Linux VPN Server on Ubuntu Tutorial

[RTT]

We use Ubuntu here on our internal development servers (apt-get love ) and this morning I needed to setup a VPN server so that I can access some tools that run here from home. I came across a bunch of hurdles and thought i'd document them here for anyone who needs to do the same.

This will allow MS clients and probably Apple too.

Firstly install pptpd

Code:

sudo apt-get install pptpd

Now edit pptpd's config (/etc/pptpd.conf). At the bottom you'll find settings for localip and remoteip. Here's what mine looks like:

Code:

localip 172.198.1.4
remoteip 172.198.2.50-51

localip is the IP of an adapter in the server (yours might be 192.168.0.10 for example)
remoteip: the IPs that clients are allowed to use (i allowed mine to use 172.198.2.50 through 172.198.2.51)

Now we'll set up some users, so edit the chap-config config file(/etc/ppp/chap-secrets). I want to allow two users, so my chap-secrets file looks like this:

Code:

# client        server  secret                  IP addresses
rich             pptpd   apassword                80.40.0.0/13
geoff             pptpd   apassword                212.219.0.0/14

... which allows users rich and geoff, with the passwords 'apassword' to be accepted from those IP subnets. * can be used to allow all IPs. see pppd/chap-secrets man page for more info

You may be good to go at this point. Restart pptpd (sudo /etc/init.d/pptpd restart) and attempt to connect. If it doesn't work, check /var/log/messages for a notice that looks a bit like this:

Code:

Apr 10 09:49:42 beryllium pppd[9619]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4

If you see that, then we need to change pptpd-logwtmp's version number.

This info kindly lifted from CyberAngel at the Ubuntuforums.

We now need a few more things:

Code:

sudo apt-get install libwrap0-dev debhelper
sudo apt-get source pptpd
cd pptpd-1.3.0/plugins
sudo vim patchlevel.h

Change:

Code:

#define VERSION         "2.4.3"

To:

Code:

#define VERSION         "2.4.4"

Save the file and now do:

Code:

cd ../..
sudo apt-get -b source pptpd
sudo dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
sudo dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb

Done! Now restart pptpd:

Code:

sudo /etc/init.d/pptpd restart

And you should be good to go!

All you need to do now is add a VPN network connection and connect with the username/password that you set up. Don't forget to hit the IPv4 TCP/IP settings on your client machines for the VPN connection and to untick "Use default gateway on remote network" if you need to (you probably will).

You will also need to change some security settings (image):

VPN Connection > Properties > [Security Tab] -> Advanced

Allow these protocols: (tick) Microsoft CHAP Version2

[Millusdk]

Hi RTT.
I like your guide on how to make a PPTP network. I followed your guide, and had no problems in setting up everything, however when i connect to my VPN server i get limited connection, and i am not able to access the website on my server if i call its remote address. Could you please help me? I am using Windows Vista by the way.

[SpaceAge]

I've been trying to follow this, but am getting close towards the beginning...

When trying to install the pptpd package, it just sits at "Starting PPTP Daemon: ", and doesn't go beyond that unless I interupt it. Any idea why it's stopping here?

Thanks

[msilfver]

Make sure the config files has a line feed at the end.
If that doesn't work, try the debug option in pptpd.conf.

[HVJoel]

Hi,

I've completed the tutorial. I remain with one problem though: the default pptpd port 1723 is already in use. Is there a way to change this port?

Thx in advance

[knuck]

four first posts in a row ! Damn , your howTo gets you love RTT !

[GahocIT]

Thank for TUT
And now I have a question
Save the file and now do:

Code:

Quote:

cd ../..
sudo apt-get -b source pptpd
sudo dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
sudo dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb

it is error

Could you tell me why error in line ?
Build command 'cd pptpd-1.3.4 && dpkg-buildpackage -b -uc' failed.
E: Child process failed

[songzila]

thanks alot RTT for the great tutorial. peace

[robertcohang]

Followed your guide and everything worked perfectly

[markbolden]

Hi RTT! Cool.. You're the first person that has posted a simple and direct How-To! Its funny because we IT folks tend to follow the most complex path and your How-To reminded me of how to get something up and running quickly (in under a minute) for a client of mine without resorting to a full on solution that requires special client software. Great Stuff!!

[saeed144]

I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?

[saeed144]

I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?

[philtec]

Quote:

Originally Posted by saeed144

I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?

I too would be interested in how to limit one account to one connection and if at all possible add a expire date to that account? Maybe some sh code would work as the user accounts are only in a txt file.... if you know how to resolve the above can you paste the result to phil.meakins@yahoo.co.uk so i can pick it up asap. many thanks.

[foodie202]

Quote:

Originally Posted by RTT

We use Ubuntu here on our internal development servers (apt-get love ) and this morning I needed to setup a VPN server so that I can access some tools that run here from home. I came across a bunch of hurdles and thought i'd document them here for anyone who needs to do the same.

This will allow MS clients and probably Apple too.

