How to install your own VPN server in 5 mins (PPTP on CentOS, RedHat and Ubuntu)

virtual-private-networkVirtual Private Network (VPN) is the most effective way to bypass access control, the censorship, and network spying. It is also a safe way to connect to the internet to protect your privacy. It is usually better than using web proxy.

For example, when you are on a business visit to Asia, very likely, you are not able to access your Hulu Plus contents, or Amazon Prime unless you use a VPN connection to a server located in US. The reason is that Hulu or Amazon is only allowed to stream videos in US per license agreement with copyright holders.

Of course, there are many VPN providers. But if you want full control or want to share the vpn with your buddies, you can get a server and install it by yourself.

Before you start, you need get a dedicated server with root access. VPS may not work well depending on the virtualization software used. You can get a cheap dedicated server with less than $50/month.

There are mainly 3 types of VPN servers: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP) and OpenVPN. In this tutorial, we use PPTP because it is supported natively on almost all devices, Windows, Linux, Android, IOS and Mac OS.

Step 1. Install PPTPD

If your OS is CentOS/RedHat 5:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm
rpm -Uhv pptpd-1.4.0-1.rhel5.x86_64.rpm

If your OS is CentOS/RedHat 6:

yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -Uhv pptpd-1.4.0-1.el6.x86_64.rpm

If you are using Ubuntu:

apt-get install pptpd

Step 2. Edit IP setttings in /etc/pptpd.conf

vi /etc/pptpd.conf
or
nano -w /etc/pptpd.conf

localip 192.168.0.1
remoteip 192.168.0.101-200

Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)

vi /etc/ppp/chap-secrets
or
nano -w /etc/ppp/chap-secrets

usernameForuser1 * setpassword1here *
usernameForuser2 * setpassword2here *

Step 4. Optional settings in /etc/ppp/options.pptpd

vi /etc/ppp/options.pptpd
or
nano -w /etc/ppp/options.pptpd

ms-dns 8.8.8.8
ms-dns 4.4.4.4

Step 5. Enable network forwarding in /etc/sysctl.conf

vi /etc/sysctl.conf
or
nano -w /etc/sysctl.conf

net.ipv4.ip_forward = 1

Use the following command to apply the change:

sysctl -p

Step 6. Configure firewall

iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart

If you are using CSF firewall, you may refer to this post on firewall settings.

Step 7. Start PPTP VPN server

If your OS is CentOS or Redhat, using the following command:

service pptpd restart

To start PPTP Daemon automatically when rebooting next time, use command:

chkconfig pptpd on

If your OS is Ubuntu, you just reboot your machine.

Now you can test the VPN server from any client: Windows PCs, Linux PCs, Android phones/tablets, or iPhone and iPad.

The log of the VPN server, by default, is combined with system log located at /var/log/messages.

PS: for text editor you can also use nano, instead of vi, if you are not comfortable with vi. If you are using nano, make sure you start nano with “-w”.

Any questions? you post them in the comment section.

Updated 1: update the version of pptp daemon.

Comments

  1. when initializing traffic from the client, GRE tunnel still showing down .. any idea on trouble shooting this …

  2. Hi!

    Do you have any idea, how to manage this on a virtual machine where no eth exists?
    Sweet thanks in advance for any answer!

    Joker

    • You can always add network device in the virtual machine. Which VM software are you using?

      You can also bridge the network so that VM will be same as a physical machine in the network.

  3. Hi.

    Brilliant guide but i followed this to the letter and i get an error on my iPhone saying “The PPTP-VPN server did not respond. Try reconnecting. If the problem continues, verify your settings and contact your Administrator.” I did have this working once on Ubuntu as far as i could get a vpn connection showing on the server but no traffic would pass through. I feel this setup will work once i get the server responding. Any ideas? All other services are working, ssh, webmin, firewall etc just not this. pptpd is running.

