A virtual private network (VPN) is network that extends a private network (i.e. LAN) across a public network, such as the Internet. It enables a communications between computers and devices across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security and management policies of the private network.
This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. Basically, if two computers are connected through a VPN, they can communicate directly the same way as if they were in local network. Although the two computers could be physically very distant, the other computers on the internet are not able to intercept their communication.
Server side setup and configuration
The most popular VPN solutions are OpenVPN and PPTP. We will use PPTP. Before we proceed and setup our own VPN network, we should have one computer that will be the VPN server. That computer will be responsible for assigning IP addresses to the clients, establishing initial connection between the clients or between client and the server, handling the security protocols and users/clients authentication. In order to install PPTP we will execute the following command:
# apt-get install pptpd
Alternatively, if we are using CentOS we should execute:
# rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
# yum -y install pptpd
Next step is to edit the default configuration file /etc/pptpd.conf, using our favourite editor and add the following lines:
localip 172.16.0.1
remoteip 172.16.0.100-200
In this case, 172.16.0.1 is the IP that will be used inside the VPN by the VPN server, and An IP from the range 172.16.0.100-200 will be assigned to each client that will be authenticated.
Now we need to add new users. The file that contains the users and their password is /etc/ppp/chap-secrets. The client should be entered with the following information in the following order:
# client server secret IP addresses
In order to create new client called client1 that will be able to use the pptpd server from any location using the password password1 we should add the following line, in the following case, the asterisk means that anyone IP address can use that login information:
client1 pptpd password1 *
The last thing that we need to do before starting our VPN server is to add DNS server. We can add the DNS servers provided by or internet provider or we can use Google DNS servers and insert them in the file.
ms-dns 8.8.8.8
ms-dns 8.8.4.4
Now we can start the pptpd daemon using the command:
service pptpd start
In order to verify that it is running and listening for incoming connections, we should execute:
netstat -alpn | grep pptp
The output should look something like this:
tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 20934/pptpd
unix 2 [ ] DGRAM 5992346 20934/pptpd
In order for VPN server to work properly and be able to forward the requests we should make sure that the following line exists in /etc/systl.conf.
net.ipv4.ip_forward = 1
If it does not exist, we need to add it and then apply the configuration using the following command:
sysctl -p
If we want the clients to be able to communicate to each other inside the VPN network we should create the following iptables rules:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
# iptables --table nat --append POSTROUTING --out-interface ppp0 -j
# iptables -I INPUT -s 172.16.0.0/16 -i ppp0 -j ACCEPT
# iptables --append FORWARD --in-interface eth0 -j ACCEPT
Client side setup and configuration
In order for a client computer to be able to connect to our VPN server, we should install the PPTP client using the following command (the first one is for CentOS, the second is for Debian/Ubuntu):
# yum -y install pptp
# apt-get install pptp-linux
The VPN client request the ppp_mppe module, so we need to load it:
# modprobe ppp_mppe
Client configuration should be created in /etc/ppp/peers/ folder. In order to configure the parameters for the server we want to use, we should create the configuration file using our favorite editor and set the following parameters (we are at client1 now):
pty "pptp --nolaunchpppd"
name client1
password password1
remotename PPTP
require-mope-128
If our config files in the example above, was named /etc/ppp/peers/vpnserver, then in order to start the client and connect to the VPN server we should execute:
# pppd call vpnserver
After starting the client, check the log files for possible errors or successful connection info using the following command:
# cat /var/log/syslog | grep pptp
We should explicitly set proper routing for the VPN traffic on our clients:
ip route add 172.16.0.0/16 dev ppp0
Once this is done, we can repeat the procedure and add more client and they will all be able to communicate to each other inside secured virtual private network. The computer can communicate using any protocol or service, such as HTTP, SMTP, telnet, MySQL, FTP etc. PPTP server doesn’t demand high usage of CPU resources, but still, all traffic is 128-bit encrypted. This provides decent level of security and protection for our sensitive data and information.