You are on page 1of 22

BUILD VPN SERVER

Preface

You will need to forward port 1723 from the internet to the server to enable the
connection (not covered here).

You will see me use VIM as the editor program, this is just because Im used to it
you may use any other editor that youd like.

Server Setup
Install the pptp server package:
#apt-get install pptpd

Edit the /etc/pptpd.conf configuration file:


#vim /etc/pptpd.conf

Add to it:
localip 192.168.1.5
remoteip 192.168.1.234-238,192.168.1.245

Where the localip is the address of the server, and the remoteip are the addresses that will
be handed out to the clients, it is up to you to adjust these for your networks requirements.
Edit the /etc/ppp/pptpd-options configuration file:
#vim /etc/ppp/pptpd-options

Append to the end of the file, the following directives:


ms-dns 192.168.1.1
nobsdcomp
noipx
mtu 1490
mru 1490

Where the IP used for the ms-dns directive is the DNS server for the local network your client
will be connecting to and, again, it is your responsibility to adjust this to your networks
configuration.
Edit the chap secrets file:

#vim /etc/ppp/chap-secrets

Add to it the authentication credentials for a users connection, in the following syntax:
username <TAB> * <TAB> users-password <TAB> *
Restart the connections daemon for the settings to take affect:
#/etc/init.d/pptpd restart

If you dont want to grant yourself access to anything beyond the server, then youre done on
the server side.
Enable Forwarding (optional)
While this step is optional and could be viewed as a security risk for the extremely paranoid,
it is my opinion that not doing it defeats the purpose of even having a VPN connection into
your network.
By enabling forwarding we make the entire network available to us when we connect and not
just the VPN server itself. Doing so allows the connecting client to jump through the VPN
server, to all other devices on the network.
To achieve this we will be flipping the switch on the forwarding parameter of the system.
Edit the sysctl file:
#vim /etc/sysctl.conf

Find the net.ipv4.ip_forward line and change the parameter from 0 (disabled) to 1
(enabled):
net.ipv4.ip_forward=1

You can either restart the system or issue this command for the setting to take affect:
#sysctl -p

With forwarding enabled, all the server side settings are prepared.
We recommend using a Split Tunnel connection mode for the VPN client.
A more in depth explanation about the recommended Split Tunnel mode, as well as
instructions for Ubuntu Linux users can be found in the Setting up a Split Tunnel VPN
(PPTP) Client on Ubuntu 10.04 guide.
For windows users, follow the guides below to create the VPN client on your system.
PPTP VPN Dialer Setup on XP (split tunnel)

We will create a regular VPN dialer with one note worthy exception, that we will set the
system to NOT use it as the Default Gateway when connected.
Skipping this step will limit the connecting computers surfing speed to the VPN servers
upload speed (usually slow) because all of its traffic would be routed through the VPN
connection and thats not what we want.
We need to start the connection wizard, so we will go to control panel.
Go to Start and then Control Panel.

*If your system is setup with the Classic Start Menu you need to just point on the Control
Panel icon and then select Network Connections.
In Control Panel double click Network Connections.

Double click New Connection wizard.

In the New Connection wizard welcome screen click Next.

Select the Connect to the network at my workspace option and then Next.

Select the Virtual Private Network connection option and then Next.

Give a name to the VPN connection.

Type in the name of your VPN servers DNS-name or IP address as seen from the Internet.

Optionally You may choose to Add a shortcut to the desktop and Finish.

Now comes the tricky part, it is vitally important you do NOT try to connect now and go into
the dialers Properties.

Go to the networking tab and change the Type of VPN to PPTP VPN as shown in the
picture below (this is optional but will shorten the time it takes to connect) then go into
Properties.

On the next window go into Advance without changing anything else.

On the next window, uncheck the Use default gateway on remote network option.

Now enter the connections credentials as you set them on the server and connect.

Thats it, you should now be able to access all the computers on your network from the XP
client Enjoy.

PPTP VPN Dialer Setup on Win7 (split tunnel)


We will create a regular VPN dialer with one note worthy exception, that we will set the
system to NOT use it as the Default Gateway when connected.
Skipping this step will limit the connecting computers surfing speed to the VPN servers
upload speed (usually slow) because all of its traffic would be routed through the VPN
connection and thats not what we want.
We need to start the connection wizard, so we will go to the Network and Sharing Center.
Click the network icon in the system tray and then Open Network and Sharing Center

In the Network center click on Set up a new connection or network.

Select Connect to a workplace and then Next.

Click on the first option of Use my Internet connection (VPN).

Set the address of your VPN server as seen from the internet either by DNS-name or IP.

Even though it wont connect now because we stil need to go into the dialers properties, Set
the username and password and hit connect.

After the connection will fails to connect (thats normal), click on Set up the connection
anyway.

Back in the Network Center, click on Change adapter settings.

Find the dialer we have just created, right click it and select Properties.

While its optional, for a faster connecting dialer, set the type of VPN to PPTP under the
Security tab.

Go to the Networking tab, select the IPv4 protocol and go into its properties.

In the next window, click Advance without changing anything else.

On the next window, uncheck the Use default gateway on remote network option.

Now enter the connections credentials as you set them on the server and connect.

Thats it, you should now be able to access all the computers on your network from the win7
client.