    Thanks

    Andy

  4. hi
    thanks for your kind information.
    when i want to connect from windows i saw this error :

    The remote connection was not made because the attempted VPN tunnels failed. The VPN server might be unreachable. If this connection is attempting to use an L2TP/IPsec tunnel, the security parameters required for IPsec negotiation might not be configured properly.

    do you have any idea?

  5. I have a question i can connect and everything. But when i try to visit a site it just says
    Error105 (net::ERR_NAME_NOT_RESOLVED

    Something with DNS please help i also tried typing in IPs that doesnt work either

  6. Hi, i want to set this one up in our office but we dont have STATIC IP, would DHCP or dynamic ip provided by our ISP works too?

    • It will be too tedious, because:
      1. you have to make your server available outside (i.e, you have to setup the Dynamic DNS)
      2. you need additional settings when your server is behind a NAT.

  7. hi thanks for your nice post but when i connect to server it disconnect me in second can you tell me why?

  8. For using this with a static ip and nat active what should I doo?

    • you must forward 1723 to the PPTP server.

      the problem is usually on GRE, which does not use port. But most (not all) routers will do the forwarding automatically once port 1723 forwarding is setup.

  9. after : service pptpd restart
    pptpd: unrecognized service

    step 7

    os: redhat

  10. Working vpn but no internet access

  11. Hi

    I have error 619 win xp

    Error 619: A Connection to the Remote Computer could not be established, so the port used for this connection was closed.

    • I am having the same problem on centos but on ubuntu it’s working fine, if you need help about ubuntu please send me an email at [email protected] and I’ll personally help you set it up bro 🙂

      • Yeah. I was on CentOS 6 and that error also shows up because ppp is not supported by the kernel. I had to reinstall my VPS as CentOS 5 then my pptp server finally worked.

  12. How to disconnect any particular ppp client from server? i tried “ifdown ppp0” in cent os doesn’t work.

  13. Wow, it was a great and quick pptp setup instruction. Can you also make one for openvpn?

  14. Anonymous says

    I receive error 807 from Windows 7, but from another computer I can connect .. what is the problem?

  15. Cris Mooney says

    Based on my struggles after trying to implement PPTP on CentOS 6, based on a number of resources on the web, I offer the following.

    A base Cent OS 6 install (at least 6.4) has the following relevant “iptables” firewall rules in place:

    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited

    Without enabling traffic ABOVE these, likely using “iptables -I” (insert) instead of commonly cited “iptables -A” (append), you will see an “icmp destination unreachable (host administratively prohibited)” response from your server in a client side trace with WireShark (LAN testing encouraged).

    Recommendation:

    While testing/learning, disable the OS firewall with “service iptables save”, until you have confirmed things work. Unintuitively, or at least I find it to be, you can disable the “iptables” firewall and PPTP will work (I would have expected it be required for the “POSTROUTING -o eth0 -j MASQUERADE” directive).

    You can use a windows client within your LAN for testing the VPN connection (harder with Windows Remote Access as noted below, and thus not intuitive to some). But note that LAN access to that client station will go down if it does connect, so you will need to have access to the console (or kill the server connection side to get back).

    During testing, also try and remember that “service pptpd start” will not hold over reboot (until you do “chkconfig pptpd on”), and neither will “service iptables stop” (and I do not recommend “chkconfig iptables off” since you may forget to set up your “iptables” firewall once basic testing is done).

    With PPTP working open and internally, properly enabling the “iptables” firewall you will have to add rules. Be sure all your iptables rules, not just the “POSTROUTING”, show above the “REJECTS”. Using “-I” instead of “-A” may do this properly. You can then go after opening TCP port 1723, and GRE, in your public firewall.

