Howto: Ubuntu 8.10 PPTP (VPN) Server with Windows XP as the client PC

Today I setup a VPN server for my house, and here’s how it’s done. I’ll assume you already have an Ubuntu box setup. If not, head to Ubuntu.com and download the server, and set it up however you want. If you need help, hit me up at http://forum.thesmileyking.com

Now, SSH to your server, and run the following command:

sudo apt-get install pptpd

Let that install and then run this command to edit the configuration:

sudo pico /etc/pptpd.conf

Here’s what it should look like in case your’s in blank:

###############################################

# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################

# TAG: ppp
# Path to the pppd program, default ‘/usr/sbin/pppd’ on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in ‘/etc/ppp/options’
#
option /etc/ppp/pptpd-options

# TAG: debug
# Turns on (more) debugging to syslog
#
#debug

# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
# Suppress the passing of the client’s IP address to PPP, which is
# done by default otherwise.
#
#noipparam

# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp

# TAG: bcrelay
# Turns on broadcast relay to clients from interface
#
#bcrelay eth1

# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that’s ok – all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
localip 192.168.101.1
remoteip 192.168.101.200-245

Note that the localip is your ethernet adapter’s IP. You can find this by running this command:

ipconfig

RemoteIP is the range you want the clients to have. Now you want to add some users. This step is easy as well:

sudo pico /etc/ppp/chap-secrets

Here’s a sample, and I’ll explain what they mean below:

# Secrets for authentication using CHAP

# client server secret IP addresses

crimm pptpd password *

crimm = Username
PPTPD = Is our daemon
password = This is the user’s password
* = Where the user can connect from. If set to * it means from anywhere.

Once your user is added, restart your daemon by running this command:

sudo /etc/init.d/pptpd restart

Now we have to configure MPPE encrpytion or else all your information will be in plain text. Run this command to load the module (This information comes from this link)

sudo modprobe ppp-compress-18

Reboot the server at this point.

SSH back into the machine and start the PPTPD daemon again with the following command:

sudo /etc/init.d/pptpd start

Check your System Log for errors:

sudo pico /var/log/syslog

(Only if you are experiencing errors in syslog that say: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.4, this is 2.4.5 follow this step)

When trying to connect a client to the server you may see the dreaded version error, thanks to this link – it’s a bug and there is an easy fix.

sudo pico /etc/pptpd.conf

and comment out the line logwtmp (To comment it out … add a # in front of it) – this will disable some logging, but should fix your issue.

Restart the daemon the hard way this time:

sudo killall pptpd

sudo pptpd

To test to see if you’re daemon is running do this:

telnet 127.0.0.1 1723

1723 being the port PPTPD connects on. If it says connection refused … Then your daemon isn’t starting. You can find information about why it’s not starting in:

sudo pico /var/log/syslog

Tweak what you need to based off the error in the log file. If you need help head over to http://forum.thesmileyking.com and ask for help

Also see above as your error may be there or it may be below!

Last step, setting up your Windows XP PC to connect to it:

Go to your network connections
Add a network connection
Click next
Choose “Connect to the network at my workplace” and choose next
Choose “Virtual Private Network Connection” and choose next
Give it a name and choose next
(If you have other connections) choose Do not dial and hit next
Put in the IP address of the server you are connecting to and hit next
Click Finish
Right click the new connection and click properties
Go to the security tab and click the radio button for Advanced.
Click the settings button
Drop down the box for Data encryption and set to Maximum strength encryption
Make sure that MS-CHAP is UNCHECKED
Make sure that MS-CHAP-v2 is CHECKED
Go to networking tab and choose type of VPN to be PPTP VPN
Choose Properties on TCP/IP
Click Advanced button at the bottom
Untick the box that says: “Use default gateway on remote network” (Screenshot)

Errors on the Windows XP side; tips: (You may/will receive these on your Windows XP computer)

Error 800: Make sure the daemon is started and the ports are open
Error 741: LINK – Right click the new connection and click properties – Go to security tab -> Advanced button -> Settings. Disable require connection. If it connects okay, then the PPTP server is not requiring encryption. **You do NOT want to leave it without encryption! Go back above through the steps for loading the MPPE module!**
Error 619: Make sure that you disabled logwtmp above and make sure your Windows XP settings are all correct as above.
Also remember that if you are having trouble connecting remotely, check your firewall settings (Link to port information below) and if it’s not working locally check your iptables (Link below).
Here’s a good website for assistance: http://pptpclient.sourceforge.net/howto-diagnosis.phtml

Links that helped me along the way to help everyone with traffic that helped me

That’s it for today

I hope you learned something

http://blog.thesmileyking.com

http://crimm.me Crimm

I need to update this for 10.04. Maybe I’ll do that soon.
http://blog.ryanrhee.net Ryan

Update to 10.04 would be much appreciated!
http://www.oldfortharrod.com renewable energy and obama

I can’t but agree.I always wanted to write in my site something like that but I guess you’r faster.
Allan Miyanaga

There’s two ways a person can see your keystrokes. One, with a silent program on your computer that logs your keystrokes and mice clicks, or two, if they are directly viewing your screen using a program (Windows Messenger used to, there’s also a program called WinVNC that allows you to see your desktop remotely by another computer.)
http://pulse.yahoo.com/_CHW27EJOBV3QNX7MPS7VD3VXCU saeed

I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?

Debugge

Tools and scripts to help you in your technical life.

Howto: Ubuntu 8.10 PPTP (VPN) Server with Windows XP as the client PC

Debugge TV