This entry will show you on how to create a PPTP server in Arch.
You will need two packages, the poptop server, and the ppp package.
pacman --sync pptpd ppp
Now, edit the file /etc/pptpd.conf
option /etc/ppp/options.pptp listen 192.168.0.1 # IP Address of listening interface localip 192.168.0.1 # local Server IP Address remoteip 192.168.1.1-254 # Range of IP Addresses to be assigned to clients
Now, edit the file /etc/ppp/options.pptp
lock name pptp ms-dns <ip address> # primary DNS server ip address ms-dns <ip address> # secondary DNS server ip address +pap # for pap authentication -chap # do not authenticate client using chap protocol
There are many more options which can be added to the options.pptp file, please refer to the man pages for help
if pap authentication is enabled, then edit the file /etc/ppp/pap-secrets to add the credentials of your users.
<username> pptp <password>
if chap authentication is used, edit the file /etc/ppp/chap-secrets
<username> pptp <password> *
Now, enable IP Forwarding by editing /etc/sysctl.conf
Configure your iptables settings to enable access for PPTP Clients
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT # pptp connects to port 1723 iptables -A INPUT -p 47 -j ACCEPT # all tunneling is performed using GRE Protocol iptables -A FORWARD -i ppp+ -o <outgoing interface> -j ACCEPT # To allow clients to access internet when connected to vpn
Once clients are successfully connected, they will show up as device names ppp0,ppp1,etc. To route the users so that they get internet activity, you can NAT them using iptables
iptables -t nat -A POSTROUTING -i ppp+ -j SNAT --to-source <outgoing interface ip address>
You now have a functioning PPTP Server.