Tuesday, October 25, 2011

Installing pptpd vpn on Ubuntu


This post explains how to install pptpd vpn server on ubuntu. It is tested on Ubuntu 11.04 and will work with other Ubuntu and Debian vps.

This is implement on a openvz vps. So there are two parts. Part one needs to be done on Node server and part two is need to be done on the vps. In case if you are working in a dedicated server you have to do both on the dedicated server.

Part one:
on the node:

Find the VEID of your vps. If you dont have access ask your vps provider to enable ppp and nat
[root@Node ~]# vzlist -a | grep 184.x.x.x
       [VEID]         20 running   184.x.x.x vps

Loading modules needed for ppp
[root@Node ~]# modprobe ppp_mppe
[root@Node ~]# modprobe ppp_deflate
[root@Node ~]# modprobe zlib_deflate
[root@Node ~]# modprobe ppp_async
[root@Node ~]# modprobe ppp_generic
[root@Node ~]# modprobe slhc
[root@Node ~]# modprobe crc_ccitt

Checking the modules
[root@Node ~]#  lsmod | grep ppp
ppp_async              45056  0
crc_ccitt              35200  1 ppp_async
ppp_deflate            39168  0
zlib_deflate           52760  1 ppp_deflate
ppp_mppe               39816  0
ppp_generic            63632  3 ppp_async,ppp_deflate,ppp_mppe
slhc                   39680  1 ppp_generic

Enabling ppp for the vps with VEID [VEID]:
You have to stop the vps first:
[root@Node ~]# vzctl stop [VEID]
Stopping container ...
Container was stopped
Container is unmounted

Now setting the parameters:
[root@Node ~]# vzctl set [VEID] --features ppp:on --save
Saved parameters for CT [VEID]
[root@Node ~]# vzctl set [VEID] --devices c:108:0:rw --save
Saved parameters for CT [VEID]
[root@Node ~]# vzctl start [VEID]
Starting container ...
Container is mounted
Adding IP address(es):
Setting CPU limit: 100
Setting CPU units: 1000
Setting CPUs: 1
Setting devices
Set hostname: vps
File resolv.conf was modified
Setting quota ugidlimit: 10000
Container start in progress...
[root@Node ~]# vzctl exec [VEID] mknod /dev/ppp c 108 0
[root@Node ~]# vzctl exec [VEID] chmod 600 /dev/ppp

Enabling NAT on openvz vps:
[root@Node ~]# vzctl stop [VEID]
[root@Node ~]# vzctl set [VEID]  --iptables ipt_REJECT --iptables ipt_tos --iptables ipt_TOS --iptables ipt_LOG --iptables ip_conntrack --iptables ipt_limit --iptables ipt_multiport --iptables iptable_filter --iptables iptable_mangle --iptables ipt_TCPMSS --iptables ipt_tcpmss --iptables ipt_ttl --iptables ipt_length --iptables ipt_state --iptables iptable_nat --iptables ip_nat_ftp --save
[root@Node ~]# vzctl start [VEID]

Part two:
Inside vps:
Searching the package pptpd on Ubuntu vps:
root@vps:~# apt-cache search pptp
pptpd - PoPToP Point to Point Tunneling Server

Installing the pptpd package:
root@vps:~# apt-get install pptpd

Testing the ppp module:
root@vps:/# /usr/sbin/pppd
~ÿ}#À!}!}!} }4}"}&} } } } }%}&} 3ä}'}"}(}"P};~~ÿ

Configuring the local ip and remote ip range for the vpn connections:
root@vps:/# vi /etc/pptpd.conf

Setting the DNS ip address for the vpn clients
root@vps:/# vi /etc/ppp/pptpd-options

masquerading the vpn client ips to the vps ip address
root@vps:/# iptables -t nat -A POSTROUTING -s -o venet0 -j MASQUERADE

Saving the iptables rules:
root@vps:/# iptables-save > /etc/iptables.conf

Writing iptables restore script:
root@vps:/# cat /etc/network/if-up.d/iptables
iptables-restore < /etc/iptables.conf

Giving the execute permission for the restore script:
root@vps:/# chmod +x /etc/network/if-up.d/iptables

Enable packet forwarding:
root@vps:/# vi /etc/sysctl.conf
root@vps:/# sysctl  -p
net.ipv4.ip_forward = 1

Creating vpn users for pptpd
root@vps:/# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
vpn     pptpd   abc123$ *

Restarting the service.
root@vps:/# /etc/init.d/pptpd restart
Restarting PPTP:
Stopping PPTP: pptpd.
Starting PPTP Daemon: pptpd.

Thats it. Enjoy. Leave comments.

No comments:

Post a Comment

Be nice. That's all.