How to set up a PPTP VPN connection between Linux and Windows

Last updated on June 9, 2020 by Dan Nanni

Point-to-Point Tunneling Protocol (PPTP) is a VPN tunneling protocol based on a client and server model. Microsoft Windows comes with a built-in PPTP client software, and so PPTP VPN is popular among Windows-running computers. PPTP server and client software is also available on Linux platform.

This tutorial describes how to set up a PPTP VPN server on Linux, and connect a Windows client to the server.

Install PPTP VPN Server on Linux

To set up a PPTP VPN server, you need to install PPTP VPN daemon software called pptpd.

For Ubuntu or Debian:

To install pptpd on Ubuntu or Debian:

$ sudo apt-get install pptpd

For CentOS/RHEL 8 or Fedora:

First install ppp and its development files with the following command:

$ sudo yum install ppp-devel

Note that on CentOS/RHEL, ppp-devel is available from PowerTools repository, so you need to enable it first::

$ sudo yum config-manager --set-enabled powertools

After that, download the source code of the latest stable version of pptpd (e.g., pptpd-1.4.0.tar.gz) from the official source, and build it from the source.

$ sudo yum groupinstall 'Development Tools'
$ tar -xf pptpd-1.4.0.tar.gz
$ cd pptpd-1.4.0
$ ./configure
$ make
$ sudo make install

Configure PPTP VPN Server

After installing pptpd, go ahead and enable IP forwarding on the server.

Now configure pptpd by adding localip (VPN server's IP address) and remoteip (VPN client's IP addresses) in /etc/pptpd.conf. In this example, the potential IP address of a VPN client is 10.0.0.2 or any IP address between 10.0.0.10 and 10.0.0.30.

$ sudo vi /etc/pptpd.conf
localip 10.0.0.1
remoteip 10.0.0.2,10.0.0.10-30

Configure local DNS servers in /etc/ppp/pptpd-options. For example, you could add public DNS servers provided by Google.

$ sudo vi /etc/ppp/pptpd-options
ms-dns  8.8.8.8
ms-dns  8.8.4.4

Configure user authentication using CHAP in /etc/ppp/chap-secrets. In this example, alice is a client's user name, pptpd is server, dfs is secret, and * represents the allowed IP addresses of clients. In this case, any IP address is allowed.

$ sudo vi /etc/ppp/chap-secrets
alice pptpd dfs *

Restart pptpd daemon:

On Debian, Ubuntu or Linux Mint:

$ sudo /etc/init.d/pptpd restart

On CentOS or RHEL:

$ sudo service pptpd restart

On Fedora:

$ sudo systemctl restart pptpd

Optionally, if the VPN server is behind a proxy, you need to set up port forwarding on TCP port 1723, which is used for VPN control channel.

Set Up a PPTP VPN Client on Windows

Create a virtual private network connection.

Go to Properties, choose Security tab, and mark "Advanced (custom settings)". In the custom settings, choose "Maximum strength encryption (disconnect if server declines)". If you do not perform this last step, you may get the following error in PPTP VPN server side (in /var/log/syslog).

GRE: Bad checksum from pppd" error on the PPTP VPN server side

The "bad GRE checksum" error can also originate from router/AP's incapability of handling GRE packets. Some consumer-grade routers, wireless APs, or cable modems have a web-based management interface where you can enable or disable "PPTP passthrough" or "GRE passthrough" feature. So it is a good idea to check the management interface of your router/AP if PPTP VPN traffic goes through the router/AP.

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal or credit card

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.

Xmodulo © 2021 ‒ AboutWrite for UsFeed ‒ Powered by DigitalOcean