Thursday, May 17, 2012

How To: PPTP VPN on Ubuntu 12.04 (pptpd)

I recently started renting a 128 MB RAM Xen VPS for $15/quarter with a promotional offer for as seen on
Since offers unmetered bandwidth through a SoftLayer data center in Texas, I decided to set up a VPN server for my own use.

In this tutorial, I will be showing you how to set up pptpd (poptop) on Ubuntu 12.04 to provide PPTP VPN services.

The following instructions are inspired by

Install Software
sudo apt-get install pptpd ufw

Allow Ports 22 and 1723 on UFW and Enable UFW
Warning: if you are connected to SSH on a port other than 22, please adjust the first command accordingly so you don't get kicked off.

sudo ufw allow 22
sudo ufw allow 1723
sudo ufw enable

Edit /etc/ppp/pptpd-options
Comment out (by placing a "#" at the beginning of the line) the following lines in "/etc/ppp/pptpd-options":
  • refuse-pap
  • refuse-chap
  • refuse-mschap
If you don't want to require encryption, comment out "require-mppe-128" (might be good to disable it just for testing and re-enable it later)
Add the following:

*note, you can use any DNS servers you like, the two above are OpenDNS's public DNS servers.

Edit /etc/pptpd.conf
At the end of the file "/etc/pptpd.conf", add:

These values do not have to correspond to your network. It is best to pick un-accessible/unused addresses here if you only want to use the VPN for Internet access.

Edit /etc/ppp/chap-secrets
The format for "/etc/ppp/chap-secrets" is [Username] [Service] [Password] [Allowed IP Address]
Add something like this to the end (replacing sampleusername and samplepassword with whatever you want):
sampleusername pptpd samplepassword *

Reboot pptpd
Finally, you can reboot the pptpd server with:
sudo /etc/init.d/pptpd restart

Edit /etc/sysctl.conf
Un-comment the following line in "/etc/sysctl.conf":

The following command reloads the configuration (you can also just reboot at the end of this guide):
sudo sysctl -p

Edit /etc/default/ufw
Edit "/etc/default/ufw" and change the option "DEFAULT_FORWARD_POLICY" from "DROP" to "ACCEPT"

Edit /etc/ufw/before.rules
Add the following either at the beginning of "/etc/ufw/before.rules" or just before the *filter rules (recommended):
# NAT table rules

# Allow forward traffic to eth0

# Process the NAT table rules

At this point, you can run "sudo ufw disable && sudo ufw enable" or just reboot to be safe. You should be able to connect now. It took me several tries before I could get it to work, and it looks like the "require-mppe-128" line was what gave me so much trouble. I ultimately enabled encryption, but not before I tested it without.


  1. Thanks for sharing this such a great information i really appreciate your work i shared this link to my all fb friends and twitter followers and google circle friend because this information helps to every one and my hobby is knowledge sharing.

    I shared one thing with the help of your blog yesterday i was finding a pptp vpn service provider finally i found it the list of PPTP VPN provider this lists helps to every one


  2. Thank you for your clearly written instructions. Awesome!

  3. I followed these instructions and they worked perfectly with one caveat. I have to restart the server after every successful connection.

    I've tried restarting photos and ufw and neither worked.

  4. Dumb question(s) - I'm connected to the VPN, but I can't access network resources.

    Also - how can I route my network traffic through my vpn?

  5. Thanks for this Guide!
    It's work very well on VPS!
    Can you write a guide about: L2TP on Debian VPS, please?

  6. can connect to pptp server but no internet :(

    1. Hi all;

      Nice guide but i missed something essential on ubuntu 12.04lts 64b

      Set up ip-masquerading: ‘sudo nano /etc/rc.local‘

      Add the following lines above the line that says ‘exit 0‘

      # PPTP IP forwarding

      iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

      By default have ufw etc.. iptables -L showd me no nat rules.. so it connected but failed to forward my ip traffic.

      Hope it helps someone out there

  7. I would think you could just use IP tables to allow the ports insead of installing UFW?

    1. Yeah, you could definitely use iptables directly instead of UFW, I remember seeing a lot of guides on how to do that.

      I think UFW is just a configuration tool for iptables, since those are iptables commands I put in the UFW configuration.

      iptables has a steep learning curve though, and if you're already using UFW, I think this is the best way to do it. You could probably just add iptables commands anyway though, as long as they're loaded after UFW.

  8. It is perfect time to make some plans for the future and it's time to be happy. I've read this post and if I could I
    desire to suggest you some interesting things or tips. Perhaps you could write next articles referring to this article. I
    wish to read even more things about it!
    vpn accounts

  9. great points altogether, you simply received a new reader. What may you recommend about your post that you just made a few days ago?
    VPN provider

  10. Thank you, helpful document

  11. Fantastic guide, but I see the server but not internet connection. Also I disable the firewall please help me

  12. what localip i must use..??
    please help

    1. local ip in the example above is the external ip address that your server is using.

