Setting up VPN on Linux

By | March 21, 2016

If you are trying to set up VPN on linux operating system you have come to the right place. Most people consider linux to be more advanced when compared to windows as it relates to security and stability. Just to note a few of the popular instances are linux, Centos OS, Ubunto, Linux mint etc.

Although installing some of the most common software like, Skype, Web browsers, Music players are pretty easy using the software repositories, it could be quite intimidating for a newbie to configure VPN or install a new printer if it doesn’t work out-of-box.

VPN as we know is a virtual private network and there are two types of VPN architecture (OpenVPN and PPTP VPN). We will focus on setting up VPN using PPTP VPN on Ubuntu and its derivatives

Server side setup

The server will be responsible to assign IP addresses to all the client machines in the network, be it Linux, Windows or Mac clients.

STEP 1

We need to install the PPTP package on the  server. One can simply use the standard “apt-get” command to install. It is advisable to update the repositories first. Use the following commands. It will only take a few seconds for the installation to complete.

sudo apt-get update
sudo apt-get install pptdp

STEP 2

Now you will have to edit the pptd.conf file. The file resides in the following path, “/etc/pptpd.conf”
If you have GUI you can do it with your favorite text editor (e.g. Gedit).

sudo gedit /etc/pptpd.conf

Or you could use “nano” to edit the file right from the terminal.

sudo nano /etc/pptpd.conf

If you have not used nano before, you might as well check out this discussion on Ask Ubuntu for help.

STEP 3

Add the following two lines to “pptpd.conf.”

localip 172.20.0.1
remoteip 172.20.0.100-300

What does these lines do? The VPN server will use the localip inside the VPN and an IP with in the range 172.20.0.100 to 300 (e.g., 172.20.0.120, 172.20.0.124, etc.,) will be assinged to the clients that connect to the server.

STEP 4 – Add New Users

You will have to use “nano” or a text editor or Gedit like you did with editing the pptpd.config file above. The file will have all the information about users and is stored in the following file, “/etc/ppp/chap-secrets”

Edit this file to add new users. You will have the enter certain details in the right order for this to work. First you will have to enter the client’s name, followed by the server, the password and IP address.

So a couple of new client added to the VPN might look like this.

computer1 pptpd password *
computer2 pptpd password *

You can either use a specific IP address, but it is better to use asterisk, which means that any IP address in the range assigned could be used to login.

STEP 5 – Assign DNS Server (Optional)

There are several free DNSs out there, the 2 most popular are, OpenDNS and Google’s DNS.

If you want to use OpenDNS, you should use these IP addresses 208.67.222.222 & 208.67.220.220. If you would like to use Google’s DNS, you will have to use the IPs 8.8.8.8 and 8.8.4.4. To use OpenDNS you can add these lines to the file.

ms-dns 208.67.222.222
ms-dns 208.67.220.220

STEP 6

Almost everything on the server side is done. Now it is time to wake the daemon. To start PPTPD, you will have to use the following terminal command.

service pptpd start

STEP 7

Now you need to setup proper forwarding. This time you will have to edit the file “/etc/systl.conf”
There should be the following line in this file.

net.ipv4.ip_forward = 1

If it doesn’t exist, copy paste this into the file and save the file and update it using the command,

“sysctl -p”

STEP 8

Finally if you wish the clients to communicate with one another, you will have to add the following rules.
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

In the above rule, you will have to replace “eth0” with the internet connection that is used by the server. You can use the commands, iwconfig and ifconfig to figure this out.

# iptables –table nat –append POSTROUTING –out-interface ppp0 -j
# iptables -I INPUT -s 172.20.0.0/20 -i ppp0 -j ACCEPT
# iptables –append FORWARD –in-interface eth0 -j ACCEPT

The above rule also requires you to use the correct internet connection like for the first rule. That’s it everything on the server side has been configured and clients could now handshake with the server now.

Client side setup

It really doesn’t matter what operating system the clients run. You can find tutorials to configure Windows and Mac OSX on the internet. There are even services like Switch VPN, that can help you connect you Android device to the VPN server quite easily. However, here we are going to see how one can easily setup a Debian-based client for VPN.

STEP 1 – pptp installed

The client should have pptp installed. We have already done this step on the server. You will just have to do this again on your clients with the following terminal commands on Debian-based distros.

sudo apt-get update
sudo apt-get install pptp-linux

STEP 2

Now you will have to load the ppp_mppe module, which could be triggered with the following command.

modprobe ppp_mppe

STEP 3

Create client configuration file in the following directory (/etc/ppp/peers/). You can name this file whatever you want. But you will have to remember this file name to connect to the VPN server.

pty “pptp –nolaunchpppd”
name computer1
password password
remotename PPTP
require-mope-128

If you had named this file “vpncomputer1”, you should use the following command to connect to the server.

pppd call vpncomputer1

STEP 4

Finally for proper routing, you will have to execute the following line.

ip route add 172.20.0.0/20 dev ppp0

The above steps can use used several times to add multiple clients to the server.

Leave a Reply

Your email address will not be published. Required fields are marked *