Setting up a PPTP VPN server on Ubuntu is relatively straightforward, though note that PPTP is considered less secure than modern alternatives like OpenVPN, WireGuard, or IPsec. However, if you still need PPTP for legacy reasons, here's how to set it up:
Step 1: Install PPTPD (PPTP Server)
sudo apt update sudo apt install pptpd
Step 2: Configure PPTPD
Edit /etc/pptpd.conf:
sudo nano /etc/pptpd.conf
Add or uncomment:
option /etc/ppp/pptpd-options
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
localip: The server's VPN IP.remoteip: The range of IPs assigned to clients.
Edit /etc/ppp/pptpd-options:
sudo nano /etc/ppp/pptpd-options
Ensure these settings are present:
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 8.8.4.4
proxyarp
nodefaultroute
lock
nobsdcomp
Set Username & Password (/etc/ppp/chap-secrets)
sudo nano /etc/ppp/chap-secrets
Add users in the format:
Step 3: Enable IP Forwarding
sudo nano /etc/sysctl.conf
Uncomment or add:
net.ipv4.ip_forward=1
Apply changes:
sudo sysctl -p
Step 4: Configure NAT (IPTables)
Allow VPN traffic through NAT:
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables-save > /etc/iptables.rules
Make rules persistent:
sudo nano /etc/rc.local
Add before exit 0:
iptables-restore < /etc/iptables.rules
Step 5: Start & Enable PPTPD
sudo systemctl restart pptpd sudo systemctl enable pptpd
Step 6: Connect to VPN
From Windows:
- Go to Network Settings > VPN > Add VPN.
- Enter server IP, username, and password.
- Connect.
From Linux (using pptp client):
sudo apt install network-manager-pptp
Then configure via GUI or CLI.
Troubleshooting
- Check logs:
tail -f /var/log/syslog
- Verify port 1723 (PPTP) is open:
sudo ufw allow 1723/tcp sudo ufw allow gre
- If connection fails, check if your ISP blocks PPTP.
Security Warning
PPTP uses weak encryption (MS-CHAPv2 is crackable). If possible, use:
- OpenVPN (
sudo apt install openvpn) - WireGuard (
sudo apt install wireguard) - IPsec/L2TP (
sudo apt install strongswan)
Let me know if you need help with a more secure alternative! 🚀
