Last month the undersea cable
SEA-ME-WE 4 cable was cut near Egypt causing a massive degradation of internet speed in India. For me several websites including the world’s 6th popular website Wikipedia didn’t load at all. And to make matters worse I wasn’t able to access my own blog :’( as it was located in Dallas (so traffic had to pass through damaged cable). So I quickly setup VPN server on an
AWS micro instancerunning Linux (Ubuntu) and accessed everything I wanted, so here I am writing this article for the benefit of all netizens. To create a similar type of VPN server in windows
read this tutorial. You’ll find a lot of articles on the internet with the similar topic but in this article I’ll keep the configuration part as short as possible setting up only the bare minimum to get a PPTP VPN server running in the time it takes to make noodles!
Quick setup: Copy and Paste
This section is for the impatient. All you have to do is login to your Debian/Ubuntu server and copy paste the following commands and you’ll have a working VPN server in less than 2 mins.
In this section I assume you’re logged in as the root user, do NOT have any instance of pptpd installed now or earlier and the “net.ipv4.ip_forward” is commented in the /etc/sysctl.conf file.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
apt-get install pptpd -y
update-rc.d pptpd defaults
echo "localip 172.20.1.1" >>; /etc/pptpd.conf
echo "remoteip 172.20.1.2-254" >> /etc/pptpd.conf
echo "ms-dns 8.8.8.8" >> /etc/ppp/pptpd-options
echo "ms-dns 8.8.4.4" >> /etc/ppp/pptpd-options
echo "username * Pa55w0rd *" >> /etc/ppp/chap-secrets
service pptpd restart
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf
sysctl -p
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu
|
Install the PPTPD package
On Debian/Ubuntu operating systems
1
2
|
apt-get install pptpd -y
update-rc.d pptpd defaults
|
Setup VPN and DNS IP addresses
Edit the following file
And add the following lines to the end
1
2
|
localip 172.20.1.1
remoteip 172.20.1.2-254
|
You can use any private IP address range just make sure it is not already used in your local network and the local IP and the remote IP are in the same range.
Edit the following file to mention DNS servers
nano /etc/ppp/pptpd-options
|
Add the following lines to the end
1
2
|
ms-dns 8.8.8.8
ms-dns 8.8.4.4
|
You can use any DNS server here I’m using Google Public DNS just as an example.
Add usernames and passwords
Edit the following file
1
|
nano /etc/ppp/chap-secrets
|
and add username/password combinations one in each line in the following format
Example
1
2
|
jesin * s3cRet *
user2 * vPnpass *
|
If only you are going to use this VPN server a single username/password combination is enough.
Restart the pptpd service
Enable forwarding and create iptables rules
Our main purpose of setting up this VPN server is to access website right ? So our traffic has to be forwarded out of the VPN server’s public network interface.
Enable port forwarding on Linux by editing the sysctl.conf file
Add or find and comment out the following line
Save, close the file and run the following command to make the changes take effect.
The following iptables firewall rules allow port 1723, GRE and perform NAT
1
2
3
|
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
|
In the last rule replace “eth0″ with the interface connecting to the internet on your VPN server. Finally the following rule is required to ensure websites load properly
1
|
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu
|
Replace 172.20.1.0/24 with the IP address range used in the “remoteip” option in the /etc/pptpd.conf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation. To save the IPTables rules
read this article.
Create a VPN connection on your computer
Windows users follow the instructions below.
1. Navigate to Control Panel\Network and Internet\Network and Sharing Center and click “Setup a new connection or network”.
Choose setup a new connection or network from Network and Sharing Center
2. Choose “Connect to a workplace” option and click next.
3. Under “How do you want to connect ?” click “Use my internet connection (VPN)”.
4. Enter the public IP address or the FQDN of the VPN server configured previously, enter a name for the VPN connection, also check “Don’t connect now; just set it up so I can connect later” and click next.
5. In the final screen enter an username/password combination from thechap-secrets file, click create and close.
6. Back in the “Network and sharing center” from the top left click “Change Adapter Settings”.
7. Right-click the VPN connection created now, go to properties, choose the “Security” tab, under “Type of VPN” select “Point to Point Tunneling Protocol (PPTP)” and click OK.
8. Now click connect, fire your favourite browser and go to this page to check if you are using a different IP address.
Any problems/suggestions just comment below. Happy browsing !!!
