Easily install pptpd on Debian with this bash script

—————————————————————————–

#!/bin/bash
username=someUser
password=somePass
externalip=your.servers.ip.adress

apt-get -y --force-yes update
apt-get -y --force-yes install pptpd
cp -R /etc/ppp/pptpd-options /etc/pptpd.conf
echo -e "ms-dns 8.8.8.8\nms-dns 8.8.4.4" >> /etc/pptpd.conf
echo -e "localip 10.0.0.1\nremoteip 10.0.0.10-100" >> /etc/pptpd.conf
echo -e "$username * $password *" >> /etc/ppp/chap-secrets

iptables -t nat -A POSTROUTING -j SNAT -s 10.0.0.0/16 --to-source $externalip

/etc/init.d/pptpd restart

—————————————————————————–

You may also have to execute mknod /dev/ppp c 108 0

Make iptables rule stick on reboot:

Edit /etc/rc.local and add:

iptables -t nat -A POSTROUTING -j SNAT -s 10.0.0.0/16 --to-source your.servers.ip.adress

Replace your.servers.ip.adress with the external IP address of your sever. Make sure to add the line ABOVE exit 0. rc.local must end with that.

Getting Internet to work through the VPN:

Edit /etc/sysctl.conf and uncomment the following line

net.ipv4.ip_forward=1

Execute the sysctl command to enable the new settings in the configuration file

sysctl -p

Other Stuff

You may need to add additional iptables rules to get internet working;

iptables -A FORWARD -s 10.0.0.0/16 -o ppp0 -j ACCEPT
iptables -A FORWARD -d 10.0.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i ppp0 -j ACCEPT
iptables -A FORWARD -i ppp0 -j ACCEPT
iptables -A FORWARD -o ppp0 -j ACCEPT

To show the NAT tables as they are atm;

iptables -t nat -L --line-numbers

To remove a rule (#2 in this case);

iptables -t nat -D POSTROUTING 2

Problem? Diagnose it!

If you want to enable debugging follow these steps: Open up /etc/rsyslog.conf (or syslog.conf). Add the line:

daemon.debug /var/log/pptpd.log

Next, kill off the current rsyslogd or syslogd and start a new one:

killall rsyslogd
/usr/sbin/rsyslogd

OR

killall syslogd
/usr/sbin/syslogd

To diagnose faults, enable the options debug dump in /etc/pptpd.conf. The change is effective on the next connection. The debug output goes to /var/log/debug, and the dump output and usual output to /var/log/messages.

After doing these two things, you can probably find the problem here;

/var/log/pptpd.log

A very common error is

PTY read or GRE write failed (pty,gre)=(5,6)

I have yet to find out what it means.

Don’t forget to disble debugging again when you’re done. It eats resources.

Leave a Reply

Your email address will not be published. Required fields are marked *