PPTP is known to be less secure than other VPN software, but if you need a quick solution for a VPN server that will connect out of the box from Windows workstations PPTP is the obvious choice. This post will show how easy it is to setup a pptp vnp server on Debian Etch.
A while ago setting up a pptp server was not so simple. It involved patching the kernel and the ppp daemon. These days in Debian Etch everything comes out of the box and we just have to install the pptpd server and configure it based on our needs. First let’s install pptpd:
(this will install also some dependencies: bcrelay and ppp). The default pptpd configuration file is installed under /etc/pptpd.conf ; you can change any of the available options (samples are included in the configuration file as comments), but really the only thing that needs to be configured is the ip of the local server used by pptpd as the local gateway for the remote hosts and the remote users assigned ips:
here we will use the local ip 192.168.1.1 as the pptpd ip and the remote users will be allocated the first available ip from the range 192.168.1.100 – 192.168.1.120 (meaning we can have a maximum of 20 simultaneous vpn users connected to this pptp server). These ips are assigned based on the particular setup, being either a pair of private ips (just like in my example above) or even real ips.
The debian package also uses the file /etc/ppp/pptpd-options containing the main pptpd server configs. A typical config will look like this:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
Finally, you will need to add your vpn users in /etc/ppp/chap-secrets, each user on a separate line using the regular pppd format:
To limit connections from specific hosts, add the allowed ip instead of the * at the end.
Activate the changes restarting the pptp server:
and look for the logs under /var/log/syslog to troubleshoot any problems.
You can now connect to your new PPTP VPN server using the built-in pptp vpn client from any modern windows workstation (except probably vista that is broken by sp1) using the default connection settings.