    My iptable rule additions:

    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    # iptables -I INPUT -i eth0 -p gre -j ACCEPT
    # iptables -I INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
    # iptables -I FORWARD -i ppp+ -o eth0 -j ACCEPT
    # iptables -I FORWARD -i eth0 -o ppp+ -j ACCEPT
    # service iptables save

    Also, “localip” clarification: this is your simple/normal Cent OS VPN server machine LAN address. Counterintuitively to the gurus, this is not obvious to those of us coming from Windows Remote Access setup, where as I understand it one is required to have a separate card and subnet for the “incoming VPN” service to listen on (for incoming port 1723 and GRE). With this Cent OS PPTP implementation all can happen in your normal single subnet, with “localip” unlikely to be the sometimes given example like “10.10.10.1” (since “1” is quite often the “special” gateway router address, confusing newbie interpretation of what “localip” is). Your simple PPTP VPN server LAN address like “10.10.10.2” is the “localip”, seen as “eth0” in “ipconfig -a” (and perhaps assigned on boot by DHCP during testing…once you figure out to enable “ONBOOT=yes”, but I digress). The “remoteip” address(es) are LAN assigned DHCP style to connecting clients (like “10.10.10.20-29”).

    Finally, remember, your “test” client can be something in the same LAN like “10.10.10.30”. Connecting will make the client networking a bit wonky as noted above, so it is just for testing it “works”, and using Windows WireShark to diagnose.

    # cat /etc/sysconfig/iptables
    *filter
    :INPUT ACCEPT [0:0]
    :FORWARD ACCEPT [0:0]
    :OUTPUT ACCEPT [54:7776]
    -A INPUT -i eth0 -p tcp -m tcp –dport 1723 -j ACCEPT
    -A INPUT -i eth0 -p gre -j ACCEPT
    -A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -p icmp -j ACCEPT
    -A INPUT -i lo -j ACCEPT
    -A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
    -A INPUT -j REJECT –reject-with icmp-host-prohibited
    -A FORWARD -i eth0 -o ppp+ -j ACCEPT
    -A FORWARD -i ppp+ -o eth0 -j ACCEPT
    -A FORWARD -j REJECT –reject-with icmp-host-prohibited
    COMMIT
    # Completed on Fri Mar 22 14:27:25 2013
    # Generated by iptables-save v1.4.7 on Fri Mar 22 14:27:25 2013
    *nat
    :PREROUTING ACCEPT [161:16636]
    :POSTROUTING ACCEPT [1:96]
    :OUTPUT ACCEPT [2:153]
    -A POSTROUTING -o eth0 -j MASQUERADE
    COMMIT

    ESXi 5.1, 5GB disk, 600MB RAM, CentOS 6.4 64 bit “Minimal: core” install. The “>>>” is text edited in vi.

    # vi /etc/sysconfig/network-scripts/ifcfg-eth0
    >>> ONBOOT=yes
    # reboot
    # yum update
    # reboot

    # uname -a
    Linux localhost.localdomain 2.6.32-358.2.1.el6.x86_64 #1 SMP Wed Mar 13 00:26:49 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
    # ifconfig -a
    eth0 … inet addr:10.10.10.2 Bcast:110.10.10.255 Mask:255.255.255.0 …
    # yum install ppp -y
    Installed:
    ppp.x86_64 0:2.4.5-5.el6
    Dependency Installed:
    libpcap.x86_64 14:1.0.0-6.20091201git117cb5.el6
    # yum install wget -y
    Installed:
    wget.x86_64 0:1.12-1.8.el6
    # yum install perl -y
    Installed:
    perl.x86_64 4:5.10.1-129.el6
    Dependency Installed:
    perl-Module-Pluggable.x86_64 1:3.90-129.el6
    perl-Pod-Escapes.x86_64 1:1.04-129.el6
    perl-Pod-Simple.x86_64 1:3.13-129.el6
    perl-libs.x86_64 4:5.10.1-129.el6
    perl-version.x86_64 3:0.77-129.el6
    # yum install tcpdump -y
    Installed:
    tcpdump.x86_64 14:4.0.0-3.20090921gitdf3cb4.2.el6

