There is definitely a growing trend of people trying out Linux operating systems. The motivation might be the fact that they are free and generally considered superior to Windows when it comes to security and stability. People who want to give Linux a fair shot generally go with Debian-based forks like, Ubuntu, Linux Mint etc.
Although installing some of the most common software like, Skype, Web browsers, Music players are pretty easy using the software repositories, it could be quite intimidating for a newbie to configure VPN or install a new printer if it doesn't work out-of-box.
A VPN comes very handy to protect one's personal information, gain access to geo-restricted content -- for instance, one can use a US VPN to gain access to services like Spotify and Netflix, to secure their internet connection when using unprotected public networks. However, if one looks for the right tutorial or ask for help in discussion boards, one would realize the fact that setting up things on the popular Debian-based distributions is quite easy. There are 2 types of VPN solutions, OpenVPN and PPTP VPN. Today we are going to see how to setup VPN with PPTP on Ubuntu and its derivatives.
If you know a thing or two about Linux, it would only a few minutes to setup VPN. If you are beginner, stop bitting your nails, you are going to do just fine if you are a good at following instructions.
Server side setup
The server will be responsible to assign IP addresses to all the client machines in the network, be it Linux, Windows or Mac clients.
- 1. The very first thing is to install the PPTP package on your server. One can simply use the standard "apt-get" command to install. It is advisable to update the repositories first. Use the following commands. It will only take a few seconds for the installation to complete.
sudo apt-get update
sudo apt-get install pptdp
- 2. Now you will have to edit the pptd.conf file. The file resides in the following path, "/etc/pptpd.conf"
If you have GUI you can do it with your favorite text editor (e.g. Gedit).
sudo gedit /etc/pptpd.conf
Or you could use "nano" to edit the file right from the terminal.
sudo nano /etc/pptpd.conf
If you have not used nano before, you might as well check out this discussion on Ask Ubuntu [http://askubuntu.com/questions/54221/how-to-edit-files-in-a-terminal-with-nano] for help.
- 3. You need to add the following two lines to "pptpd.conf."
What does these lines do? The VPN server will use the localip inside the VPN and an IP with in the range 172.20.0.100 to 300 (e.g., 172.20.0.120, 172.20.0.124, etc.,) will be assinged to the clients that connect to the server.
- 4. The next step is to add new users. You will have to use "nano" or a text editor or Gedit like you did with editing the pptpd.config file above. The file will have all the information about users and is stored in the following file, "/etc/ppp/chap-secrets"
Edit this file to add new users. You will have the enter certain details in the right order for this to work. First you will have to enter the client's name, followed by the server, the password and IP address.
So a couple of new client added to the VPN might look like this.
computer1 pptpd password *
computer2 pptpd password *
You can either use a specific IP address, but it is better to use asterisk, which means that any IP address in the range assigned could be used to login.
- 5. This step is optional, but is advised to assign a DNS server. There are several free DNSs out there, the 2 most popular are, OpenDNS and Google's DNS.
If you want to use OpenDNS, you should use these IP addresses 220.127.116.11 & 18.104.22.168. If you would like to use Google's DNS, you will have to use the IPs 22.214.171.124 and 126.96.36.199. To use OpenDNS you can add these lines to the file.
- 6. Almost everything on the server side is done. Now it is time to wake the daemon. To start PPTPD, you will have to use the following terminal command.
service pptpd start
- 7. Now you need to setup proper forwarding. This time you will have to edit the file "/etc/systl.conf"
There should be the following line in this file.
net.ipv4.ip_forward = 1
If it doesn't exist, copy paste this into the file and save the file and update it using the command,
- 8. Finally if you wish the clients to communicate with one another, you will have to add the following rules.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
In the above rule, you will have to replace "eth0" with the internet connection that is used by the server. You can use the commands, iwconfig and ifconfig to figure this out.
# iptables --table nat --append POSTROUTING --out-interface ppp0 -j
# iptables -I INPUT -s 172.20.0.0/20 -i ppp0 -j ACCEPT
# iptables --append FORWARD --in-interface eth0 -j ACCEPT
The above rule also requires you to use the correct internet connection like for the first rule. That's it everything on the server side has been configured and clients could now handshake with the server now.
Client side setup
It really doesn't matter what operating system the clients run. You can find tutorials to configure Windows and Mac OSX on the internet. There are even services like Switch VPN, that can help you connect you Android device to the VPN server quite easily. However, here we are going to see how one can easily setup a Debian-based client for VPN.
- 1. The client should have pptp installed. We have already done this step on the server. You will just have to do this again on your clients with the following terminal commands on Debian-based distros.
sudo apt-get update
sudo apt-get install pptp-linux
- 2. Now you will have to load the ppp_mppe module, which could be triggered with the following command.
- 3. Create client configuration file in the following directory (/etc/ppp/peers/). You can name this file whatever you want. But you will have to remember this file name to connect to the VPN server.
pty "pptp --nolaunchpppd"
If you had named this file "vpncomputer1", you should use the following command to connect to the server.
pppd call vpncomputer1
- 4. Finally for proper routing, you will have to execute the following line.
ip route add 172.20.0.0/20 dev ppp0
The above steps can use used several times to add multiple clients to the server.