Education | Gaming | Internet | Reviews | Tech | Tutorials | WhoIS Lookup | SSL Checker  

VPN on Linode using Debian (PPTP)


Posted by Akensai on November 26, 2011 in Internet, Tech, Tutorials and has 19 replies.  

Recently I had the pleasure of setting up a VPN via a 512mb Linode VPS ($20/mo) and I must say it impressed me beyond all belief. Why did it impress me you ask? Well, uptime is incredible and the speeds are nothing short of amazing. I am connected right now via the VPN I setup in Georgia and it feels like I’m loading pages even faster than my bare connection. Here is the imagery you require:

That’s really amazing for a VPN connection, right? Damn skippy.

 

Not only that, but they also have some pretty easyily managed RDNS to personalize it further, ever wanted your ISP hostname to be your own domain? Yeah you can do that. But I won’t be covering that in this tutorial, you can Google it or figure it out, it shouldn’t be hard to find, I found it in 2 seconds flat. Here is some more imagery:

 

rdns

Alright, I think it’s time to get into the actual tutorial, so lets get started.

 

First off you are going to need to order the Linode VPS and install the OS:

  1. Click this and select the 512mb plan.
  2. Once you pay you can select the location, choose the closest to you for optimal pings.
  3. When prompted for the operating system you wish to run choose “Debian 6 (Lenny)

Now that the VPS is up we need to set the default root password:

  1. Navigate to manager.linode.com 
  2. Click “Linodes” and select your VPS
  3. Click the “Remote Access” tab and scroll down to “Console Access”
  4. Enter your password and hit “Change Password”
Sweet, so now we can SSH in! If you don’t have it already download Putty:
  1. Connect to your Linode IP found in the “Remote Access” tab
  2. Enter “root” as the login and the password you set in the previous step
Time to get the system updated:
From the console enter the following commands to update the system.
apt-get update
apt-get upgrade
If prompted be sure to say yes to the new downloads. (y + enter)

 

Alright! System is up-to-date, lets install pptpd (the VPN software):
Enter the following command(s) from the console
apt-get install pptpd

 

We need to configure the correct IP range to be used:
Enter the following command(s) from the console
nano /etc/pptpd.conf
Scroll with ctrl+v until you find:
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
Remove the “#” from each line (uncomment)
ctrl+x to save changes

 

Now, let’s set up the actual VPN User(s):
Enter the following command(s) from the console
nano /etc/ppp/chap-secrets
Add your user(s), it should look like this:
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
akensai         pptpd   passwordhere            *
Good job, save the file and lets move on.

 

 

Enable IP fowarding at startup to allow the VPN users to connect:
Enter the following command(s) from the console
nano /etc/sysctl.conf
Find:
#net.ipv4.ip_forward=1
Uncomment the “#”
Good, lets make the changes take effect now:
Enter the following command(s) from the console
sysctl -p
It should echo the changes to you, if not go back and make sure you did it right.

 

Now for the part other guides don’t tell you about that is absolutely critical to have a working VPN…

 

Set iptables rules to allow forwarding:
Enter the following command(s) from the console
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

 

Set the default MTU rule via iptables:
Enter the following command(s) from the console
iptables -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu
Great job, you must be a retarded genius!

 

Set pptpd to start on server boot:
Enter the following command(s) from the console
chmod +x /etc/init.d/pptpd
/usr/sbin/update-rc.d -f pptpd defaults

 

Now we just need to set the iptables rules to run on boot as well:
Enter the following command(s) from the console
nano /etc/iptables.sh
Script created, lets put the rules in it, write this out EXACTLY as it appears:
#!/bin/sh
IPT="/sbin/iptables"

$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPT -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu
Save the file and lets move on!

 

Now lets set the script to run at boot:
Enter the following command(s) from the console
chown root /etc/iptables.sh
chmod 700 /etc/iptables.sh
We need to edit the default network interface to add the file now
nano /etc/network/interfaces
Find
# The primary network interface
auto eth0
iface eth0 inet dhcp
Add below:
pre-up /etc/iptables.sh

That’s it, now reboot the Linode and connect to the VPN, you can find a guide for that at PC World. If you can’t connect after you reboot there is a good chance you did something wrong, in which case I likely won’t help you with it, just check over the tutorial and make sure you did everything correct.

  • Nusfeato

    i followed this tut exactly how its read and got a vpn up and going within 10 minutes. i gotta say ive used hidemyass before and this is infinitely better.

    you are a god among men akensai. thank you.

  • technicali

    Works perfectly, crazy speeds too.

  • Cluedweasel

    Works well with my VPS. Thank you. 
    If you use a VPN with an iPad or other device, you may hit a problem with no DNS servers defined. I fixed this by going to /etc/ppp and editing the options file. Un-comment the two “ms-dns” lines and replace the IP addresses with “8.8.8.8″ and “8.8.4.4″. These are Google’s public DNS servers. Save the file. After that, the VPN connection should work perfectly on an iPad.

    • http://akensai.com Akensai

      Thanks for the update. I actually don’t own a tablet or smartphone myself, I work from home so I really have no need in much more than my desktop and laptop.

  • Graeme Mc Keague

    Hi, Im Trying to set this up on Ubuntu 10.4, I’m coming up with a problem at this :
    iptables -o eth0 -A FORWARD -p tcp –tcp-flags SYN,RST SYN -m tcpmss–mss 800:1536 -j TCPMSS –clamp-mss-to-pmtu 
    I’m getting this error:
    iptables v1.4.4: Couldn’t load match `tcpmss–mss’:/lib/xtables/libipt_tcpmss–mss.so: cannot open shared object file: No such file or directoryHow do i fix this?Thanks

    • http://akensai.com Akensai

      Graeme,

      Thanks for pointing that out, it looks like WordPress formatted the line and removed some of the prefixes. I have fixed that.

      • Guest

        doesnt look like you fixed it

        • Toss Everet

          It’s the part that overlaps the background on this site. seems to work fine for me

  • Antonio

    obrigado, eu tinha esquecido do iptables!!

  • Antonio

    Thanks, i had had forgetting the iptables!

  • William

    Thanks Matte, its a breeze to config a server with this tutorial ! it’s worth adding those dns entries on, because i had some trouble opening certain pages !

  • Ivanpomedorov

    Any way to uninstall all of this? 

    • Jonesy

      apt-get remove pptpd

  • Guest

    this command does not work:

    -o eth0 -A FORWARD -p tcp –tcp-flags SYN,RST SYN -m tcpmss –mss 800:1536 -j TCPMSS –clamp-mss-to-pmtu

    • http://akensai.com Akensai

      What is the error you get? You may be missing a lib, otherwise it should be working assuming IPTables is running.

      • Anon

        -o blah blah
        doesn’t work (and nor should it)
        iptables -o blah blah
        does work

        • http://akensai.com Akensai

          Sorry for that, hadn’t noticed I missed “iptables” when I fixed the formatting awhile back.

    • cheedear

      Guest: It needs to be prefixed with “iptables”, that is to say, the command is:
      iptables -o eth0 -A FORWARD -p tcp –tcp-flags SYN,RST SYN -m tcpmss –mss 800:1536 -j TCPMSS –clamp-mss-to-pmtu

  • Ninad

    Seems i am still not able to setup the VPN Server ! May be because i have polluted my iptable rules from blogs all over the web … I did follow every thing posted here . no error after any step ! but i simply cannot connect the server from my PC , would you suggest anything i must do ?