Firstly install pptpd

Code:

sudo apt-get install pptpd

Now edit pptpd's config (/etc/pptpd.conf). At the bottom you'll find settings for localip and remoteip. Here's what mine looks like:

Code:

localip 172.198.1.4
remoteip 172.198.2.50-51

localip is the IP of an adapter in the server (yours might be 192.168.0.10 for example)
remoteip: the IPs that clients are allowed to use (i allowed mine to use 172.198.2.50 through 172.198.2.51)

Now we'll set up some users, so edit the chap-config config file(/etc/ppp/chap-secrets). I want to allow two users, so my chap-secrets file looks like this:

Code:

# client        server  secret                  IP addresses
rich             pptpd   apassword                80.40.0.0/13
geoff             pptpd   apassword                212.219.0.0/14

... which allows users rich and geoff, with the passwords 'apassword' to be accepted from those IP subnets. * can be used to allow all IPs. see pppd/chap-secrets man page for more info

You may be good to go at this point. Restart pptpd (sudo /etc/init.d/pptpd restart) and attempt to connect. If it doesn't work, check /var/log/messages for a notice that looks a bit like this:

Code:

Apr 10 09:49:42 beryllium pppd[9619]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4

If you see that, then we need to change pptpd-logwtmp's version number.

This info kindly lifted from CyberAngel at the Ubuntuforums.

We now need a few more things:

Code:

sudo apt-get install libwrap0-dev debhelper
sudo apt-get source pptpd
cd pptpd-1.3.0/plugins
sudo vim patchlevel.h

Change:

Code:

#define VERSION         "2.4.3"

To:

Code:

#define VERSION         "2.4.4"

Save the file and now do:

Code:

cd ../..
sudo apt-get -b source pptpd
sudo dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
sudo dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb

Done! Now restart pptpd:

Code:

sudo /etc/init.d/pptpd restart

And you should be good to go!

All you need to do now is add a VPN network connection and connect with the username/password that you set up. Don't forget to hit the IPv4 TCP/IP settings on your client machines for the VPN connection and to untick "Use default gateway on remote network" if you need to (you probably will).

You will also need to change some security settings (image):

VPN Connection > Properties > [Security Tab] -> Advanced

Allow these protocols: (tick) Microsoft CHAP Version2

It all sounded so simple, maybe I'm missing something? It looks like it's all up and running on the VPN server's side. Is there any setup I need to enable the outside world to connect? I forwarded port 1723 on my router to the server host's IP address (both TCP and UDP), but clients can't connect.

[saeed144]

Quote:

Originally Posted by philtec

I too would be interested in how to limit one account to one connection and if at all possible add a expire date to that account? Maybe some sh code would work as the user accounts are only in a txt file.... if you know how to resolve the above can you paste the result to phil.meakins@yahoo.co.uk so i can pick it up asap. many thanks.

hey..i am still looking for an answer.. have you found a way to do that?
If you do please let me know. my email: sa_toussi@yahoo.com
thanks..

[swanside]

Hi,
Thanks for the info on how to set this up.
I did it and it worked great on my iPad while in the house.
I put the default port of 1723 in my router and sent it to my ubuntu server at 192.168.0.99
When I try to login using my dyndns account, it will not allow it. It shows VPN Connecting... and after about 30 seconds I get

Quote:

VPN Connection. A connection could not be established to the PPP server. Try reconnection. If the problem continues, verify your settings and contact your Administrator

In my /etc/pptpd.conf I have the following
# (Recommended)

Quote:

localip 192.168.0.99
remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245

where the localip of 192.168.0.99 is the ip of my server.

Any ideas please on what to try next?
Cheers
Paul.

[wammz]

Hi,
Thanks for the how-to.however,there are a few concept that i do not understand.While i am not new to linux,i am new to vpn and here is my scenario:

I want to setup the pptp server on a ubuntu box,behind a pix firewall that has a public ip tht NATs to the ubuntu box.what i do not understand is whci i do i use,the public one or the private one in the conf file on the localip,also the users that i create in tht file,are they system users or anything in the file will login?my current server has a lan ip of 192.168.1.2,shd i use this on the localip?
also,i use the default vpn client that comes with ubuntu 11.10 and it requires that i put a gateway when setting up a new vpn connection.what shd be put on the gateway?

Thanks in advance.

[wammz]

Quote:

Originally Posted by foodie202

It all sounded so simple, maybe I'm missing something? It looks like it's all up and running on the VPN server's side. Is there any setup I need to enable the outside world to connect? I forwarded port 1723 on my router to the server host's IP address (both TCP and UDP), but clients can't connect.

If i have a public ip on the pix firewall that NATs to the local 192.168.1.2 that has a ubuntu OS,what ip shd i use,the public one or the private one?also these users that we create,are they system users or u can create them straight from that file?

also,on my ubuntu 11.10 default vpn client,it asks for a gateway on setting up a connection,which ip shd i use for the gateway?

thanks in advance

[crimsont]

I have read soewhere that some older routers do not support the VPN connection protocols. How relevant is that to the set up? Comments?