  13. Here is an alternative using iptables that is also forwarding all local traffic for gaming.

  14. can i access it over the internet ..??
    if can what I supoosed to do thx

  15. I want to setup pptp client in ubuntu 12.4 . Can you help me anyone please.

  16. Wonderful beat ! I would like to apprentice while you amend your website, how could i subscribe for a blog website? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast offered bright clear concept Also visit my blog ...
    vpn accounts
    VPN provider

  17. Hi,You explained the topic very well.The contents has provided meaningful information thanks for sharing info
    VPN for USA

  18. wasel pro the best VPN service, you can you can with it unblock any site in the world, he was working on all android phones , iPhone and iPad ,compatible with windows and Mac systems

  19. I made my VPN server with ubuntu 12.04.3 LTS, i can connect without encryption, but when i want connect with encrypt, i get this error message: "The PPTP-VPN did no respond. Try reconnecting..." (Mac) What's this? I'm not use kernel patches, or other tuning.

  20. Hi
    The last days I followed the tutorial that you expose in the web named: ``How To Setup Your Own VPN With PPTP.
    In my case I configure the chap encryption and it worked ok. But when I try to configure pap encryption I never connect. Why?
    My configuration is:
    in /etc/pptpd.conf

    hostname in my server = server
    external ip
    hostname in my client = client
    external ip

    the /etc/ppp/pap-secret in my server is:
    server client 123456 *
    client server 123456 *
    the /etc/ppp/pap-secret in my client is:
    server client 123456 *
    client server 123456 *

    net.ipv4.ip_forward = 1
    iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save

    iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
    iptables -I INPUT -s -i ppp0 -j ACCEPT
    iptables --append FORWARD --in-interface eth0 -j ACCEPT

    the log show me this:
    Jan 30 11:44:11 client NetworkManager[1041]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
    Jan 30 11:44:11 client pptp[3647]: nm-pptp-service-3631 log[pptp_read_some:pptp_ctrl.c:544]: read returned zero, peer has closed
    Jan 30 11:44:11 client pptp[3647]: nm-pptp-service-3631 log[callmgr_main:pptp_callmgr.c:258]: Closing connection (shutdown)
    Jan 30 11:44:11 client pptp[3647]: nm-pptp-service-3631 log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
    Jan 30 11:44:11 client pptp[3647]: nm-pptp-service-3631 log[pptp_read_some:pptp_ctrl.c:544]: read returned zero, peer has closed
    Jan 30 11:44:11 client pptp[3647]: nm-pptp-service-3631 log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
    Jan 30 11:44:11 client NetworkManager[1041]: VPN plugin failed: 1
    Jan 30 11:44:11 client pppd[3635]: Exit.
    Jan 30 11:44:11 client NetworkManager[1041]: VPN plugin state changed: stopped (6)
    Jan 30 11:44:11 client NetworkManager[1041]: VPN plugin state change reason: 0
    Jan 30 11:44:11 client NetworkManager[1041]: error disconnecting VPN: Could not process the request because no VPN connection was active.

    I appreciated any help

  21. The resource that you mentioned here is something that I have been looking from quite a time. It is really informative and quality of the content is extraordinary.

    VPN provider

  22. What is VPN?
    Did you know that some people are tracking what you do online? Your ISP, the Government, Google or someone with hacker skills may spy on your online activities. Faceless.Me is a VPN service provider that grants you online Privacy and Security. By using our best VPN service you get yourself behind the shield, where no one can spy on your online identity or steal your data.

  23. I thoroughly enjoyed reading your story. I really appreciate your wonderful know-how and the time you put into educating the rest of us.

  24. It's great! Thanks for all your efforts that you have put in this.

    using a vpn in china
    unblock vpn

  25. Question, how about when setting up the PPTP VPN client on ubuntu?
    Network-manager has a plugin, which allows you to do it very easily.
    the problem i am having is that i canNOT use the vpn succesfully unless i shutdown UFW first. You can imagine why that would be a concern.
    any ideas?
    The weird thing is that it was working perfectly up until about 1 or 2 months ago. frustrating.

  26. Thanks for VPN client configuration and installation guide.It works good.Great and useful post.

  27. If you get lines like this in /var/log/syslog:

    Jan 1 04:43:55 ip-172-30-0-214 kernel: [ 431.359775] [UFW BLOCK] IN=eth0 OUT= MAC= SRC= DST= LEN=61 TOS=0x00 PREC=0x00 TTL=46 ID=22881 DF PROTO=47
    Jan 1 04:43:58 ip-172-30-0-214 pppd[1394]: LCP: timeout sending Config-Requests

    You're running a newer kernel and need to add nf_conntrack_pptp to /etc/modules. By searching on "ufw proto=47" I found this post:

  28. Interested in choosing the right VPN for you? Read the reviews first! On you can find detailed reviews of the best VPN providers out there.

  29. Its is important to know about a VPN before using it and for that you need to read the VPN Review article which I found really comprehensive for Torrenting and other purposes

  30. Great explanation,Thanks for all your efforts that you have put in this.

    goldenslot slot games
    gclub casino

  31. SBOBET The world leading Asian Handicap Specialist offering the best odds in Sports, Casino, Games and Horse Racing.


  32. I have recently started a blog, the info you provide on this site has helped me greatly. Thanks for all of your time & work.
    this review summary

  33. I am hoping the same best effort from you in the future as well. In fact your creative writing skills has inspired me.
    best vpn in the world

  34. This comment has been removed by the author.

  35. Wow!! Amazing in depth blog post and much valuable for readers as usage of VPN is increasing rapidly. As, FastestVPN offers Best VPN for Linux with an easy setup that lets you experience the internet with freedom, anonymity, security and privacy!