    # cd /usr/local/src
    # wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm
    # rpm -Uhv pptpd-1.3.4-2.el6.x86_64.rpm
    # vi /etc/sysctl.conf
    >>> net.ipv4.ip_forward = 1
    # sysctl -p
    # vi /etc/pptpd.conf
    >>> localip 10.10.10.2
    >>> remoteip 10.10.10.3-9
    # vi /etc/ppp/options.pptpd
    >>> ms-dns 10.10.10.10
    >>> ms-dns 10.10.10.11
    # vi /etc/ppp/chap-secrets
    >>> foo * bar *
    # service pptpd start
    # service iptables stop

    — should work here —

    # iptables -I INPUT -i eth0 -p gre -j ACCEPT
    # iptables -I INPUT -i eth0 -p tcp –dport 1723 -j ACCEPT
    # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    # iptables -I FORWARD -i ppp+ -o eth0 -j ACCEPT
    # iptables -I FORWARD -i eth0 -o ppp+ -j ACCEPT
    # service iptables save
    iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
    # service iptables start
    iptables: Flushing firewall rules: [ OK ]
    iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
    iptables: Unloading modules: [ OK ]
    iptables: Applying firewall rules: [ OK ]

    — should work here —

    # chkconfig pptpd on
    # reboot

    # tcpdump -i eth0 port 1723
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    14:37:19.620105 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [S], seq 2505425961, win 64512, options [mss 1460,nop,nop,sackOK], length 0
    14:37:19.620199 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [S.], seq 3664049741, ack 2505425962, win 14600, options [mss 1460,nop,nop,sackOK], length 0
    14:37:19.620544 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [P.], seq 1:157, ack 1, win 64512, length 156: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) FRAME_CAP(A) BEARER_CAP(A) MAX_CHAN(0) FIRM_REV(2600) HOSTNAME() VENDOR(Microsoft Windows NT)
    14:37:19.620587 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [.], ack 157, win 15544, length 0
    14:37:19.634287 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [P.], seq 1:157, ack 157, win 15544, length 156: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) RESULT_CODE(1) ERR_CODE(0) FRAME_CAP() BEARER_CAP() MAX_CHAN(1) FIRM_REV(1) HOSTNAME(local) VENDOR(linux)
    14:37:19.634570 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [P.], seq 157:325, ack 157, win 64356, length 168: pptp CTRL_MSGTYPE=OCRQ CALL_ID(16384) CALL_SER_NUM(9813) MIN_BPS(300) MAX_BPS(100000000) BEARER_TYPE(Any) FRAME_TYPE(E) RECV_WIN(64) PROC_DELAY(0) PHONE_NO_LEN(0) PHONE_NO() SUB_ADDR()
    14:37:19.644849 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [P.], seq 157:189, ack 325, win 16616, length 32: pptp CTRL_MSGTYPE=OCRP CALL_ID(0) PEER_CALL_ID(16384) RESULT_CODE(1) ERR_CODE(0) CAUSE_CODE(0) CONN_SPEED(100000000) RECV_WIN(64) PROC_DELAY(0) PHY_CHAN_ID(0)
    14:37:19.648549 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [P.], seq 325:349, ack 189, win 64324, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(0) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
    14:37:19.687998 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [.], ack 349, win 16616, length 0
    14:37:21.661412 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [P.], seq 349:373, ack 189, win 64324, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(0) SEND_ACCM(0x00000000) RECV_ACCM(0xffffffff)
    14:37:21.661443 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [.], ack 373, win 16616, length 0
    14:37:29.875543 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [P.], seq 373:397, ack 189, win 64324, length 24: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(0) SEND_ACCM(0xffffffff) RECV_ACCM(0xffffffff)
    14:37:29.875595 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [.], ack 397, win 16616, length 0
    14:37:33.134480 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [F.], seq 189, ack 397, win 16616, length 0
    14:37:33.134626 IP 10.10.10.30.4632 > 10.10.10.2.pptp: Flags [F.], seq 397, ack 190, win 64324, length 0
    14:37:33.134643 IP 10.10.10.2.pptp > 10.10.10.30.4632: Flags [.], ack 398, win 16616, length 0

