Point-to-Point Tunneling Protocol (PPTP) is a VPN tunneling protocol based on a client and server model. Microsoft Windows comes with a built-in PPTP client software, and so PPTP VPN is popular among Windows-running computers. PPTP server and client software is also available on Linux platform.
This tutorial describes how to set up a PPTP VPN server on Linux, and connect a Windows client to the server.
Install PPTP VPN Server on Linux
To set up a PPTP VPN server, you need to install PPTP VPN daemon software called pptpd.
To install pptpd on Ubuntu or Debian:
To install pptpd on CentOS, RHEL or Fedora:
First, install ppp package with yum:
Then download pptpd package:
For 32-bit system:
For 64-bit system:
Finally, go ahead and install pptpd:
Configure PPTP VPN Server
After installing pptpd, go ahead and enable IP forwarding on the server.
Now configure pptpd by adding "localip" (VPN server's IP address) and "remoteip" (VPN client's IP addresses) in /etc/pptpd.conf. In this example, the potential IP address of a VPN client is 10.0.0.2 or any IP address between 10.0.0.10 and 10.0.0.30.
localip 10.0.0.1 remoteip 10.0.0.2,10.0.0.10-30
Configure local DNS servers in /etc/ppp/pptpd-options. For example, you could add public DNS servers provided by Google.
ms-dns 126.96.36.199 ms-dns 188.8.131.52
Configure user authentication using CHAP in /etc/ppp/chap-secrets. In this example, "alice" is a client's user name, "pptpd" is server, "dfs" is secret, and "*" represents the allowed IP addresses of clients. In this case, any IP address is allowed.
alice pptpd dfs *
Restart pptpd daemon:
On Debian, Ubuntu or Linux Mint:
On CentOS or RHEL:
Optionally, if the VPN server is behind a proxy, you need to set up port forwarding on TCP port 1723, which is used for VPN control channel.
Set Up a PPTP VPN Client on Windows XP
Create a virtual private network connection.
Go to "Properties", choose "Security" tab, and mark "Advanced (custom settings)". In the custom settings, choose "Maximum strength encryption (disconnect if server declines)". If you do not perform this last step, you may get the following error in PPTP VPN server side (in /var/log/syslog).
GRE: Bad checksum from pppd" error on the PPTP VPN server side
The "bad GRE checksum" error can also originate from router/AP's incapability of handling GRE packets. Some consumer-grade routers, wireless APs, or cable modems have a web-based management interface where you can enable or disable PPTP passthrough" or "GRE passthrough" feature. So it is a good idea to check the management interface of your router/AP if PPTP VPN traffic goes through the router/AP.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.