59 comment

  1. Obligitory post to point out that Microsoft’s PPTP was, as initially implimented, very insecure. It may be that Microsoft has completely rewritten it since then and fixed every problem, I don’t know. Wikipedia says it can be compromized if MSCHAP-V2 is used and user’s choose weak passwords, so you’d want to try to avoid MSCHAP-V2. It appears to me that this article configures PPTP with MSCHAP-V2. You’d also need to check all your Microsoft Windows machines to be sure they’re not using a broken implimentation.

    An easy alternative is OpenVPN, which has a MS Windows installer and is all-around easy to impliment.

    1. Dear all fellows,

      i have installed Linux i.e ubuntu 10.04 on my PC in which i have installed pptp client and able to connect it successfully but problem is that it unable to browse internet. in windows it works fine.
      Kindly help me out.
      Regard,
      Syed Zaigham Ali

        1. Yes mahesh it was a gateway problem. My service provider didn’t want to tell the gateway and network address and said that install windows we did’t provide services on Linux. But Finally i knew it and using internet on UBUNTU…:)

  2. Kari,

    The PPTP is not secure enough for some information security policies and I personally like to use OpenVPN. PPTP is known to be a faulty protocol and your link in FAQ proves the same. This tutorial is for those who can’t switch to OpenVPN.

    Appreciate your post!

  3. Great guide! This helped me get beyond my problems using the GUI tools, which don’t report all the info. Also, the “fault tree” link on the pptpclient page is a good debugging resource.

    I appreciate the command line tool approach, as that shows you more what is happening under the covers, and to test your config step by step.

  4. Hi,
    I need to connect my linux centos4.4 server to VPN windows 2003. I tried to install pptpclient while I do not have apt-get and use
    yum –enablerepo=pptp-stable install pptpconfig with independencies error

    Error: Missing Dependency: libxml.so.1 is needed by package php4-pcntl-gtk
    Error: Missing Dependency: libglade.so.0 is needed by package php4-pcntl-gtk

    Please help me I will be thankfull
    Regards
    Adnan

  5. Hi

    My Lan is connected to internet using the Linux firewall and ADSL Modem.

    My Lan Architecture:
    vpnclient–>Linux–>ADSL MODEM–>net–>VPNSERVER

    From ADSL modem asigned public IP.

    Now My Question??

    How I will connect my LAN(VPN client) to server.
    Please help me out.

    I will be thankfull
    Arul

    1. If your ADSL modem is in the bridge mode, and Linux firewall performs NAT for vpnclient, you should connect to VPNSERVER without problems. However, you may need to tune the firewall on the linux box (FORWARD chain) and load ip_nat_pptp kernel module (via modprobe command).

  6. Hello !

    I set up pptpd on ubuntu 6.10
    i did manage to connect to the pptpd server
    but I am having issues with my default gateways.
    my clients are windows boxes.
    I connect to the VPN and this is what i see in my
    PPP adapter ramsam:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . .:00-53-45-00-00-00
    Dhcp Enabled. . . . : No
    IP Address. . . . . . : 192.168.1.50
    Subnet Mask . . . . . : 255.255.255.255
    Default Gateway . . . : 192.168.1.50
    DNS Servers . . . . . : 192.168.1.1
    4.2.2.2
    How do I make sure my vpn clients get the default gateway of 192.168.1.1 and why is it taking the ipaddress assigned to it as the gw.
    my DHCP runs on my router 192.168.1.1

    1. It’s because windows considers that VPN-connection route is more preferable than your default route. To avioid this problem try to uncheck
      the option “use default gateway in remote network” in TCP-IP options of VPN-connection (“Advanced…” button).

    1. I know this is a very old thread, but I had the same problem with the local campus network. No Default Route to x.x.x.x.
      The fix turned out to be really easy.

      sudo route add default gw 10.25.10.1

      and bingo it started working, hope this helps someone in the future.
      p.s. replace the 10.25.10.1 with the address of YOUR gateway.

