How to setup a PPTP VPN on Debian 6

This guide will teach you how to setup and install a functioning PPTP VPN server on
Debian 6 squeeze. This will allow you to tunnel all your traffic through your server.
This guide should also work for any other linux based distribution.
The first step is to install the pptpd package for the VPN.
apt-get install pptpd
Now in your favourite editor we need to open /etc/pptpd.conf. Scroll down until you
see
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
These two lines need to be uncommented, so should look like this
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245
Now we can add the user accounts we want to be able to connect through the VPN.
Open up /etc/ppp/chap-secrets in your favourite editor. It should look something like
this
# Secrets for authentication using CHAP
# client server secret IP addresses
Below those lines we can add users, seperate each user by a new line. Say for example
we want to enter the username mark with a password cats, our file would look like this
# Secrets for authentication using CHAP
# client server secret IP addresses
mark pptpd cats *
We now need to open the file /etc/ppp/pptpd-options and locate ms-dns. These will
look like this
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
Uncomment both of these and replace them with DNS servers. I will be using the free
Google DNS servers in this tutorial. Your file should now look like this
ms-dns 8.8.8.8
ms-dns 8.8.4.4
The next step is to open /etc/sysctl.conf in your favourite editor, to enable packet
forwarding. Locate the line the line below, and uncomment #net.ipv4.ip_forward=1.
# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1
You can now issue the command below, so that IP forwarding will take effect without
a reboot.
echo 1 > /proc/sys/net/ipv4/ip_forward
Now we need to create an iptables rule so that our VPN traffic can pass through
without issues. This command will depend on if you are running any virtualisation
such as being on an XEN or OpenVZ VPS. You should issue below command to figure

out the internet interface. In most cases it will be eth0 (No virtualisation or XEN) on
OpenVZ it will most likely be venet0
ifconfig
Once we have found out the right interface we can issue the command below. Replace
eth0 with the correct interface that you discovered in the step above.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
The VPN will now work, however this iptables rule will disappear upon reboot of the
server, therefore not allowing the VPN to work. To fix this we will issue the command
iptables-save > /etc/iptables.conf
Now edit the file /etc/network/interfaces at below the interface listed there add
pre-up iptables-restore < /etc/iptables.conf
My /etc/network/interfaces looks like this
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.conf
The final step is to issue the command
/etc/init.d/pptpd restart
Congratulations! You should now have a functioning PPTPD tunnel in which you can
tunnel traffic to your server.