How to Setup up PPTP VPN on Debian for your iPhone

September 3, 2010

Debian setup is as simple as the following lines:

Install poptop

# aptitude install pptp

Edit pptpd config files

/etc/pptpd.conf

The file should look like this:

[bash]option /etc/ppp/pptpd-options
logwtmp
localip 192.168.0.1
remoteip 192.168.0.10-20[/bash]

Set them to whatever private (or public) ip addressing you want. You could use IP addresses currently available in your network, if you do this you will not need to add the iptables rules for natting later in this guide.

Your /etc/ppp/pptpd-options should look like this:

Option 1
Set ms-wins and ms-dns to the name server the server you are currently working on is using (look in reolv.conf).

Option 2
Or as I did install dnsmasq on the server and run it as a chaching dns server

[bash]aptitude install dnsmasq[/bash]

And then set ms-dns and ms-wins to 192.168.0.1 (or the localip you set)

/etc/ppp/chap-secrets

Setup users and passwords to connect the pptp server

username pptpd somepassword *

Turn on IP Forwarding

[bash]echo 1 > /proc/sys/net/ipv4/ip_forward[/bash]

Set the change permanantly in /etc/sysctl.conf by uncommenting the line:

[bash]net.ipv4.ip_forward=1[/bash]

Turn on NATing

If you have created a new private network for your pptpd server, you probably have, you need to add a rule to iptables.

[bash]iptables –table nat –append POSTROUTING \
–out-interface eth0 –jump MASQUERADE[/bash]

But this rule needs be persistant so we need to create a script to run when the interface starts up

[bash]iptables-save > /etc/iptables.conf[/bash]

Create a new file: /etc/network/if-up.d/iptables and paste in the following

[bash]#!/bin/sh
/sbin/iptables-restore < /etc/iptables.conf[/bash]

Set it to executable

[bash]chmod 755 /etc/network/if-up.d/iptables[/bash]

All Done!. Just startup pptpd

[bash]/etc/init.d/pptpd start[/bash]

On your iPhone use the following picture as a guide:

+1 this post if it helped you!

2 comments on “How to Setup up PPTP VPN on Debian for your iPhone

  1. Lukas on said:

    Hello there. Thanks for very nice PPTP VPN manual. I got just one question. IS it possible to monitor users traffic on VPN ? Give users quota for VPN ? Problem is on my server is users making too mutch traffic and i need to stop this. Thanks for any help. lu

    • larmib on said:

      If you use Debian, you can grab dsniff:

      apt-get install dsniff

      Then usage is like this:
      urlsnarf -i ppp0

      Another option for you would be to force your users to go through a proxy, like squid so you can log http, and https traffic.

Leave a Reply