Setting up a PPTP VPN on OpenVZ VPS (Tested with RamNode VPS)

Share this:

Here’s another great use of having your own VPS, run a VPN server to tunnel your Internet connectivity! There are many reasons why you’d want to run a VPN server and I’m not going to delve into that here. But once you’ve decided to run on, this is the guide for you.

I run my OpenVZ-based VPS (Virtual Private Host) on RamNode using Ubuntu 12.04 LTS as my server OS. So it should work if you are on the same infrastructure. However, this should work just about the same with any other OpenVZ VPS as well.

If you do not yet have your own VPS, I would recommend checking out RamNode. The rates are pretty cheap and their uptime has been quite reliable. You can read a bit about why I went with RamNode here on this article.

Ok. Let’s start.

Steps to setup a PPTP VPN on OpenVZ VPS

1. Enable PPP support

On RamNode, this is super easy. Just login to the VPS Control Panel, head over the the settings tab and enable PPP. Your VPS would be restarted so be sure you’re not doing anything with the VPS before enabling PPP.

Enable PPP on RamNode VPS Control Panel

Enable PPP on RamNode VPS Control Panel

Update Note: I’ve noticed that every time there is a maintenance shutdown on my VPS node, I would need to re-enable PPP by turning it off and on again. I’ll be checking with the guys at RamNode as to why this is happening. So if you find that your VPN isn’t connecting anymore, try doing this as well and see if it works. But remember, doing this would reboot your server twice.

2. Install PPTPD and setup the configurations

The following steps would get it done. You may change some of the settings if you want to but leaving it the same would work just fine.

apt-get install pptpd

First let’s edit the pptpd options to setup the DNS servers.

vi /etc/ppp/pptpd-options

Look for the ms-dns configuration, uncomment them and edit it to use either Google’s Public DNS (as used below) or OpenDNS’

ms-dns 8.8.8.8
ms-dns 8.8.4.4

Then, edit the pptpd configuration file to setup the ip assignments

vi /etc/pptpd.conf

Add the following at the end of the file. Here, insert your VPS’s IP for the localip configuration (replace <vps-ip). The remoteip settings can remain the same or changed as per your liking.

localip <vps-ip>
remoteip 10.0.0.100-199

Next is to configure the VPN user and password. Replace <user> and <password> accordingly. And as always, I suggest generating a strong password (minimum 25 character in length using mixed-cased letters, symbols and numbers).

vi /etc/ppp/chap-secrets

Add the following line(s) as required

<user> pptpd <password> *

That’s all to it for the configurations, so let’s restart the pptpd service now.

pptpd restart

3. Setting up the network configurations to forward requests from the VPN connections to the external networks

Firstly, let’s enable IP forwarding on your VPS

vi /etc/sysctl.conf

Uncomment the following line (remove the # character)

net.ipv4.ip_forward=1

Let’s reload the configuration

sudo sysctl -p

Next, it’s time to configure the iptables. (Note that this is tested only with RamNode’s VPS server, your routing rule may need to be different depending on the host you’re on. Try searching online to find a rule that would work for you.)

iptables -P FORWARD ACCEPT
iptables --table nat -A POSTROUTING -o venet0 -j MASQUERADE

Once this is done. It should work already! Just setup the PPTP VPN connection on your device or PC to test it out. Otherwise, try rebooting your VPS to make sure all the settings are refreshed.

That’s it! Oh but remember, make sure your VPN use is well within your allocated bandwidth as per the VPS package you got. Especially if you’re also running a website on the VPS!

Update: List of references for me to get this working

Credit where credit is due, this site helped (link) me get the script right. My challenge was getting the right iptables nat postrouting correct. Generally you would use -o eth0 but for OpenVZ VPS, what you get is a virtual network adapter, thus venet0 instead!

Share this:

You may also like...

7 Responses

  1. Tim says:

    Posting credits to the source article would be a good idea.

  2. Ken Ng says:

    Hi Tim,

    I absolutely agree with you and it’s my mistake not to put the sites where I referred some of the scripts from. However, it’s not from the link you posted in your comment.

  3. Simon Moles says:

    MASQUARADE wasn’t supported on my server, but this command did the job:

    iptables -t nat -A POSTROUTING -j SNAT –to-source

  4. Simon Moles says:

    Argh, the command in my comment got mangled. Second attempt:
    iptables -t nat -A POSTROUTING -j SNAT –to-source [venet0’s ip address]

  5. Ken Ng says:

    Thanks! Yes the routing is the tricky part and depends largely on the host. Which is why I did state what I did worked on the host I was using. 🙂

  6. pojokan says:

    root@cf:~# iptables –table nat -A POSTROUTING -o venet0 -j MASQUERADE
    iptables v1.4.12: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
    Perhaps iptables or your kernel needs to be upgraded.
    what should i do
    can you help me

  7. Simsan says:

    Wow.. after try many tutorial. I get success by this tutorial.
    Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.