HOWTO: Debian VPN PPTP
This tutorial will guide you how to install and configure VPN PPTP in Debian Etch. The installation is straightforward.
Note: Make sure that your VPN Server has two Network Interface Card (NIC). One for Outside Interface (where the public IP is configured) and the other is INSIDE interface (where your LAN IP is configured)
Introduction
What is PPTP? Short for Point-to-Point Tunneling Protocol, a new technology for creating Virtual Private Networks (VPNs) , developed jointly by Microsoft Corporation, U.S. Robotics, and several remote access vendor companies, known collectively as the PPTP Forum. A VPN is a private network of computers that uses the public Internet to connect some nodes. Because the Internet is essentially an open network, the Point-to-Point Tunneling Protocol (PPTP) is used to ensure that messages transmitted from one VPN node to another are secure. With PPTP, users can dial in to their corporate network via the Internet.
PPTP is known to be less secure than other VPN software, but if you need a quick solution for a VPN server that will connect out of the box from Windows workstations PPTP is the obvious choice. This post will show how easy it is to setup a pptp vnp server on Debian Etch.
Installation
apt-get install pptp
(this will install also some dependencies: bcrelay and ppp). The default pptpd configuration file is installed under /etc/pptpd.conf ; you can change any of the available options (samples are included in the configuration file as comments), but really the only thing that needs to be configured is the ip of the local server used by pptpd as the local gateway for the remote hosts and the remote users assigned ips:
localip 192.168.1.1
remoteip 192.168.1.100-120
here we will use the local ip 192.168.1.1 as the pptpd ip and the remote users will be allocated the first available ip from the range 192.168.1.100 - 192.168.1.120 (meaning we can have a maximum of 20 simultaneous vpn users connected to this pptp server). These ips are assigned based on the particular setup, being either a pair of private ips (just like in my example above) or even real ips.
The debian package also uses the file /etc/ppp/pptpd-options containing the main pptpd server configs. A typical config will look like this:
name My.VPN-PPTP
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.1.1
proxyarp
nodefaultroute
lock
nobsdcomp
noipx
mtu 1490
mru 1490# client server secret IP addresses
user * password *
and look for the logs under /var/log/syslog to troubleshoot any problems.
You can now connect to your new PPTP VPN server using the built-in pptp vpn client from any modern windows workstation (except probably vista that is broken by sp1) using the default connection settings.
