Skip to content

Setting up pptpd and pptp for a VPN

source and source and source. I’m keeping it as simple as possible.

The serverside LAN in this example is 10.50.0.0/16.

On the server, install pptpd. Then edit /etc/pptpd.conf and set:

# This is the IP the server will have from the clients perspective. SHould be the servers local IP.
localip 10.50.0.1
# And from this range, the client IPs will be given. Here, the range 10.50.91.x is reserved for VPN hosts.
remoteip 10.50.91.1-254

Then edit /etc/ppp/pptpd-options and set options (comments have been removed from this example):

name my-pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp

Then restart pptpd.

Then edit accounts in /etc/ppp/chap-secrets. Example:

user            my-pptpd   password                       *

On the client, /etc/options.pptp (comments once again removed):

lock
noauth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate

/etc/ppp/chap-secrets:

user      my-pptpd    password        *

Then make /etc/ppp/peers/johnsvpn:

pty "pptp hostname --nolaunchpppd"
name user
remotename my-pptpd
require-mppe-128
file /etc/ppp/options.pptp
ipparam johnsvpn

You should then be able to turn it on with “pon johnsvpn”. Use poff to turn it off.

To be able to access the entire LAN from the client, run this:

route add -net 10.50.0.0 netmask 255.255.0.0 dev ppp0

More is necessary, like permanent host-to-LAN config (with route pushing or something), DNS, testing if windows works, etc. More is to come.


    1 Comment ( Add comment / trackback )

    1. (permalink)
      Comment by Rowan Rodrik
      On December 19, 2010 at 22:23

      Congratulations! You have published post number 300.