{ 58 comments… read them below or add one }

1 Karl O. Pinc June 13, 2007 at 4:46 pm

Obligitory post to point out that Microsoft’s PPTP was, as initially implimented, very insecure. It may be that Microsoft has completely rewritten it since then and fixed every problem, I don’t know. Wikipedia says it can be compromized if MSCHAP-V2 is used and user’s choose weak passwords, so you’d want to try to avoid MSCHAP-V2. It appears to me that this article configures PPTP with MSCHAP-V2. You’d also need to check all your Microsoft Windows machines to be sure they’re not using a broken implimentation.

An easy alternative is OpenVPN, which has a MS Windows installer and is all-around easy to impliment.

Reply

2 Syed Zaigham Ali September 24, 2010 at 1:12 pm

Dear all fellows,

i have installed Linux i.e ubuntu 10.04 on my PC in which i have installed pptp client and able to connect it successfully but problem is that it unable to browse internet. in windows it works fine.
Kindly help me out.
Regard,
Syed Zaigham Ali

Reply

3 Mahesh September 24, 2010 at 2:55 pm

Check u r gateway using “route -n” command.Try to post u r output.

Reply

4 Syed Zaigham Ali August 3, 2011 at 9:49 am

Yes mahesh it was a gateway problem. My service provider didn’t want to tell the gateway and network address and said that install windows we did’t provide services on Linux. But Finally i knew it and using internet on UBUNTU…:)

Reply

5 nixCraft June 13, 2007 at 5:59 pm

Kari,

The PPTP is not secure enough for some information security policies and I personally like to use OpenVPN. PPTP is known to be a faulty protocol and your link in FAQ proves the same. This tutorial is for those who can’t switch to OpenVPN.

Appreciate your post!

Reply

6 Allen July 4, 2007 at 5:15 pm

Great guide! This helped me get beyond my problems using the GUI tools, which don’t report all the info. Also, the “fault tree” link on the pptpclient page is a good debugging resource.

I appreciate the command line tool approach, as that shows you more what is happening under the covers, and to test your config step by step.

Reply

7 adnan July 8, 2007 at 1:52 pm

Hi,
I need to connect my linux centos4.4 server to VPN windows 2003. I tried to install pptpclient while I do not have apt-get and use
yum –enablerepo=pptp-stable install pptpconfig with independencies error

Error: Missing Dependency: libxml.so.1 is needed by package php4-pcntl-gtk
Error: Missing Dependency: libglade.so.0 is needed by package php4-pcntl-gtk

Please help me I will be thankfull
Regards
Adnan

Reply

8 Carlos March 4, 2011 at 4:06 am

I have this problem….

Reply

9 Alex June 24, 2011 at 2:21 pm

Try to install rpm pptp instead of pptpconfig and use command line for further configuring.

Reply

10 Arulkumar January 20, 2008 at 1:33 pm

Hi

My Lan is connected to internet using the Linux firewall and ADSL Modem.

My Lan Architecture:
vpnclient–>Linux–>ADSL MODEM–>net–>VPNSERVER

From ADSL modem asigned public IP.

Now My Question??

How I will connect my LAN(VPN client) to server.
Please help me out.

I will be thankfull
Arul

Reply

11 Alex June 24, 2011 at 2:26 pm

If your ADSL modem is in the bridge mode, and Linux firewall performs NAT for vpnclient, you should connect to VPNSERVER without problems. However, you may need to tune the firewall on the linux box (FORWARD chain) and load ip_nat_pptp kernel module (via modprobe command).

Reply

12 ramsam February 24, 2008 at 9:47 pm

Hello !

I set up pptpd on ubuntu 6.10
i did manage to connect to the pptpd server
but I am having issues with my default gateways.
my clients are windows boxes.
I connect to the VPN and this is what i see in my
PPP adapter ramsam:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
Physical Address. . . . . .:00-53-45-00-00-00
Dhcp Enabled. . . . : No
IP Address. . . . . . : 192.168.1.50
Subnet Mask . . . . . : 255.255.255.255
Default Gateway . . . : 192.168.1.50
DNS Servers . . . . . : 192.168.1.1
4.2.2.2
How do I make sure my vpn clients get the default gateway of 192.168.1.1 and why is it taking the ipaddress assigned to it as the gw.
my DHCP runs on my router 192.168.1.1

Reply

13 Alex June 24, 2011 at 2:30 pm

It’s because windows considers that VPN-connection route is more preferable than your default route. To avioid this problem try to uncheck
the option “use default gateway in remote network” in TCP-IP options of VPN-connection (“Advanced…” button).

