This guide is intended for those who want to set up a PPTP VPN on OpenVZ with Debian or Ubuntu on a capable provider such as BuyVM.net. Lots of time has been spent through trial and error trying to figure it out. Insight and portions of this guide have been taken from howtogeek.com.
An automated script (written by me) is now available! http://www.putdispenserhere.com/pptp-debian-ubuntu-openvz-setup-script/
To verify PPP is working, run:
It should return this:
cat: /dev/ppp: No such device or address
1. Install the pptp server package:
apt-get install pptpd
2. Edit the “pptpd.conf” configuration file:
Uncomment the localip and remoteip lines and change them to something like this:
localip 184.108.40.206 remoteip 10.1.0.1-100
Where the “localip” is the address of your VPS, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network’s requirements.
3. Edit the “pptpd-options” configuration file:
Uncomment the ms-dns lines and change them to:
ms-dns 220.127.116.11 ms-dns 18.104.22.168
Where the IP used for the ms-dns line is the DNS server for the local network your client will be connecting to. In my example, I used OpenDNS’s DNS servers.
4. Edit the “chap-secrets” file:
Add the authentication credentials for a user’s connection, in the following syntax:
Make sure that you separate each entry with a single tab. It could be like this:
john * jsmith88 *
5. Edit the MTU settings:
Add this line to the end of the file:
ifconfig $1 mtu 1400
6. Allow PPTP through the firewall (iptables):
iptables -t nat -A POSTROUTING -j SNAT --to-source 22.214.171.124
Change 126.96.36.199 to your VPS’s public IP address.
After that, type in:
7. Restart the pptpd for the settings to take affect:
If you don’t want to grant yourself access to anything beyond the server, then you’re done on the server side.
8. Enable Forwarding:
By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to “jump” through the VPN server, to all other devices on the network. If you don’t enable forwarding, you will not be able to browse the web through your proxy.
Edit the sysctl file:
Find the “net.ipv4.ip_forward” and uncomment it by removing the “#”:
You can either restart the system or issue this command for the setting to take affect:
With forwarding enabled, all the server side settings are prepared.
Here is a script to reapply iptables settings at boot (in case your server restarts/crashes/etc.) Make sure you change the IP address to your VPS address.
iptables-save > /etc/iptables.conf cat > /etc/network/if-pre-up.d/iptables <<END #!/bin/sh iptables-restore < /etc/iptables.conf END chmod +x /etc/network/if-pre-up.d/iptables
Hope this works well for you, if not, let me know in the comments!