This article will walk you through enabling PPTP VPN on your server to serve as a web proxy.
Connecting to the Server with SSH
First, let’s use SSH to connect to your remote server. See how to lease a server from a hosting server provider here if you do not yet have one.
The default username for Ubuntu on Amazon Web Services is ubuntu.
ssh -i PATH-TO-CERTIFICATE USERNAME@IP-ADDRESS
ssh -i /User/Kurt/rsa-cert.pem email@example.com
Change the permission of the certificate file to 600 if prompted “Permissions 0644 for ‘/User/Kurt/Desktop/rsa-cert.pem’ are too open.”.
chmod 600 PATH-TO-CERTIFICATE
chmod 600 /User/Kurt/Desktop/rsa-cert.pem
Or if you have enabled password authentication.
Then enter the password at prompt.
Install PPTP. Enter y for yes if prompted.
sudo apt-get install pptpd
The PPTP server needs to be configured before it can function.
Private IP Address and DNS Server for PPTP Client
Edit the config file with the nano editor. When done, control + x to exit, press “y” and “enter” to save.
sudo nano /etc/pptpd.conf
Reserve a localip address for the PPTP server and a range of remoteip to assign to PPTP clients.
localip 10.0.0.1 remoteip 10.0.0.100-200
PPTP clients need to have a valid DNS server to send DNS query to. Google DNS servers are a good choice.
sudo nano /etc/ppp/pptpd-options
Add or modify these in the file.
ms-dns 220.127.116.11 ms-dns 18.104.22.168
Adding PPTP Account
User name and password are stored in the chap-secrets file in the following format.
USERNAME SERVER PASSWORD IP
SERVER is pptpd. IP is the IP address reserved for this user, or you can use the wildcard to tell the PPTP server to pick one from the remoteip ramge.
sudo nano /etc/ppp/chap-secrets
Enter your username and password.
kurt pptpd password *
Restart the PPTP server.
service pptpd restart
And you should now be able to connect to the PPTP server with the the user name and password.
IP Forwarding and Network Address Translation (NAT)
To allow PPTP clients to access the Internet e.g. go to a website, IP forwarding needs to be enabled.
sudo nano /etc/sysctl.conf
Change net.ipv4.ip_forward to 1.
net.ipv4.ip_forward = 1
Load the new setting with sysctl command.
And a rule needs to be added to translate the source IP address of any outgoing network packet originating from the PPTP client to the IP address of the Internet network interface often the ethernet interface (eth0) so the returning network packets know the way back.
To add the rule with the iptables command.
sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
Now your PPTP client should be able to access the Internet through the PPTP VPN.
The sad thing about iptables is that it forgets this rule if the server reboots. To make this rule persistent, we need iptables-persistent.
sudo apt-get install iptables-persistent
iptables-persistent is a neat tool that reads from the /etc/iptables/rules.v4 file and apply the rules on boot. To save the rules to the /etc/iptables/rules.v4 file, we can use the iptables-save command.
The iptables-save command simply outputs all the rules that the current iptables have. We can use a chain command to put save rules to the /etc/iptables/rules.v4 file.
iptables-save > /etc/iptables/rules.v4
It is rather easy to set up a PPTP VPN server. PPTP has known security vulnerability but as a web proxy to tunnel your network traffic, it is still a good choice considering how easy it is to set up and all the major operating systems come with PPTP client installed.