Reply

14 stevo March 19, 2008 at 11:00 pm

It simply does not work
No default route set, no connection at all

I had to go back to WindowsXP

Reply

15 Rodent May 23, 2011 at 12:31 pm

I know this is a very old thread, but I had the same problem with the local campus network. No Default Route to x.x.x.x.
The fix turned out to be really easy.

sudo route add default gw 10.25.10.1

and bingo it started working, hope this helps someone in the future.
p.s. replace the 10.25.10.1 with the address of YOUR gateway.

Reply

16 majid June 29, 2008 at 1:13 pm

in my system there is no item by this name “pptp tunnel”

pls help me!!

Reply

17 Chris September 1, 2008 at 12:34 pm

I’m using Arch Linux (all current), and it worked perfectly. Thanks for the help!

Reply

18 Varghese M October 8, 2008 at 10:24 pm

Excellent article! I was able to setup this one without much difficulty on CentOS 5. Thanks a lot!

Reply

19 Sandip Shah December 6, 2008 at 9:16 pm

Worked perfectly on my Ubuntu system.

Vivek – you can add a note in your excellent article – ’10.0.0.0/8′ this is the network at the work place. For example the VPN server that I am trying to connect to is on the network ’192.168.17.0/24′.

I just had to make that change to the config file – route-traffic – and everything worked fine.

Reply

20 George Kharmujai February 15, 2011 at 7:57 pm

Thanks Sandip.

I didnt realise this one…now my VPN connection its working great!

Reply

21 James West January 15, 2009 at 12:27 am

hello.
Thanks for the tutorial! worked great!

I have come across a problem though. The connection times out every 1000 minutes or so.

Does anyone have any ideas on what could be causing this?

Thanks!

Reply

22 Igor Sotelo January 29, 2009 at 7:36 pm

There is an OpenSource alternative to Microsoft PPTP Server, and is called PopTop. Runs on Linux, however works only with 128 bits encryption and MS CHAP v2 authentication that are the least insecure PPTP options.

Best Regards.

Reply

23 Alex June 24, 2011 at 2:33 pm

And one more alternative is pptpd (vpn-server implementing PPTP protocol)

Reply

24 Bryan February 12, 2009 at 1:24 pm

I know this is an old thread, but I followed these instructions and my VPN connection worked great. Then later on it stopped working and I couldn’t determine why for the longest time. I thought Firestarter may have been the culprit, so I uninstalled it. Didn’t help. Finally last night I uninstalled other vpn software I had loaded, but wasn’t using: OpenSwan, IKE and probably a couple others. And viola, my PPTP VPN connection began working again.

Reply

25 p sky March 22, 2009 at 2:16 am

Very good explanation, but the repository appears not to be valid. I have not been able to find a new one, so I am in dependancy hell trying to get it to work. If anybody knows the door out let me know. :)

Reply

26 fvaw April 3, 2009 at 9:45 pm

Could you please update the GUI settings for the Jaunty?

Reply

27 eric May 24, 2009 at 5:45 pm

Hi,

I have small problem ,i already using ppptd and now running but i have ip still using DHCP (old ISP/IP Private) not from ip vpn (new ISP/IP Public) ,what cause this ?

i tried to ping from network-tools.com and the message is ” Timed out ” but i can ping the vpn gateway also got reply quickly.

log message :
May 24 12:28:30 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
May 24 12:28:30 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 ‘Outgoing-Call-Request’
May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer’s call ID 27914).
May 24 12:28:31 cpe-134-112 pppd[15906]: CHAP authentication succeeded
May 24 12:28:31 cpe-134-112 pppd[15906]: CCP terminated by peer (No compression negotiated)
May 24 12:28:31 cpe-134-112 pppd[15906]: Compression disabled by peer.
May 24 12:28:31 cpe-134-112 pppd[15906]: local IP address 202.147.201.119
May 24 12:28:31 cpe-134-112 pppd[15906]: remote IP address 202.147.205.1

Let me know about this..

thanks,

Reply

28 Ajinkya May 25, 2009 at 5:02 am

Please send me the ppt of following configuration

Reply

29 IrQ July 6, 2009 at 11:46 pm

Users of KDE 4 can’t use gui tools to connect over pptp vpn. If anybody needed this feature, please register and vote for it.

https://bugs.kde.org/show_bug.cgi?id=174439

Reply

30 Kevin September 1, 2009 at 4:21 am

No luck here. I have tried both commandline and gui on ubuntu jaunty and no luck. via the gui it says that I am connected to my work VPN, however i can not login to my machine or ping anything on the network.

Any ideas? I am at my wits end.

Reply

31 Kevin September 2, 2009 at 4:18 am

Also.. What is the proper NET and IFACE?