  7. Worked perfectly on my Ubuntu system.

    Vivek – you can add a note in your excellent article – ‘10.0.0.0/8’ this is the network at the work place. For example the VPN server that I am trying to connect to is on the network ‘192.168.17.0/24’.

    I just had to make that change to the config file – route-traffic – and everything worked fine.

  8. hello.
    Thanks for the tutorial! worked great!

    I have come across a problem though. The connection times out every 1000 minutes or so.

    Does anyone have any ideas on what could be causing this?

    Thanks!

  9. There is an OpenSource alternative to Microsoft PPTP Server, and is called PopTop. Runs on Linux, however works only with 128 bits encryption and MS CHAP v2 authentication that are the least insecure PPTP options.

    Best Regards.

  10. I know this is an old thread, but I followed these instructions and my VPN connection worked great. Then later on it stopped working and I couldn’t determine why for the longest time. I thought Firestarter may have been the culprit, so I uninstalled it. Didn’t help. Finally last night I uninstalled other vpn software I had loaded, but wasn’t using: OpenSwan, IKE and probably a couple others. And viola, my PPTP VPN connection began working again.

  11. Very good explanation, but the repository appears not to be valid. I have not been able to find a new one, so I am in dependancy hell trying to get it to work. If anybody knows the door out let me know. 🙂

  12. Hi,

    I have small problem ,i already using ppptd and now running but i have ip still using DHCP (old ISP/IP Private) not from ip vpn (new ISP/IP Public) ,what cause this ?

    i tried to ping from network-tools.com and the message is ” Timed out ” but i can ping the vpn gateway also got reply quickly.

    log message :
    May 24 12:28:30 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
    May 24 12:28:30 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
    May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 ‘Outgoing-Call-Request’
    May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
    May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer’s call ID 27914).
    May 24 12:28:31 cpe-134-112 pppd[15906]: CHAP authentication succeeded
    May 24 12:28:31 cpe-134-112 pppd[15906]: CCP terminated by peer (No compression negotiated)
    May 24 12:28:31 cpe-134-112 pppd[15906]: Compression disabled by peer.
    May 24 12:28:31 cpe-134-112 pppd[15906]: local IP address 202.147.201.119
    May 24 12:28:31 cpe-134-112 pppd[15906]: remote IP address 202.147.205.1

    Let me know about this..

    thanks,

  13. No luck here. I have tried both commandline and gui on ubuntu jaunty and no luck. via the gui it says that I am connected to my work VPN, however i can not login to my machine or ping anything on the network.

    Any ideas? I am at my wits end.

  14. Also.. What is the proper NET and IFACE?

    #!/bin/bash
    NET="10.0.0.0/8" # set me
    IFACE="ppp0" # set me
    #IFACE=$1
    route add -net ${NET} dev ${IFACE}

    1. $NET – the network you wish to be routed via VPN-connection. If you want all your trafic go via VPN-tunnel, use “0.0.0.0/0” as value for $NET variable. $IFACE – is that network interface which appeares after VPN-connection established (usually ppp0).

  15. hi friends i have some problem for inretnet I want install a net hub so how to install Please help me I will be thankfull

  16. ***
    #!/bin/bash
    NET=”192.168.1.0/24″ # set me
    IFACE=”ppp0″ # set me
    #IFACE=$1
    route add -net ${NET} dev ${IFACE}
    ***
    I receive the following error after saving route-traffic file with the aforementioned excerpt.

    “/etc/ppp/ip-up.d/route-traffic”
    “/etc/ppp/ip-up.d/route-traffic” E212: Can’t open file for writing

    Kindly help !!!

  17. Thanks Michael, I tried changing permission with this command it says:

    “chmod: cannot access `/etc/ppp/ip-up.d/route-traffic’: No such file or directory”

    1. @Nawab,
      I just created the ip-up.d (directory) and create the file route-traffic..
      Since no one answered my question, out of luck it works!

