Www.howtogeek.com 51237 Setting Up a VPN Pptp Server on Debian

8/6/2019 Www.howtogeek.com 51237 Setting Up a VPN Pptp Server on Debian

http://slidepdf.com/reader/full/wwwhowtogeekcom-51237-setting-up-a-vpn-pptp-server-on-debian 1/17

How to Setup a VPN (PPTP) Server on Debian Linux

VPN-ing int o your server w ill allow you to connect to every possible service running on it , as if youwere sitting next t o it on the same network, w ithout individually forwarding every port combination forevery service you would lik e to access remot ely.

Using a VPN connection also has the upshot of, if desired, grant ing access to other comput ers on t he

network as if you where in it locally from anywhere across the internet.

While not the most secure of the VPN solutions out there, PPTP is by far the simplest to install,configure and connect to from any modern system and from windows specifically as the client is a partof t he OS since the XP days and you don’t n eed to m ess with cert ificates (lik e with L2TP+ IPsec or SSLVPNs) on both sides of the connection.

Did i get you interested? then let’s go

Preface• You will need to forward port 1723 from t he internet t o the server to enable the connection (not

covered here).

• You will see me use VIM as the editor program, t his is just because I’m used to it… you m ay use

any other editor that you’d like.Server Setup

Install the pptp server package:

sudo aptitude install pptpd

Edit t he “/ etc/pptpd.conf” configuration file:

sudo vim /etc/pptpd.conf

Add to it:

localip 192.168.1.5

remoteip 192.168.1.234-238,192.168.1.245

Where the “localip” is the address of the server, and the remoteip are the addresses that will behanded out to the clients, it is up to you to adjust these for your network’s requirements.

Edit t he “/ etc/ppp/ pptpd-options” configuration file:

How-To Geek

Página 1 de 17How to Setup a VPN (PPTP) Server on Debian Linux - How-To Geek

17/06/2011http://www.howtogeek.com/51237/setting-up-a-vpn-pptp-server-on-debian/



sudo vim /etc/ppp/pptpd-options

Append to the end of the file, the following directives:

ms-dns 192.168.1.1

nobsdcomp

noipxmtu 1490

mru 1490

Where the IP used for the ms-dns directive is the DNS server for the local network your client will beconnecting to and, again, it is your responsibility to adjust this to your network’s configuration.

Edit the chap secrets f ile:

sudo vim /etc/ppp/chap-secrets

Add to it the authentication credentials for a user’s connection, in the following syntax:

username <TAB> * <TAB> users-password <TAB> *

Restart the connection’s daemon for the settings to take affect:

sudo /etc/init.d/pptpd restart

If you don’t want to grant yourself access to anything beyond the server, then you’re done on theserver side.

Enable Forwarding (optional)

While this step is optional and could be viewed as a security risk for the extremely paranoid, it is myopinion that not doing it defeats the purpose of even having a VPN connection into your network.

By enabling forwarding we make the entire network available to us when we connect and not just theVPN server itself. Doing so allows the connecting client to “ jum p” t hrough t he VPN server, to all otherdevices on the network.

To achieve this we will be flipping the switch on the “forwarding” parameter of the system.

Edit the “sysctl” file:

sudo vim /etc/sysctl.conf

Find the “ net.ipv4.ip_forward” line and change the parameter from 0 (disabled) to 1 (enabled):

net.ipv4.ip_forward=1

You can either restart the system or issue this command for the setting to take affect:

sudo sysctl -p





With f orwarding enabled, all the server side settings are prepared.

We recommend u sing a “Split Tunnel” connection m ode for the VPN client.

A more in depth explanation about the recommended “Split Tunnel” mode, as well as instructions forUbuntu Linux users can be found in the “Setting up a “ Split Tunnel” VPN (PPTP) Client on Ubuntu10.04 ” guide.

For w indows users, follow the guides below to create t he VPN client on your system.

PP TP VPN Dialer Setup on XP (spl i t tunnel)

We will create a regular VPN dialer with one note worthy exception, that we will set the system to NOTuse it as the “Default Gateway” when connected.

Skipping this step will lim it t he connecting computer ’s surfing speed to t he VPN server’s upload speed(usually slow) because all of it’s traffic would be r outed t hrough t he VPN connection and t hat’s not whatwe want.

We need to start the connection wizard, so we will go to control panel.

Go to “Start” and then “Control Panel”.

*If your system is setup with the “Classic Start Menu” you need to just point on the “Control Panel” icon and then select “Network Connections”.

In “Control Panel” double click “Netw ork Connections”.





Double click “ New Connection w izard”.

In the “New Connection wizard” welcome screen click “Next”.





Select the “ Connect to the network at m y work space” option and then “Next”.

Select the “Virtual Private Network connection” option and then “Next”.





Give a name to the VPN connection.

Type in the nam e of your VPN servers DNS-nam e or I P address as seen from the I nt ernet.





Optionally You may choose to “Add a shortcut to the desktop” and “Finish”.

Now comes the tr icky part, i t is vitally important y ou do N OT try to connect now and go into thedialer’s “Properties”.





Go to t he networ king t ab and change the “ Type of VPN” t o “PPTP VPN” as shown in the pictur e below

(this is optional but will shorten the time it takes to connect) then go into “Properties”.

On the next window go into “Advance” without changing anything else.





On the next window, uncheck the “Use default gateway on remote network” option.

Now enter t he connection’s credentials as you set them on th e server and connect.





That’s it, you should now be able to access all the computers on your network from the XP client…Enjoy.

PPTP VPN Dialer Setup on Win7 (split tunnel)

We will create a regular VPN dialer with one note worthy exception, that we will set the system to NOTuse it as the “Default Gateway” when connected.

Skipping this step will lim it t he connecting computer ’s surfing speed to t he VPN server’s upload speed(usually slow) because all of it’s traffic would be r outed t hrough t he VPN connection and t hat’s not whatwe want.

We need to start the connection wizard, so we will go to the “Network and Sharing Center”.

Click the network icon in the system tray and then “Open Network and Sharing Center”

In the Network center click on “Set up a new connection or network”.





Select “Connect to a workplace” and then “Next”.

Click on the first option of “Use my Internet connection (VPN)”.





Set the address of your VPN server as seen from the int ernet eith er by DNS-name or IP.

Even though it won’t connect now because we stil need to go into the dialer’s properties, Set theusername and password and hit connect.





After the connection will fails to connect (that’s normal), click on “Set up the connection anyway”.

Back in the “Network Center”, click on “Change adapter settings”.





Find the dialer we have just created, right click it and select “Properties”.





While its optional, for a fast er connecting dialer, set the “ type” of VPN to PPTP under “ the “ Security ”tab.

Go to the “Networking” tab, select the IPv4 protocol and go into it’s properties.

In the next window, click “Advance” without changing anything else.





On the next window, uncheck the “Use default gateway on remote network” option.

Now enter t he connection’s credentials as you set them on th e server and connect.





This article was originally written on 10/11/10

Tagged with: SysadminGeek

That’s it, you should now be able to access all the computers on your network from the win7 client.

Note: Be sure and read our guide to sett ing up a VPN client for Ubunt u Linux .

Enjoy


Www.howtogeek.com 51237 Setting Up a VPN Pptp Server on Debian

Documents

Transcript of Www.howtogeek.com 51237 Setting Up a VPN Pptp Server on Debian