    # tail -f /var/log/messages
    Mar 22 14:36:26 CentOS-6-template pptpd[2072]: MGR: Maximum of 100 connections reduced to 6, not enough IP addresses given
    Mar 22 14:36:26 CentOS-6-template pptpd[2073]: MGR: Manager process started
    Mar 22 14:36:26 CentOS-6-template pptpd[2073]: MGR: Maximum of 6 connections available
    Mar 22 14:37:11 CentOS-6-template kernel: device eth0 entered promiscuous mode
    Mar 22 14:37:19 CentOS-6-template pptpd[2132]: CTRL: Client 10.10.10.30 control connection started
    Mar 22 14:37:19 CentOS-6-template pptpd[2132]: CTRL: Starting call (launching pppd, opening GRE)
    Mar 22 14:37:19 CentOS-6-template pppd[2133]: Warning: can’t open options file /root/.ppprc: Permission denied
    Mar 22 14:37:19 CentOS-6-template pppd[2133]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
    Mar 22 14:37:19 CentOS-6-template pppd[2133]: pppd 2.4.5 started by root, uid 0
    Mar 22 14:37:19 CentOS-6-template pppd[2133]: Using interface ppp0
    Mar 22 14:37:19 CentOS-6-template pppd[2133]: Connect: ppp0 /dev/pts/2
    Mar 22 14:37:19 CentOS-6-template pptpd[2132]: GRE: Bad checksum from pppd.
    Mar 22 14:37:21 CentOS-6-template pptpd[2132]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
    Mar 22 14:37:21 CentOS-6-template pppd[2133]: MPPE 128-bit stateless compression enabled
    Mar 22 14:37:24 CentOS-6-template pppd[2133]: found interface eth0 for proxy arp
    Mar 22 14:37:24 CentOS-6-template pppd[2133]: local IP address 10.10.10.2
    Mar 22 14:37:24 CentOS-6-template pppd[2133]: remote IP address 10.10.10.3
    Mar 22 14:37:29 CentOS-6-template pppd[2133]: LCP terminated by peer (BE8t^@<M-Mt^@^@^@^@)
    Mar 22 14:37:29 CentOS-6-template pppd[2133]: Connect time 0.1 minutes.
    Mar 22 14:37:29 CentOS-6-template pppd[2133]: Sent 96 bytes, received 2010 bytes.
    Mar 22 14:37:32 CentOS-6-template pppd[2133]: Connection terminated.
    Mar 22 14:37:33 CentOS-6-template pppd[2133]: Modem hangup
    Mar 22 14:37:33 CentOS-6-template pppd[2133]: Exit.
    Mar 22 14:37:33 CentOS-6-template pptpd[2132]: GRE: read(fd=6,buffer=611860,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
    Mar 22 14:37:33 CentOS-6-template pptpd[2132]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
    Mar 22 14:37:33 CentOS-6-template pptpd[2132]: CTRL: Client 10.10.10.30 control connection finished

    Resources I used to get this far:

    http://blog.secaserver.com/2011/10/install-vpn-pptp-server-centos-6/
    http://docs.cslabs.clarkson.edu/wiki/Install_PPTP_on_CentOS_5
    https://freehostinganswers.com/how-to-install-your-own-vpn-server-in-5-mins-pptp-on-centos-redhat-and-ubuntu/
    http://ripplesedge.com/wordpress/?p=217
    https://www.centos.org/modules/newbb/viewforum.php?forum=58

    Hope this helps someone else, or someone else corrects me here.
    Cris

  16. Fandy Akhmad says

    Hello, how i test the VPN server from client?
    I am new to about this VPN.

