Set up Linux PPTP Client from the Terminal
Category : How-to
A Virtual Private Network, or VPN, allows the client computer to connect to a remote local network to use it’s resources such as printers and file shares. There are several types of VPN such as PPTP and LP2SEC with varying types of protection. PPTP is not the most secure type of VPN but its the easiest to set up.
PPTP has numerous security risks which means that the data you are transferring through your VPN can easily be unencrypted. L2TP/IPsec is becoming the standard VPN technology of choice. PPTP should not be used unless security of each end point and the data transferred is not required.
Take the quick VPN Poll to tell us what type of VPN you use.
This tutorial assumes you have a PPTP server already set up with the following details:
- Hostname: pptp.jamescoyle.net
- Username: pptpuser
- Password: pptppassword
Open a Terminal and install the required PPTP client packages.
apt-get install pptp-linux network-manager-pptp
Create a credentials file with the username and password of the PPTP server:
vi /etc/ppp/chap-secrets
Add your entry using the below attributes
- [USER] – user name to log in to the VPN server
- [SERVER] – name of server to use, PPTP in our case.
- [SECRET] – password of the above [USER].
- [IP] – ip of the server, * means all IPs.
[USER] [SERVER] [SECRET] [IP]
Example:
pptpuser PPTP pptppassword *
Create a file which will be executed when the PPTP connection is started. This can contain additional commands to run when the connection is started such as adding new routes or firewall exceptions.
vi /etc/ppp/ip-up.d/route-traffic
The below examle script adds a route from the PPTP connection to any computers on the PPTP servers local network with IPs in the 10.0.0.0 or 192.0.0.0 ranges. This means that on the PPTP client, any machines on the above IP ranges will be accessible. This script may not be required for your environment and is simply used as an example. Note: a route should automatically be added to your VPN gateway.
#!/bin/bash
NET1="10.0.0.0/8"
NET2="192.0.0.0/8"
IFACE="ppp0"
route add -net ${NET1} dev ${IFACE}
route add -net ${NET2} dev ${IFACE}
Allow execution of the script:
chmod +x /etc/ppp/ip-up.d/route-traffic
Add the PPTP client connection pool and any additional settings which are required. The connection name, jamescoyle.net, can be changed to suite your connection.
vi /etc/ppp/peers/jamescoyle.net
Add the details of the PPTP server. The below are the basic options required to connect to the server using mppe-128 encryption. Edit the below attributes to match your environment:
- [USER] – user name to log in to the VPN server
- [HOST] – host name or IP address of the PPTP server.
pty "pptp [HOST] --nolaunchpppd" name [USER] remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam jamescoyle.net
You must add rules to your firewall to allow connections to and from this interface as well as through your existing public interface to make the PPTP connection. The below rules open all traffic on the new pptp interface using iptables. You may need to change this once the connection has been tested to increase security.
iptables -A INPUT -i pptp -j ACCEPT iptables -A OUTPUT -o pptp -j ACCEPT
Finally you will need to start your PPTP client connection. Use pon and poff to start and stop your PPTP client. Replace [CONNECTION] with the name you gave to the file in /etc/ppp/peers/.
pon [CONNECTON] poff [CONNECTION]
See my script on automatically detecting a disconnect and restarting the PPTP client connection.
9 Comments
Fred
28-Mar-2015 at 11:37 amiptables -A OUTPUT -i pptp -j ACCEPT
gives
Can’t use -i with OUTPUT
Guy
2-Apr-2015 at 8:22 amTry
iptables -A OUTPUT -o pptp -j ACCEPT
Antibios
25-Apr-2015 at 5:47 pmI followed this exactly and tried it twice but on Raspbian I do not end up with a new ppp0 connection when I do “pon htpcsrv” and then ip addr show
Simon
11-Nov-2015 at 7:50 amThis guide does not work, no errors just no vpn, wget http://ipinfo.io/ip -qO – still shows official ip
Marcus Westin
27-Nov-2015 at 3:59 pmThis guide instructs you how to access resources on a remote network. If you want to tunnel your internet traffic through the PPTP connection you need to configure routing for it:
in /etc/ppp/ip-up.d/route-traffic add for example:
#!/bin/bash
NET1=”192.168.0.0/24″
NET2=”0.0.0.0/0″
IFACE=”ppp0″
route add -net ${NET1} dev ${IFACE}
route add -net ${NET2} dev ${IFACE}
0.0.0.0/0 will route everything through the connection, instead of just traffic to 192.168.0.0.
Louis Kidd
31-Jan-2016 at 1:00 pmHi everyone after hours of trying to get this to work
here is my bash script, its really simpy and it automatically routes all traffic through my vpn connection
#!/bin/bash
RouterIP=”192.168.0.1″
VPNIP=”myVPNServerIP” #this is the public IP
NET1=”192.168.0.0/24″
NET2=”0.0.0.0/0″
IFACE=”ppp0″
route add -net ${NET1} dev ${IFACE}
route add -net ${NET2} dev ${IFACE}
route add -net ${VPNIP} netmask 255.255.255.255 gw ${RouterIP}
Sasitha Asaranga
9-Aug-2017 at 4:40 amhow to do this if the type is IKEv2 ?
AlanH
3-Sep-2017 at 1:53 pmThank you all for trying to be helpful. I’m struggling mostly because the replies, as well as the original article, do not say explicitly where the config should be done, i.e. on a Client host or a Server host. Without this vital piece of info there are too many permutations to have to try. (I hear people saying “It should be obvious.”) I’ve been trying to get a pptp tunnel up for hours from an Ubuntu 14.04 Client host to an Ubuntu 14.04 Server host without success. Using a RaspiB3 for the Server worked first time.
Todor Dragnev
15-Dec-2017 at 11:31 amHi,
you can replace static with following (since script receive connection arguments from ppp):
DEVICE=$1
SPEED=$2
LOCAL_IP=$3
REMOTE_IP=$4
PPTP_SERVER=$5
ip ro add ${NET1} via ${REMOTE_IP} dev ${DEVICE}