Category:

Install VPN server on Ubuntu Server

Former_Ubuntu_logo.svg

Installation is performed from packages that are contained in the standard repository. Therefore, the server must have the latest updates installed. It is thought in advance that the server will be used to distribute the Internet.

Eth1 is a network card that has a direct connection to the Internet.

Installing required packages from the repository:

sudo aptitude install ppp pptpd iptables

After installation, you need to edit the configuration file:

sudo nano /etc/ppp/pptpd-options

Change its content:

#The name of the service provided (must be specified in the second paragraph of the file /etc/ppp/chap-secrets)
name vpn
#Disable unnecessary encryption
refuse-pap
refuse-chap
refuse-mschap
#Allow authentication of users via MS CHAP v2:
require-mschap-v2
#Enable MPPE-128 encryption
require-mppe-128
# Address of the DNS server issued by the user:
ms-dns 172.16.0.1
# We will work through NAT (iptables) on this the following parameter should be blocked
# proxyarp
# That would mess up the default route:
nodefaultroute
lock
nobsdcomp

Edit the configuration file with pptp settings:

sudo nano/etc/pptpd.conf

Change content:

option /etc/ppp/pptpd-options
logwtmp
localip 172.16.0.1
remoteip 172.16.0.2-254
# Enable the transmission of VPN clients broadcast packets,
# which the server receives via network interface eth1:
bcrelay eth1
# Watch to be commented out,
# when this option is enabled, the client IP address is not sent
# ip-up scripts via pppd daemon:
# noipparam

Edit the configuration file with the authorization of subscribers:

sudo pico /etc/ppp/chap-secrets

Change the contents:

# Secrets for authentication using CHAP
# client server secret IP addresses

your_login    vpn    your_password    *

# I think everything is clear, if not, the sequence is: username service password IP address
# A star instead of an IP address means that the subscriber can get any free address from the specified pool.

Restart the VPN server:

sudo /etc/init.d/pptpd restart

The VPN tunnel is created.

If you need access to the Internet via VPN then you need to file: /etc/rc.local before "exit 0" add:

# PPTP IP forwarding
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

eth1 network card that has access to the Internet.

In /etc/sysctl.conf you need to uncomment the line:

net.ipv4.ip_forward=1

The VPN server installation is complete.


Posted: 2013-09-20

Comments