  17. Thanks for the article,

    I’ve also made a script that install PPTP on CentOS, if you’re interested in taking a look:

    http://drewsymo.com/networking/vpn/install-ptpp/

  18. Hi , and thank you for this learning. i have ded server which i use openvz on it for virtualization. i run this scrip on a vps on it (with centos 6.x 64bit). but i get few error about iptables through installation :

    error: “net.bridge.bridge-nf-call-ip6tables” is an unknown key
    error: “net.bridge.bridge-nf-call-iptables” is an unknown key
    error: “net.bridge.bridge-nf-call-arptables” is an unknown key

    also:

    FATAL: Module ip_tables not found.
    iptables v1.4.7: can’t initialize iptables table `nat’: Table does not exist (do
    Perhaps iptables or your kernel needs to be upgraded.

    and i can connect to it with vpn connection ( i use linux mint 14 on my laptop)

    can you please guide me me to solve this problem?

    • check your /etc/vz/vz.conf to find out whether you have a line similar to this
      IPTABLES=”ipt_REJECT ipt_tos ipt_TOS ipt_LOG ip_conntrack ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length ipt_state iptable_nat ip_nat_ftp ipt_owner ipt_REDIRECT”

  19. Hi, I can connect to vpn server but have no internet access
    I got log message as below, can anyone help?

    Apr 10 11:36:46 server pptpd[20330]: CTRL: Client 114.94.**.*** control connection started
    Apr 10 11:36:46 server pptpd[20330]: CTRL: Starting call (launching pppd, opening GRE)
    Apr 10 11:36:46 server pppd[20331]: Plugin /usr/lib64/pptpd/pptpd-logwtmp.so loaded.
    Apr 10 11:36:46 server pppd[20331]: pppd 2.4.5 started by root, uid 0
    Apr 10 11:36:46 server pppd[20331]: Using interface ppp0
    Apr 10 11:36:46 server pppd[20331]: Connect: ppp0 /dev/pts/0
    Apr 10 11:36:47 server pptpd[20330]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!
    Apr 10 11:36:47 server pppd[20331]: MPPE 128-bit stateless compression enabled
    Apr 10 11:36:49 server pppd[20331]: Cannot determine ethernet address for proxy ARP
    Apr 10 11:36:49 server pppd[20331]: local IP address 192.168.0.1
    Apr 10 11:36:49 server pppd[20331]: remote IP address 192.168.0.101

  20. thank you ,
    i installed and i can connect from my windows laptop
    but the problem i can go through the port i want to use
    and in
    http://www.canyouseeme.org/
    it give me closed.
    but if i use freevpn it work good
    any additional rules in iptables ?

  21. This site has a free utility to automatically configure PPTP iphone http://buyvpn.com/ipad_pptp_vpn

  22. Hi, I have a web server, on which my website is currently hosted. Can I install and use PPTP on this same server?

    • Very unlikely, because root access is required to install PPTP.

      • Thanks for the reply. I mean I do have a VPS, with root access. I could use it as a VPN server. The only thing is: My website is hosted on this machine. Won’t there be any conflicts?! Can a server act as a WebServer and PPTP VPN server at the same time?

        • Then, it depends on vps software used. Some additional settings are probably needed. For OS-level virtualization (OpenVZ)systems, you may need root access (for the configuration of your instance).

          Anyway, I never tried this. Maybe, Someone who tried can shed light on this.

  23. Hi!
    Thank you for your help ;
    I did all you said but again when I want to connect to my vpn ,It doesn’t agree my username and password;
    My OS : ubuntu 12.04 32bit
    Ram : 128 MG
    Bandwidth : UnLimited
    What should I do?????
    I really want it if you have my answer please tell me or email me.
    ———————-
    Thank you all

  24. hi

    i installed pptp in centos and connect to vpn without problem

    but when connect to any client as vnc or remote desktop my vpn disconnected

    why?

    plz help me

  25. hi.thank you for this post.
    I have error 619 windows xp

    A Connection to the Remote Computer could not be established, so the port used for this connection was closed.