#!/bin/bash
NET="10.0.0.0/8" # set me
IFACE="ppp0" # set me
#IFACE=$1
route add -net ${NET} dev ${IFACE}

Reply

32 Alex June 24, 2011 at 2:36 pm

$NET – the network you wish to be routed via VPN-connection. If you want all your trafic go via VPN-tunnel, use “0.0.0.0/0″ as value for $NET variable. $IFACE – is that network interface which appeares after VPN-connection established (usually ppp0).

Reply

33 syed sharik March 10, 2010 at 3:53 pm

hi friends i have some problem for inretnet I want install a net hub so how to install Please help me I will be thankfull

Reply

34 Jack June 4, 2010 at 8:20 am

Thank you Vivek for sharing the information!

Reply

35 Michael August 24, 2010 at 6:41 am

where can i edit /etc/ppp/ip-up.d/route-traffic?
it’s not available in my centos 5.3 server

Reply

36 Michael August 24, 2010 at 7:27 am

Hi!
How to make script to auto connect to vpn server when I got disconnected?

Thanks!

Reply

37 Nawab August 24, 2010 at 1:06 pm

***
#!/bin/bash
NET=”192.168.1.0/24″ # set me
IFACE=”ppp0″ # set me
#IFACE=$1
route add -net ${NET} dev ${IFACE}
***
I receive the following error after saving route-traffic file with the aforementioned excerpt.

“/etc/ppp/ip-up.d/route-traffic”
“/etc/ppp/ip-up.d/route-traffic” E212: Can’t open file for writing

Kindly help !!!

Reply

38 Michael August 25, 2010 at 8:23 am

@Nawab

i think you should set the permission.
# chmod +x /etc/ppp/ip-up.d/route-traffic

Reply

39 Nawab August 27, 2010 at 2:53 pm

Thanks Michael, I tried changing permission with this command it says:

“chmod: cannot access `/etc/ppp/ip-up.d/route-traffic’: No such file or directory”

Reply

40 Michael August 28, 2010 at 3:52 am

@Nawab,
I just created the ip-up.d (directory) and create the file route-traffic..
Since no one answered my question, out of luck it works!

Reply

41 Lakshmi September 22, 2010 at 9:12 pm

Excellent & simple to follow.
They worked for me.

Reply

42 Mahesh September 23, 2010 at 11:17 am

There is another way to do this, by using pptpsetup command…
e.g.
pptpsetup –create –server server_ip_addr –username –password

Reply

43 ana October 10, 2010 at 11:50 am

I want to delete my VPN and I can’t :(

I can’t use my real ip or to open any browser without VPN.

Reply

44 kerem October 18, 2010 at 5:53 pm

Hi

I am trying to use your setup. I think I got most of the setup fine except the “IFACE” thing. What is it supposed to be?

thanks

Reply

45 ali October 31, 2010 at 8:27 am

sending information for e-mail ; thank you

Reply

46 ahmed January 25, 2011 at 10:11 am

i tried the CLI to configure
and got the following output
OS is RH 5.3

Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_disp:pptp_ctrl.c:781]: Received Stop Control Connection Request.
Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 4 ‘Stop-Control-Connection-Reply’
Jan 25 13:12:25 vis pptp[8755]: anon log[callmgr_main:pptp_callmgr.c:253]: Closing connection
Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 ‘Call-Clear-Request’
Jan 25 13:12:25 vis pppd[8749]: Modem hangup
Jan 25 13:12:25 vis pppd[8749]: Connection terminated.
Jan 25 13:12:25 vis pptp[8755]: anon log[pptp_read_some:pptp_ctrl.c:537]: read returned zero, peer has closed
Jan 25 13:12:25 vis pppd[8749]: Exit.
Jan 25 13:12:27 vis pptp[8755]: anon log[pptp_read_some:pptp_ctrl.c:537]: read returned zero, peer has closed
Jan 25 13:12:29 vis pptp[8755]: anon log[call_callback:pptp_callmgr.c:77]: Closing connection

Reply

47 nanotera February 18, 2011 at 8:43 am

In CENTOS 5 there is no ip-up.d but you can instead add the route commands to

/etc/ppp/ip-up.local

use chmod to make it executable and then it will work.

Reply

48 Rodent May 23, 2011 at 12:38 pm

Just a quick question, I run Ubuntu 10.04 – Lucid Lynx, is there any way of firing a script or scripts when the VPN Connects / disconnects from the campus VPN.

Reply

49 James Bond May 30, 2011 at 8:59 pm

I’d like to add my success to this.

For anyone who doesn’t want to force all traffic over the VPN, but rather just traffic bound to that interface, use the following script in /etc/ppp/if-up.d/route-traffic:

IF1=ppp0
IP1=VPN_CLIENT_IP
P1=VPN_GATEWAY_IP
P1_NET=VPN_NETWORK_IP

ip route add $P1_NET dev $IF1 src $IP1 table extra
ip route add default via $P1 table extra
ip route add $P1_NET dev $IF1 src $IP1
ip rule add from $IP1 table extra

Be sure to:

echo “10 extra” >> /etc/iproute2/rt_tables

Tested on countless Debian/Ubuntu servers. Enjoy!

