VPN on Linode using Debian (PPTP)
Recently I had the pleasure of setting up a VPN via a 512mb Linode VPS ($20/mo) and I must say it impressed me beyond all belief. Why did it impress me you ask? Well, uptime is incredible and the speeds are nothing short of amazing. I am connected right now via the VPN I setup in Georgia and it feels like I’m loading pages even faster than my bare connection.
Not only that, but they also have some pretty easyily managed RDNS to personalize it further, ever wanted your ISP hostname to be your own domain? Yeah you can do that. But I won’t be covering that in this tutorial, you can Google it or figure it out, it shouldn’t be hard to find, I found it in 2 seconds flat.
First off you are going to need to order the Linode VPS and install the OS
1. Click this and select the 512mb plan.
2. Once you pay you can select the location, choose the closest to you for optimal pings.
3. When prompted for the operating system you wish to run choose “Debian 6 (Lenny)”.
Now that the VPS is up we need to set the default root password
1. Navigate to manager.linode.com.
2. Click “Linodes” and select your VPS.
3. Click the “Remote Access” tab and scroll down to “Console Access”.
4. Enter your password and hit “Change Password”.
Sweet, so now we can SSH in! If you don’t have it already download Putty
1. Connect to your Linode IP found in the “Remote Access” tab.
2. Enter “root” as the login and the password you set in the previous step.
Time to get the system updated
From the console enter the following command(s) to update the system.
apt-get update
apt-get upgrade
If prompted be sure to say yes to the new downloads. (y + enter)
Alright! System is up-to-date, lets install pptpd (the VPN software)
apt-get install pptpd
From the console enter the above command(s).
We need to configure the correct IP range to be used
nano /etc/pptpd.conf
Scroll with ctrl+v until you find:
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
Remove the “#” from each line (uncomment)
ctrl+x to save changes
Now, let’s set up the actual VPN User(s)
Enter the following command(s) from the console.
nano /etc/ppp/chap-secrets
Add your user(s), it should look like this:# Secrets for authentication using CHAP
# client server secret IP addresses
akensai pptpd passwordhere *
Good job, save the file and lets move on.
Enable IP fowarding at startup to allow the VPN users to connect
Enter the following command(s) from the console.
nano /etc/sysctl.conf
Find:
#net.ipv4.ip_forward=1
Uncomment the “#”
Good, lets make the changes take effect now:
Enter the following command(s) from the console.
sysctl -p
It should echo the changes to you, if not go back and make sure you did it right.
Now for the part other guides don’t tell you about that is absolutely critical to have a working VPN.
Set iptables rules to allow forwarding
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
From the console enter the above command(s).
Set the default MTU rule via iptables
Enter the following command(s) from the console
iptables -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu
Great job, you must be a retarded genius!
Set pptpd to start on server boot
chmod +x /etc/init.d/pptpd
/usr/sbin/update-rc.d -f pptpd defaults
From the console enter the above command(s).
Now we just need to set the iptables rules to run on boot as well
Enter the following command(s) from the console
nano /etc/iptables.sh
Script created, lets put the rules in it, write this out EXACTLY as it appears:
#!/bin/sh
IPT="/sbin/iptables"
$IPT -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPT -o eth0 -A FORWARD -p tcp --tcp-flags SYN,RST SYN -m tcpmss --mss 800:1536 -j TCPMSS --clamp-mss-to-pmtu
Save the file and lets move on!
Now lets set the script to run at boot
Enter the following command(s) from the console
chown root /etc/iptables.sh
chmod 700 /etc/iptables.sh
We need to edit the default network interface to add the file now
nano /etc/network/interfaces
Find
# The primary network interface
auto eth0
iface eth0 inet dhcp
Add below:
pre-up /etc/iptables.sh
That’s it, now reboot the Linode and connect to the VPN, you can find a guide for that at PC World.
If you can’t connect after you reboot there is a good chance you did something wrong, in which case I likely won’t help you with it, just check over the tutorial and make sure you did everything correct.