Set-up PPTP virtual private network (VPN) server on Ubuntu Linux

This is short guide how to set-up VPN service on Ubuntu Linux server. VPN is intended to secure your internet traffic against local snooping by encrypting the traffic and tunneling it out from known good server. Possible use cases are

  • Secure your organization internal traffic between home office, mobile devices an the office
  • Hide internet traffic from the big brother
  • Spoof your location for TV and video streams: you are renting a server in a different country, like US, allowing you to watch US only video streams
  • Spoof your location for iPhone / iPad / iPod / Android apps
  • Visit sites which are otherwise unreachable (though in this case an SSH tunnel + SOCKS proxy is easier to set-up, more lightweight, alternative)
  • Test mobile applications against local servers during mobile app development

These instructions set-up VPN using PPTP protocol which is widely supported. After the server has been set-up you can use any modern OS or device to connect to the VPN: Windows, OSX, Linux, iOS, Android, etc.

1. Prerequisitements

  • Basics of UNIX command line (the hacker typing thing)
  • Basics of Linux server administration

2. Setting up PPTP daemon

We are using (old) Ubuntu 8.04 server though instructions should apply for later Ubuntu versions too. These installation instructions are restart free – however few commands must be placed into /etc/rc.local file to make the changed settings persist over Linux restarts.

First install some free software

sudo apt-get install pptpd telnet iptables

Pick up your server public fixed IP address. Usually this is what you see in ethernet 0 adapter.


Then edit /etc/pptpd.conf

sudo nano /etc/pptpd.conf

(Use sudo nano for editing other files too later in this tutorial)

Uncomment and change the localip line to your server public IP address


Then edit /etc/ppp/pptpd-options

Make PPTP service to give DNS name resolving servers for the VPN clients. In optimal case you use the DNS server from your server provider, but Google’s public DNS servers (below) work fine:

sudo nano /etc/ppp/pptpd-options

Uncomment and change ms-dns lines to


Edit /etc/ppp/chap-secrets as sudo and add your PPTP username and password (plaintext)

sudo nano /etc/ppp/chap-secrets 

# Secrets for authentication using CHAP
# client    server    secret            IP addresses
opensource  pptpd     hacker            *

Run the following commands to enable IP NAT routing on your server (allows piping traffic through the public IP of the server):

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
sudo sysctl net.ipv4.ip_forward=1

These settings above are effective only until the server restart. Put them into /etc/rc.local start-up script file to make sure Linux runs them on the start-up.

Restart PPTP daemon to make it read settings again

sudo /etc/init.d/pptpd restart

3. Setting VPN PPTP client

For the VPN client (iPad, Windows, OSX, Ubuntu Network Manager) the settings would be for the example above:

  • Protocol: PPTP
  • Server: your server public IP or DNS name
  • Login: opensource
  • Password: hacker
  • Encryption level: auto (or it should pick secure MPPE 128 by default)
  • Send all traffic: Yes (will forward all traffic through VPN, not just one inside your VPN devices)

4. Troubleshooting

If the VPN traffic is not going through, i.e. your internet stops working when VPN client is active, here are some instructions to pinpoint where the error happens.

Inspect the server syslog while connecting to the VPN service

sudo tail -f /var/log/syslog

These lines are “normal”:

Oct 22 18:34:05 ubuntu pppd[19129]: Plugin /usr/lib/pptpd/ loaded.
Oct 22 18:34:05 ubuntu pppd[19129]: pppd 2.4.4 started by root, uid 0
Oct 22 18:34:05 ubuntu pppd[19129]: Using interface ppp0
Oct 22 18:34:05 ubuntu pppd[19129]: Connect: ppp0 <--> /dev/pts/1
Oct 22 18:34:05 ubuntu pptpd[19128]: GRE: Bad checksum from pppd.
Oct 22 18:34:08 ubuntu pppd[19129]: MPPE 128-bit stateless compression enabled
Oct 22 18:34:09 ubuntu pppd[19129]: Cannot determine ethernet address for proxy ARP
Oct 22 18:34:09 ubuntu pppd[19129]: local  IP address x.x.x.x
Oct 22 18:34:09 ubuntu pppd[19129]: remote IP address

On the client side, try to use ping command to reach servers by IP address to determine if you have problems with DNS set-up

  • Your server public IP
  • (Internet IP, Google’s public DNS server)

E.g. run the command


.. and see if the packets go through.

If you manage to ping numeric IPs, but not the problem is with DNS settings.

After the traffic is flowing through check the public IP address your device using!what+is+my+ip

It should give your VPN server IP address instead of your lcoal public IP address.

5. Random notes

  • iOS devices and Android devices also may use crowdsourced WLAN / 3G station data for determining yout location, so you might need to spoof your local WLAN connection somehow
  • To determine if WLAN is being used just open Google Maps, show your location and if it doesn’t go to the location of VPN server then it is using your WLAN position
  • Practical workaround: Just set a temporary tethering WLAN access point using your mobile phone (e.g. Android) and walk to somewhere where your device cannot hear WLAN to work around this – most of apps check the location only once during the launch


\"\" Subscribe to RSS feed Follow me on Twitter Follow me on Facebook Follow me Google+

3 thoughts on “Set-up PPTP virtual private network (VPN) server on Ubuntu Linux

  1. I can successfully connect from Windows 7 to Debian PPTP but i can’t send any traffic through the VPN.
    If i run “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE” i cannot connect anymore and “sysctl net.ipv4.ip_forward=1” doesn’t help …

  2. Pingback: Bien configurer son serveur dédié sous Ubuntu 12.04 LTS | Anthony Dahanne's blog

  3. Hi..
    I get vpn connection and I am able to connect to all my servers in the vpn environment but my internet from my desktop “windows 7” stop working. Basically it resolves and it waits for google or any internet sites to respond.
    from my window desktop I am able to ping any internet site.

Leave a Reply

Your email address will not be published. Required fields are marked *