Reply

50 Mike September 1, 2011 at 11:06 am

The if-up.d does not exist after installation, are we supposed to create this directory, or have things changed in recent versions?
I’m on RHEL though…

Reply

51 Mike September 1, 2011 at 2:11 pm

don’t worry, found it

Reply

52 sa144 August 1, 2011 at 10:54 am

I have set up PPTP VPN server on linux
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?

Reply

53 Lukas August 22, 2011 at 11:22 am

Hello there. Thanks for very nice PPTP VPN manual. I got just one question. IS it possible to monitor users traffic on VPN ? Give users quota for VPN ? Problem is on my server is users making too mutch traffic and i need to stop this. Thanks for any help. lu

Reply

54 Sysadmin August 22, 2011 at 7:03 pm

Lukas, yes, you can monitor VPN users trafic. The most simplier solution – is IP-address -based traffic accounting via iptables. This approach requires that each vpn-user have it’s oun unique IP-address. For example:
iptables -N ACCOUNT
iptables -A ACCOUNT -s 10.10.10.2 -j RETURN
iptables -A ACCOUNT -s 10.10.10.3 -j RETURN
……………
iptables -A FORWARD -j ACCOUNT

Then you can get packets and bytes counters with the command:
iptables -nL ACCOUNT -vx
and probably graph the stats via cacti/munin/etc…

Reply

55 Ladislav September 5, 2011 at 11:21 am

Hi Vivek and everybody here,

does anybody here have any experiences with setting up the client VPN against Microsoft PPTP VNP server, which use the client certificates. I already patched my ppp using this patch. But I am not able to set this connection up.

Thanks for some example of configuration.

Information about live connection I gathered from the Windows client are following:

On the connection configuration card:
On security folder there is selected "Precise configuration", then click on the Setting
Cryptography of data: Require (disconnect if cryptography cannot be used)
Use of protocol EAP: Smart Card or another certificate
There is a button for "Properties" where is>
- Use certificate in this computer
- Verify server certificate
- and in the root certificates list I selected the CA root certificate
Windows client VPN attributes after connection made:
Type of device: vpn
Type of server: PPP
Transports: TCP/IP
Authentication: EAP
Cypher: MPPE 128
Compression: MPPC
Multilink patterns of PPP: disabled

I use following command to initiate connection, but without any success:

/usr/local/sbin/pppd \
noauth nobsdcomp nodeflate require-eap \
name "$FQDN_HOSTNAME" remotename "$CN_Z_CA_CERTIFIKATU" \
cert $PRIVATNI_CERTIFIKAT \
key $VEREJNY_KLIC
ca $CA_CERTIFIKAT
password $HESLO \
logfile /tmp/pppd.log pty \
"pptp $VPN_SERVER  --nolaunchpppd"

Reply

56 lutpiero November 18, 2011 at 1:49 am

I do exactly as u write and
I receive this on my centos LCP: timeout sending Config-Requests.

I have already try to connect from windows 7 and vpn succesfully connected

Reply

57 fmp July 4, 2012 at 5:20 pm
[admin@goku Downloads]$ sudo rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
Retrieving http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
warning: /var/tmp/rpm-tmp.gZFCXj: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY
Preparing...                ########################################### [100%]
	package pptp-release-4-6.fc16.noarch (which is newer than pptp-release-4-6.fc6.noarch) is already installed
[admin@goku Downloads]$ sudo yum --enablerepo=pptp-stable install pptpconfig
Loaded plugins: langpacks, presto, refresh-packagekit
Could not retrieve mirrorlist http://poptop.sourceforge.net/yum/stable/mirrorlist-poptop-stable-fc17 error was
14: HTTP Error 404 - Not Found : http://poptop.sourceforge.net/yum/stable/mirrorlist-poptop-stable-fc17
Could not retrieve mirrorlist http://pptpclient.sourceforge.net/yum/stable/mirrorlist-pptp-stable-fc17 error was
14: HTTP Error 404 - Not Found : http://pptpclient.sourceforge.net/yum/stable/mirrorlist-pptp-stable-fc17
Error: Cannot find a valid baseurl for repo: poptop-stable
[admin@goku Downloads]$

What went wrong on the 2nd command? anyone who will lead on this. thanks.

Reply

58 Jawad January 27, 2014 at 10:32 pm

Hi
can anybody help me out with Suse linux PPTP client ? no matter what configurations i use it always gives me MS-Chap authentication error.. any help???

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , , , , , ,

Previous post:

Next post: