Recently I had to set up VPN server on my Ubuntu server 10.04.
Yes, Ubuntu 10.04 is old but the following guide will also work for latest Ubuntu systems as well.
pptpd is the VPN server that provides microsoft VPN protocol, which will mostly work fine with any vpn connection from Windows, OSX, or iOS systems.
Anyway, here are the steps for installing and configuring pptpd:
1. Install pptpd
sudo apt-get install pptpd
2. Configure your IP
sudo vi /etc/pptpd
(Use nano if you are not familiar with vi/vim)
At the last two bottom lines, pptpd would already have configured localip and remoteip according to your system. If not, you should modify it.
For example, if your server’s IP is 192.168.0.20, then you may configure as follows:
localip 192.168.0.20
remoteip 192.168.0.230-239
It will make pptpd to use server ip address as 192.168.0.20 while vpn clients that access to this server will use remove ip range from 192.168.0.230 – 192.168.0.239. It also means, you will allow only 10 multiple vpn client connections at a time. You can increase it if you want, but make sure remoteip range doesn’t overlap with localip.
3. Configure ppp options
In your /etc/pptpd/conf file, there may be options file location. It probably will be /etc/ppp/pptpd-options. Let’s open it and make sure we have right encryption level.
sudo vi /etc/ppp/pptpd-options
Do not allow pap, chap, and mschap.
refuse-pap
refuse-chap
refuse-mschap
Allow ms-chapv2 (which is more secure) and mppe-128.
require-mschap-v2
require-mpp3-128
I think those are already default option. If so, you don’t need to make any change.
Also, you need to configure DNS. Check /etc/resolve.conf if your server already have configured DNS. If that address is 22.22.22.22 and 22.22.22.23 configure ms-dns as
ms-dns 22.22.22.22
ms-dns 22.22.22.23
Otherwise you may use Google’s DNS server.
ms-dns 8.8.8.8
ms-dns 8.8.4.4
4. Configure account for user
Lastly, you should configure user account for the VPN connection.
sudo vi /etc/ppp/chap-secrets
And add
testuser pptpd testpassword *
Then you may be able to connect to VPN with ID=testuser PW=testpassword.
Note that if you use special characters like “#” in the password, that will cause trouble. I recommend to use just alphanumeric for your password. Also, make sure your chap-secrets file in unix CRLF format. (I spent couple of hours to find the problem that pptpd didn’t let me log in–it was due to chap-secrets file)
5. Restart pptpd
You can simply
sudo server pptpd start
to start the pptpd server or
sudo server pptpd restart
to restart pptpd.
6. Check what’s going on with syslog
If VPN doesn’t work, you may want to check out what’s going on under the hood. All the message will be recorded through syslog. So
sudo tail -f /var/log/messages
will show you any log associated with pptpd.
I hope this helps whom wants to run VPN server on Ubuntu.
Cheers,