  18. There is another way to do this, by using pptpsetup command…
    e.g.
    pptpsetup –create –server server_ip_addr –username –password

  19. Hi

    I am trying to use your setup. I think I got most of the setup fine except the “IFACE” thing. What is it supposed to be?

    thanks

  20. i tried the CLI to configure
    and got the following output
    OS is RH 5.3

    Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_disp:pptp_ctrl.c:781]: Received Stop Control Connection Request.
    Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 4 ‘Stop-Control-Connection-Reply’
    Jan 25 13:12:25 vis pptp[8755]: anon log[callmgr_main:pptp_callmgr.c:253]: Closing connection
    Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 ‘Call-Clear-Request’
    Jan 25 13:12:25 vis pppd[8749]: Modem hangup
    Jan 25 13:12:25 vis pppd[8749]: Connection terminated.
    Jan 25 13:12:25 vis pptp[8755]: anon log[pptp_read_some:pptp_ctrl.c:537]: read returned zero, peer has closed
    Jan 25 13:12:25 vis pppd[8749]: Exit.
    Jan 25 13:12:27 vis pptp[8755]: anon log[pptp_read_some:pptp_ctrl.c:537]: read returned zero, peer has closed
    Jan 25 13:12:29 vis pptp[8755]: anon log[call_callback:pptp_callmgr.c:77]: Closing connection

  21. In CENTOS 5 there is no ip-up.d but you can instead add the route commands to

    /etc/ppp/ip-up.local

    use chmod to make it executable and then it will work.

  22. Just a quick question, I run Ubuntu 10.04 – Lucid Lynx, is there any way of firing a script or scripts when the VPN Connects / disconnects from the campus VPN.

  23. I’d like to add my success to this.

    For anyone who doesn’t want to force all traffic over the VPN, but rather just traffic bound to that interface, use the following script in /etc/ppp/if-up.d/route-traffic:

    IF1=ppp0
    IP1=VPN_CLIENT_IP
    P1=VPN_GATEWAY_IP
    P1_NET=VPN_NETWORK_IP

    ip route add $P1_NET dev $IF1 src $IP1 table extra
    ip route add default via $P1 table extra
    ip route add $P1_NET dev $IF1 src $IP1
    ip rule add from $IP1 table extra

    Be sure to:

    echo “10 extra” >> /etc/iproute2/rt_tables

    Tested on countless Debian/Ubuntu servers. Enjoy!

    1. The if-up.d does not exist after installation, are we supposed to create this directory, or have things changed in recent versions?
      I’m on RHEL though…

  24. I have set up PPTP VPN server on linux
    But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
    i need to limit that to one user at the time.
    anybody knows how it can be done?

  25. Hello there. Thanks for very nice PPTP VPN manual. I got just one question. IS it possible to monitor users traffic on VPN ? Give users quota for VPN ? Problem is on my server is users making too mutch traffic and i need to stop this. Thanks for any help. lu

  26. Lukas, yes, you can monitor VPN users trafic. The most simplier solution – is IP-address -based traffic accounting via iptables. This approach requires that each vpn-user have it’s oun unique IP-address. For example:
    iptables -N ACCOUNT
    iptables -A ACCOUNT -s 10.10.10.2 -j RETURN
    iptables -A ACCOUNT -s 10.10.10.3 -j RETURN
    ……………
    iptables -A FORWARD -j ACCOUNT

    Then you can get packets and bytes counters with the command:
    iptables -nL ACCOUNT -vx
    and probably graph the stats via cacti/munin/etc…

  27. Hi Vivek and everybody here,

    does anybody here have any experiences with setting up the client VPN against Microsoft PPTP VNP server, which use the client certificates. I already patched my ppp using this patch. But I am not able to set this connection up.

    Thanks for some example of configuration.

