Point-to-Point Tunneling Protocol (PPTP) is an implementation of the VPN technology commonly used in Microsoft products. Its main benefit is ease of use and native support in all modern Microsoft Windows operating systems.
Besides ease of use, PPTP also provides good encryption and authentication mechanisms to protect your security and privacy. The level of protection is sufficient for most common needs with varying strength depending on the specific PPTP server implementation.
Because of its ease of use and reliable protection PPTP has gained significant popularity. There are many VPN service providers which support PPTP along with other VPN technologies such as OpenVPN.
In some cases it might be feasible to set up your own PPTP server especially if you have the server resources and some technical background. Read this article to learn how you can do it.
In order to set up you own PPTP VPN server you will have to satisfy some minimal hardware and software requirements.
On the hardware part you will need a computer / server with fast and Reliable internet connection. This computer must have either external real IP address or you should be able to forward (DNAT) outside connection to it through your router.
If you decide to rent a server located in a datacenter it’s most probably going to satisfy the first networking requirement. However, if you try to set up your own server at home this might be a challenge because not all ISPs allow such connectivity. Besides that you’ll have to invest in the hardware for your home server.
The hardware requirements (CPU, Memory) of the server may vary greatly depending on the PPTP implementation, the number of PPTP clients (users) and the bandwidth use you expect.
In this article you will learn how to set up a basic PPTP with minimal hardware resources such as one or two CPUs and 512 MB RAM. Linux will be used for the PPTP server because it requires less resources without the need to pay any license fees. In contrast, if you wish to use Microsoft server you will have to pay additional licensing fees and the hardware requirements will be higher.
Thanks to the low hardware requirements you may use almost any old PC (as long as it has 512 MB RAM). If you are going to buy a new piece of hardware especially for your PPTP server, a good choice is Raspberry Pi or CubieBoard. These systems are both very affordable and consume little power.
It may also come quite reasonable to rent a server. The monthly fees for such low requirements start from $5 per month. This, in addition to the networking requirements previously mentioned usually makes renting a server a better option.
As for the software requirements, any popular Linux distribution should suffice. This article emphasizes on how to set up PPTP server with Debian / Ubuntu based OS because it is most widely supported. With other Linux OS such as Redhat / Fedora / CentOS the process is similar.
To be able to follow the instructions below you will need some basic understanding of the Linux operating system. You should know how to install packages, edit files and start/stop a service as a privileged user (sudo or root).
In Debian / Ubuntu the needed server software is called pptp and can be found in the default repositories. Thus all you have to do is run the command
apt-get install pptpd. To resolve dependencies this command will automatically install also the packages ppp and bcrelay.
To make sure that the pptp server daemon starts automatically with the server run the command
update-rc.d pptpd defaults.
Next configure the IP addresses pool. You will need to configure the local IP address of the VPN server and the remote IPs which will be assigned to the PPTP clients. For this purpose open the file /etc/pptpd.conf and add lines such as these at the bottom:
localip 192.168.0.100 remoteip 192.168.0.200-220
In the above example, 192.168.0.100 is the IP address of the PPTP server and the clients will get addresses from 192.168.0.200 to 192.168.0.220.
After that create the users and the passwords for the PPTP server. Edit the file /etc/ppp/chap-secrets like this:
# Secrets for authentication using CHAP # client server secret IP addresses pptpuser1 pptpd OneS3cr3tPass * pptpuser2 pptpd AnotherS3cr3tPass *
The above is a table with four columns as follows:
Each user should have a separate row with all the needed values as you can see from the example above.
You will also have to configure the DNS servers which will be given to the PPTP clients. If you don’t have your own DNS servers you can use Google’s (188.8.131.52 and 184.108.40.206). Specify them in the file /etc/ppp/pptpd-options like this:
ms-dns 220.127.116.11 ms-dns 18.104.22.168
Once you have done all these changes you should restart the pptp service with the command
service pptpd restart.
Finally you have to allow your PPTP clients to have external connectivity such as to various web sites and online services. For this purpose you will need an additional iptables rule to allow routing of the traffic. For this purpose run the commands:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables-save
The above will add and save a new iptables rule in your nat table to allow PPTP clients external access.
The easiest part is to configure the PPTP clients because the technology is well supported in any modern operating system.
For Windows clients you don’t need any additional software installation. You just have to follow the intuitive wizard found in Network and Sharing Center. There choose to set up a new connection or network. For more information check this PPTP client setup guide for Windows 7 or this one for Windows 8.
This article explains how easy and simple it is to set up your own PPTP VPN server. However, usually it’s better to benefit from the services of professionals who will take care of all the small details to ensure your maximum protection. If you are interested check the affordable VPN services provided by VPNTunnel.