Setting up a PPTP VPN server allows clients to connect using the Point-to-Point Tunneling Protocol (PPTP). While PPTP is easy to configure, it is not secure due to known vulnerabilities. Modern alternatives like OpenVPN, WireGuard, or IPsec are recommended for better security. However, if you still need PPTP for legacy reasons, here’s how to set it up on Linux (Ubuntu/Debian):
Install PPTPD (VPN Server)
sudo apt update sudo apt install pptpd
Configure PPTPD
Edit /etc/pptpd.conf
sudo nano /etc/pptpd.conf
Add/modify:
option /etc/ppp/pptpd-options localip 192.168.0.1 # Server's VPN IP remoteip 192.168.0.100-200 # IP range for clients
(Adjust IP ranges as needed.)
Edit /etc/ppp/pptpd-options
sudo nano /etc/ppp/pptpd-options
Ensure these settings:
ms-dns 8.8.8.8 # Google DNS ms-dns 8.8.4.4 auth proxyarp lock nobsdcomp
Set VPN Credentials
sudo nano /etc/ppp/chap-secrets
Add users in format:
user2 pptpd pass456 *
Enable IP Forwarding
Edit /etc/sysctl.conf:
sudo nano /etc/sysctl.conf
Uncomment/add:
net.ipv4.ip_forward=1
Apply changes:
sudo sysctl -p
Configure NAT (Masquerade)
Run:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
(Replace eth0 with your main network interface.)
To make rules persistent:
sudo apt install iptables-persistent sudo netfilter-persistent save
Restart PPTPD
sudo systemctl restart pptpd sudo systemctl enable pptpd
Connect from Client
- Windows:
Go toSettings > VPN > Add VPN→ Select PPTP, enter server IP and credentials. - Linux/Android:
Use a PPTP client with server IP, username, and password.
Security Warning
PPTP uses weak encryption (MS-CHAPv2) and is vulnerable to attacks. Use it only for testing or legacy compatibility. For secure VPNs, consider:
- OpenVPN (SSL/TLS-based)
- WireGuard (Modern, fast, secure)
- IPsec/L2TP (Better than PPTP)
Troubleshooting
- Can’t connect? Check firewall (
ufw/iptables), ensure port 1723 TCP is open. - No internet access? Verify NAT (
iptables -t nat -L). - Logs:
tail -f /var/log/syslog
Let me know if you need further help! 🚀
