Set up PPTP VPN server on debian 4.0

While being the simplest of the VPN serveer to set up for linx it is also the least secure.  While it is the least secure it is still much better then using nothing.  A quick search for pptpd will give you PoPToP.

PPTPD is good because is comes as part of the base install for many common operation systems like Windows, OS X, and even the IPhone/Ipod.

In past versions of debian you had to to much more work to get pptp to encript your data like installing kernel modules.  Since kernel 2.6.15-rc1 everything is included by default so all you should do is install pptpd, but lets just run a quick check to make sure.  If you get a failure follow these instructions in order to get MPEE working[Debian MPPE HOWTO][1].

server:/var/log# modprobe ppp-compress-18 && echo success
success

server:/# aptitude  search pptpd
i   pptpd                                                              – PoPToP Point to Point Tunneling Server

Start by installing it by simply isuing the fowling command.

mini:/# aptitude  install pptpd

The first file you will want to edit is /etc/pptpd.conf. You need to put in the ip range of the clients will be assigned and the virtural ip of the PPTP server.  Mare sure you pick a ip range that is not already used!  The remote IP range below will allow 49 hosts to connect.

localip 10.80.0.1
remoteip 10.80.0.2-50

Next we want to set up the pptpd server options.

username@server:~$ cat /etc/ppp/pptpd-options
name hostname.TLD

refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128

ms-dns 192.168.1.1

proxyarp
nodefaultroute
lock
nobsdcomp
noipx
mtu 1490
mru 1490
#plugin radius.so

I have the plugin radius.so commented out because that is only necessary for when you are using radius to authenicate the clients.  I will be going over how to set that up in a feture post.  In the mean time we will leave it commented out.

Next we have to set up the user accounts.  The user accounts are set up in a file called /etc/ppp/chap-secrets.  The format is pretty self explanatory but I will go over it any way,  the first filed is the user name that the client will enter into their pptp client, the second filed would be the ip of the PPTP server, just leave it as * for now, forth field is the password the client will have to enter, and the list and final field is the ip adress that the client will be coming from, since you most likely will have no idea where the client will be comign from just leave it as *.  Yes I know password is a really bad password, it is just a example.

server:/etc/ppp# cat chap-secrets
# Secrets for authentication using CHAP
# client    server    secret            IP addresses
username     *     password

Now run

mini:/etc/ppp# /etc/init.d/pptpd start
Starting PPTP Daemon: pptpd.

to start the server up.

You should see some entries in /var/log/syslog like the ones below indicating a secessful start.

Jan  7 22:31:58 mini pptpd[13512]: MGR: Manager process started
Jan  7 22:31:58 mini pptpd[13512]: MGR: Maximum of 49 connections available

Dont forget to put in the proper firewall rules and system settings to foward any necessary traffic.  I will inclue a link to the directions in a fiture post.

[1]: http://pptpclient.sourceforge.net/howto-debian-build.phtml