How to set up a PPTP VPN connection between Linux and Windows XP

Point-to-Point Tunneling Protocol (PPTP) is a VPN tunneling protocol based on a client and server model. Microsoft Windows comes with a built-in PPTP client software, and so PPTP VPN is popular among Windows-running computers. PPTP server and client software is also available on Linux platform.

This tutorial describes how to set up a PPTP VPN server on Linux, and connect a Windows client to the server.

Install PPTP VPN Server on Linux

To set up a PPTP VPN server, you need to install PPTP VPN daemon software called pptpd.

To install pptpd on Ubuntu or Debian:

$ sudo apt-get install pptpd

To install pptpd on CentOS, RHEL or Fedora:

First, install ppp package with yum:

$ sudo yum install ppp -y

Then download pptpd package:

For 32-bit system:

$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.i686.rpm

For 64-bit system:

$ wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.3.4-2.el6.x86_64.rpm

Finally, go ahead and install pptpd:

$ sudo rpm -Uhv pptpd-1.3.4-2.el6.xxx.rpm

Configure PPTP VPN Server

After installing pptpd, go ahead and enable IP forwarding on the server.

Now configure pptpd by adding "localip" (VPN server's IP address) and "remoteip" (VPN client's IP addresses) in /etc/pptpd.conf. In this example, the potential IP address of a VPN client is 10.0.0.2 or any IP address between 10.0.0.10 and 10.0.0.30.

$ sudo vi /etc/pptpd.conf
localip 10.0.0.1
remoteip 10.0.0.2,10.0.0.10-30

Configure local DNS servers in /etc/ppp/pptpd-options. For example, you could add public DNS servers provided by Google.

$ sudo vi /etc/ppp/pptpd-options
ms-dns  8.8.8.8
ms-dns  8.8.4.4

Configure user authentication using CHAP in /etc/ppp/chap-secrets. In this example, "alice" is a client's user name, "pptpd" is server, "dfs" is secret, and "*" represents the allowed IP addresses of clients. In this case, any IP address is allowed.

$ sudo vi /etc/ppp/chap-secrets
alice pptpd dfs *

Restart pptpd daemon:

On Debian, Ubuntu or Linux Mint:

$ sudo /etc/init.d/pptpd restart

On CentOS or RHEL:

$ sudo service pptpd restart

On Fedora:

$ sudo systemctl restart pptpd

Optionally, if the VPN server is behind a proxy, you need to set up port forwarding on TCP port 1723, which is used for VPN control channel.

Set Up a PPTP VPN Client on Windows XP

Create a virtual private network connection.

Go to "Properties", choose "Security" tab, and mark "Advanced (custom settings)". In the custom settings, choose "Maximum strength encryption (disconnect if server declines)". If you do not perform this last step, you may get the following error in PPTP VPN server side (in /var/log/syslog).

GRE: Bad checksum from pppd" error on the PPTP VPN server side

The "bad GRE checksum" error can also originate from router/AP's incapability of handling GRE packets. Some consumer-grade routers, wireless APs, or cable modems have a web-based management interface where you can enable or disable PPTP passthrough" or "GRE passthrough" feature. So it is a good idea to check the management interface of your router/AP if PPTP VPN traffic goes through the router/AP.

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.
Your name can also be listed here. Write for us as a freelancer.

5 thoughts on “How to set up a PPTP VPN connection between Linux and Windows XP

  1. Thanks for sharing this such a great information! I really appreciate your work. I shared this awesome PPTP VPN information to my all facebook and twitter friends because this link helps for everyone.

  2. I have setup a PPTP server on my own server(fedora 13). But when I try to use my mobile phone or my PC to connect my PPTP server, it says PPTP server hang up,username or password is wrong. But I checked my username and password, they are ok. In my PPTP server log, something like this:

    CTRL: Client 41.74.66.70 control connection started
    CTRL: Starting call (launching pppd, opening GRE)
    Warning: can't open options file /root/.ppprc: Permission denied
    Plugin /usr/lib/pptpd/pptpd-logwtmp.so loaded.
    pptpd-logwtmp: $Version$
    pppd 2.4.5 started by root, uid 0
    Using interface ppp0
    Connect: ppp0 /dev/pts/1
    GRE: Bad checksum from pppd.
    GRE: read(fd=7,buffer=80515c0,len=8260) from network failed: status = -1 error = Protocol not available
    CTRL: GRE read or PTY write failed (gre,pty)=(7,6)
    Modem hangup
    Connection terminated.
    Exit.
    CTRL: Client 41.74.66.70 control connection finished

    • "GRE: Bad checksum from pppd."

      If your mobile phone, or client PC connects to the PPTP server via a wireless router/AP, it might be that GRE packets are not getting through the router/AP. Most routers/APs have a web-based management interface, where you can enable/disable "PPTP passthrough" or "GRE passthrough" option. Try and see if you can enable that option on your router/AP.

Leave a comment

Your email address will not be published. Required fields are marked *

Current ye@r *