Virtual private network is great way to maintain privacy of user data.
Although there are many ways to setup VPN, PPTP aka Point to Point Tunneling Protocol is still a popular choice. And, to enable it, we need to install PPTP server.
At Bobcares, we often get requests from customers to install PPTP server in Linux servers as part of our Managed VPN Services.
Today, we’ll see how our VPN Engineers install PPTP server in Ubuntu server and fix common errors with it.
Why to use PPTP ?
Before proceeding further, let’s see why many people still prefer to use PPTP for VPN remote access over the Internet.
PPTP is pretty easy to setup. And, it is cost-effective too. Additionally, it is readily compatible with most server types including Microsoft Windows. That’s why, PPTP remains a popular network protocol especially on personal computers.
However, to overcome the problems of low security standards in PPTP implementation, we always recommend customers to include additional security settings.
How to install PPTP server in Ubuntu?
Till now, we had a look at the reasons for using PPTP server. PPTP works in a client server model. And, it involves a series of steps to setup the PPTP server.
Let’s now see how our Support Engineers install PPTP server on Ubuntu.
1.Setup PPTP server
Firstly, we have to install pptp server. To do this, we use the apt-get command:
apt-get install pptpd
This will fetch all the necessary packages and make PPTP server readily available.
2. Configure PPTPd
Then, we configure the pptpd by editing the /etc/pptpd.conf file.
Here, our Dedicated Engineers add the server IP and client IP at the end of the file. For example, to set the PPTP server IP as 192.168.0.1 and the VPN IP range for clients as 192.168.0.100 to 192.168.0.200, we add the following entries.
localip 192.168.0.1
remoteip 192.168.0.100-200
Again, we choose the range as per the customer requirement too.
3. DNS configuration
As the next step, we configure DNS servers. VPN clients use this configuration while connecting to the PPTP server. To set DNS, we add the following entries in the file /etc/ppp/pptpd-options.
ms-dns 8.8.8.8
ms-dns 8.8.4.4
This will enable the google nameservers in the configuration.
4. User configuration
To setup authentication for PPTP, we add users and their passwords in the file /etc/ppp/chap-secrets.
The format to add a VPN user in /etc/ppp/chap-secrets file is
[username] [service] [password] [ip]
For example, a user entry will be like:
user1 pptpd user1-password *
5. Setup IP Forwarding
Now, for PPTP to work correctly, we need to forward packets between public IP and private IPs. For this, we need to setup IP forwarding. To enable it, our Dedicated Engineers edit the file /etc/sysctl.conf and add the following line:
net.ipv4.ip_forward = 1
Further, we make the changes active by running sysctl -p
6. Create NAT rules in firewall
To make PPTP clients talk to each other, we add the following rules to the firewall.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This will link the virtual private network with the Internet. Again, this will hide the private network from the outside world.
Additionally, our Dedicated Engineers ensure security by restricting the servers that can connect to the PPTP server. For this, we setup iptables rule that restricts TCP connection to VPN port.
7. Restart PPTP server
Finally, its time to start the PPTP server using the command:
/etc/init.d/pptpd restart
Now, the PPTP server is running on the server, listening to the connections.
Common Errors and their Fixes
Although, the steps look pretty straight forward, we often see customers experiencing problems while enabling PPTP.
Let’s now take a look at them.
1. Problems with firewall
Recently, a customer came up with a request to fix PPTP error. He was trying to setup his own VPN with PPTP. But, while configuring the firewall, he got the following error.
FATAL: Module ip_tables not found.
iptables v1.4.7: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Here, to fix the problem, our Support Engineers had to enable the module ip_tables. For this, we executed the commands as root user on the server:
modprobe ip_tables
echo 'ip_tables' >> /etc/modules
And, that fixed the PPTP server.
2. Missing pptp module
Similarly, missing PPTP module can also create problems with PPTP based VPN. For instance, in an Ubuntu server with Natty 11.04 version, customer could not setup PPTP.
Our Support Engineers started troubleshooting by checking the logs at /var/log/syslog and found that the ppp_generic kernel module was missing. The exact logs looked like:
Jun 20 07:15:14 xxx pppd[14716]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
Jun 20 07:15:14 xxx pppd[14716]: Couldn't open the /dev/ppp device: No such device or address
Jun 20 07:15:44 xxx pptpd[14715]: CTRL: Reaping child PPP[14716]
Jun 20 07:19:30 xxx pppd[14716]: Please load the ppp_generic kernel module.
Here, we fixed and made PPTP running by enabling the ppp_generic kernel module on the server.
[Need help in fixing PPTP on your server? Our VPN specialists can help you.]
Conclusion
In short, PPTP based VPNs is still a popular choice as it is easy to manage. Today, we saw how our Support Engineers install PPTP server in Ubuntu and fix common error with it.
tnx in conc..