connection, in the following syntax:

username * users-password *

Restart the connection’s daemon for the settings to take affect:

sudo /etc/init.d/pptpd restart

If you don’t want to grant yourself access to anything beyond the server, then you’re done on the server side.

Enable Forwarding (optional)

While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network.

By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to “jump” through the VPN server, to all other devices on the network.

To achieve this we will be flipping the switch on the “forwarding” parameter of the system.

Edit the “sysctl” file:

sudo vim /etc/sysctl.conf

Find the “net.ipv4.ip_forward” line and change the parameter from 0 (disabled) to 1 (enabled):


You can either restart the system or issue this command for the setting to take affect:

sudo sysctl -p

Add these rules to Firewall (IPTABLES):

iptables -A FORWARD -m state --state ESTABLISHED,RELATED,NEW -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

now all the server side settings are prepared.


No comments: