apt-get install pptpd -y update-rc.d pptpd defaults echo "localip 172.20.1.1" >>; /etc/pptpd.conf echo "remoteip 172.20.1.

2-254" >> /etc/pptpd.conf echo "ms-dns 8.8.8.8" >> /etc/ppp/pptpd-options echo "ms-dns 8.8.4.4" >> /etc/ppp/pptpd-options echo "username * Pa55w0rd *" >> /etc/ppp/chap-secrets service pptpd restart echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl -p iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p gre -j ACCEPT iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS

--clamp-mss-to-pmtu

Notice the bolded username and password you should change it to your preferred combination. To save IPtables rules read this tutorial. Proceed tocreating a VPN connection.

Install the PPTPD package

On Debian/Ubuntu operating systems
1 2
apt-get install pptpd -y update-rc.d pptpd defaults

Setup VPN and DNS IP addresses

Edit the following file
1
nano /etc/pptpd.conf

And add the following lines to the end

1 2
localip 172.20.1.1 remoteip 172.20.1.2-254

You can use any private IP address range just make sure it is not already used in your local network and the local IP and the remote IP are in the same range. Edit the following file to mention DNS servers
nano /etc/ppp/pptpd-options

Add the following lines to the end

1 2
ms-dns 8.8.8.8 ms-dns 8.8.4.4

You can use any DNS server here Im using Google Public DNS just as an example.

Add usernames and passwords

Edit the following file
1
nano /etc/ppp/chap-secrets

and add username/password combinations one in each line in the following format
1
username * password *

Example
1 2
jesin * s3cRet * user2 * vPnpass *

If only you are going to use this VPN server a single username/password combination is enough. Restart the pptpd service
1
service pptpd restart

Enable forwarding and create iptables rules

Our main purpose of setting up this VPN server is to access website right ? So our traffic has to be forwarded out of the VPN servers public network interface. Enable port forwarding on Linux by editing the sysctl.conf file
1
nano /etc/sysctl.conf

Add or find and comment out the following line

1
net.ipv4.ip_forward=1

Save, close the file and run the following command to make the changes take effect.
1
sysctl -p

The following iptables firewall rules allow port 1723, GRE and perform NAT
1 2 3
iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT iptables -I INPUT -p gre -j ACCEPT iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

In the last rule replace eth0 with the interface connecting to the internet on your VPN server. Finally the following rule is required to ensure websites load properly
1
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS --clamp-mss-to-pmtu

Replace 172.20.1.0/24 with the IP address range used in the remoteip option in the /etc/pptpd.conf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation. To save the IPTables rules read this article.

Create a VPN connection on your computer

If you are using Linux at home refer this article. Windows users follow the instructions below. 1. Navigate to Control Panel\Network and Internet\Network and Sharing Center and click Setup a new connection or network.

Choose setup a new connection or network from Network and Sharing Center

2. Choose Connect to a workplace option and click next.

3. Under How do you want to connect ? click Use my internet connection (VPN).

4. Enter the public IP address or the FQDN of the VPN server configured previously, enter a name for the VPN connection, also check Dont connect now; just set it up so I can connect later and click next.

5. In the final screen enter an username/password combination from thechap-secrets file, click create and close.

6. Back in the Network and sharing center from the top left click Change Adapter Settings.

7. Right-click the VPN connection created now, go to properties, choose the Security tab, under Type of VPN select Point to Point Tunneling Protocol (PPTP) and click OK.

8. Now click connect, fire your favourite browser and go to this page to check if you are using a different IP address. Any problems/suggestions just comment below. Happy browsing !!!