    • The error normally is due to client side. The possible causes include:
      1. your router does not support PPTP pass through (check the specifications of teh router)
      2. your ISP blocks PPTP connections
      3. your firewall blocks PPTP connections (test again by disabling firewall)
      4. other causes I don’t know

  26. Hi,
    Was wondering how I set this up with 1 public uplink and 1 private uplink.(this is on VPN server0
    So: 1 internet uplink, 3 others servers with private uplinks only(private=local) all connected to the VPN server as clients. Any idea?

  27. Hi, thank you for the post. I have successfully configured my VPN and can connect from an Android. Although, I am having an issue accepting UDP packets that exceed the MTU and are fragmented. I run an application on an Android that accepts multiple UDP and TCP packets. All packets that are less than the MTU are received and processed correctly, but the UDP packets that are larger than the MTU, 5124 bytes, do not process correctly on the Android.

    Also, if I connect to my Ubuntu machine using the Android while on the same LAN and NOT using the VPN, I receive all of the traffic correctly. So this makes me think it is the GRE tunnel maybe.

    Any suggestions or areas I can research to solve my issue? Thank you again for your post it was very helpful.

  28. Hello to every one, the contents existing at this site are truly awesome for people knowledge, well, keep up the nice work fellows.

  29. Hi, I used the steps here and finally i got it to work. but my problem is that when I try to connect while somebody else is connected, I won’t be able to connect. It seems only one user can connect at a time. I don’t think it’s supposed to work like that though. hope you could enlighten me what i did wrong. thanks!

  30. Hey i followed your tutorial word by word and its still not working, I get this error , “A connection to the remote computer could not be established, so the port used for this connection was closed.”

    Its the error 619 code.

    Could you please contact me on skype Alex.hutchinson79 as i will most likely loose this site after leaving.

  31. please help me.
    why i am using command
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

    error message.
    iptables: No chain/target/match by that name.

  32. sorry
    pleas can you give me the configuration for client or a link..

  33. I’m having an issue with pppd call pptpserver command…it doesn’t seem to want to create the ppp0. Unsure what is wrong. The logs only show so much…

    pppd 2.4.5 started by root, uid 0
    Dec 27 10:41:54 vpn pppd[2063]: Using interface ppp0
    Dec 27 10:41:54 vpn pppd[2063]: Connect: ppp0 /dev/pts/3
    Dec 27 10:41:54 vpn pptp[2064]: anon log[usage:pptp.c:131]: pptp called with wrong arguments, program not started.
    Dec 27 10:41:54 vpn pppd[2063]: Modem hangup
    Dec 27 10:41:54 vpn pppd[2063]: Connection terminated.
    Dec 27 10:41:54 vpn pppd[2063]: Exit.

    Suggestions?

  34. Hi, iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE gives me:
    iptables: Unknown error 4294967295
    I see at http://kb.parallels.com/en/6816 that the cause might be: “The error may also occur when trying to use an iptables module which is not virtualized for Containers (e.g., MASQUERADE)”
    I tried to connect anyway but “tunnels failed”
    Any ideas or solutions. I am using a vps.

    • I also tried the following, and got no error msg. But connecting from a windows client still fails
      iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j SNAT –to-source [the public ip address of the vps]

  35. Hi
    There is a new problem now. I want to set up a PPTP VPN,but when I add a filewall rule does not seem to support NAT.
    An error”iptables v1.4.7: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.

    Can you help me with this problem, thank you

  36. Any idea on trouble shooting GRE tunnels

  37. Come on why is everybody ignoring my answer

  38. hello bro, the link given for csf has been remove. Can anyone advice on this?

Leave a Reply