    Information about live connection I gathered from the Windows client are following:

    On the connection configuration card:
    On security folder there is selected "Precise configuration", then click on the Setting
    Cryptography of data: Require (disconnect if cryptography cannot be used)
    Use of protocol EAP: Smart Card or another certificate
    There is a button for "Properties" where is>
    - Use certificate in this computer
    - Verify server certificate
    - and in the root certificates list I selected the CA root certificate
    
    Windows client VPN attributes after connection made:
    Type of device: vpn
    Type of server: PPP
    Transports: TCP/IP
    Authentication: EAP
    Cypher: MPPE 128
    Compression: MPPC
    Multilink patterns of PPP: disabled
    

    I use following command to initiate connection, but without any success:

    /usr/local/sbin/pppd 
    noauth nobsdcomp nodeflate require-eap 
    name "$FQDN_HOSTNAME" remotename "$CN_Z_CA_CERTIFIKATU" 
    cert $PRIVATNI_CERTIFIKAT 
    key $VEREJNY_KLIC
    ca $CA_CERTIFIKAT
    password $HESLO 
    logfile /tmp/pppd.log pty 
    "pptp $VPN_SERVER  --nolaunchpppd"
    
  28. I do exactly as u write and
    I receive this on my centos LCP: timeout sending Config-Requests.

    I have already try to connect from windows 7 and vpn succesfully connected

  29. [[email protected] Downloads]$ sudo rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
    Retrieving http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
    warning: /var/tmp/rpm-tmp.gZFCXj: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY
    Preparing...                ########################################### [100%]
    	package pptp-release-4-6.fc16.noarch (which is newer than pptp-release-4-6.fc6.noarch) is already installed
    
    [[email protected] Downloads]$ sudo yum --enablerepo=pptp-stable install pptpconfig
    Loaded plugins: langpacks, presto, refresh-packagekit
    Could not retrieve mirrorlist http://poptop.sourceforge.net/yum/stable/mirrorlist-poptop-stable-fc17 error was
    14: HTTP Error 404 - Not Found : http://poptop.sourceforge.net/yum/stable/mirrorlist-poptop-stable-fc17
    Could not retrieve mirrorlist http://pptpclient.sourceforge.net/yum/stable/mirrorlist-pptp-stable-fc17 error was
    14: HTTP Error 404 - Not Found : http://pptpclient.sourceforge.net/yum/stable/mirrorlist-pptp-stable-fc17
    Error: Cannot find a valid baseurl for repo: poptop-stable
    [[email protected] Downloads]$
    
    

    What went wrong on the 2nd command? anyone who will lead on this. thanks.

  30. Hi
    can anybody help me out with Suse linux PPTP client ? no matter what configurations i use it always gives me MS-Chap authentication error.. any help???

  31. Whoops… pasted the whole damn thing…
    I ment to paste:
    [email protected]:~# tail -f /var/log/messages
    Nov 27 20:44:19 raspberrypi pppd[19337]: pppd 2.4.5 started by root, uid 0
    Nov 27 20:44:19 raspberrypi pppd[19337]: Using interface ppp0
    Nov 27 20:44:19 raspberrypi pppd[19337]: Connect: ppp0 /dev/pts/2
    Nov 27 20:44:20 raspberrypi pppd[19337]: Connection terminated.
    Nov 27 20:44:20 raspberrypi pppd[19337]: Exit.
    Nov 27 20:47:59 raspberrypi pppd[19492]: pppd 2.4.5 started by root, uid 0
    Nov 27 20:47:59 raspberrypi pppd[19492]: Using interface ppp0
    Nov 27 20:47:59 raspberrypi pppd[19492]: Connect: ppp0 /dev/pts/2
    Nov 27 20:48:00 raspberrypi pppd[19492]: Connection terminated.
    Nov 27 20:48:00 raspberrypi pppd[19492]: Exit.

Leave a Comment