PPTP server

From ArchWiki
Revision as of 21:15, 8 May 2010 by Sin.citadel (Talk | contribs)

Jump to: navigation, search

This entry will show you on how to create a PPTP server in Arch.

You will need two packages, the poptop server, and the ppp package.

pacman --sync pptpd ppp

Now, edit the file /etc/pptpd.conf

option /etc/ppp/options.pptp
listen 192.168.0.1 # IP Address of listening interface
localip 192.168.0.1 # local Server IP Address
remoteip 192.168.1.1-254 # Range of IP Addresses to be assigned to clients

Now, edit the file /etc/ppp/options.pptp

lock
name pptp
ms-dns <ip address> # primary DNS server ip address
ms-dns <ip address> # secondary DNS server ip address
+pap # for pap authentication
-chap # do not authenticate client using chap protocol

There are many more options which can be added to the options.pptp file, please refer to the man pages for help

if pap authentication is enabled, then edit the file /etc/ppp/pap-secrets to add the credentials of your users.

<username>     pptp     <password>

if chap authentication is used, edit the file /etc/ppp/chap-secrets

<username>     pptp     <password>   *

Now, enable IP Forwarding by editing /etc/sysctl.conf

net.ipv4.ip_forward=1

Configure your iptables settings to enable access for PPTP Clients

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT # pptp connects to port 1723
iptables -A INPUT -p 47 -j ACCEPT # all tunneling is performed using GRE Protocol
iptables -A FORWARD -i ppp+ -o <outgoing interface> -j ACCEPT # To allow clients to access internet when connected to vpn

Once clients are successfully connected, they will show up as device names ppp0,ppp1,etc. To route the users so that they get internet activity, you can NAT them using iptables

iptables -t nat -A POSTROUTING -i ppp+ -j SNAT --to-source <outgoing interface ip address>

You now have a functioning PPTP Server.