How to setup a PPTP VPN on Debian 6

This guide will teach you how to setup and install a functioning PPTP VPN server on Debian 6 squeeze. This will allow you to tunnel all your traffic through your server. This guide should also work for any other linux based distribution.

The first step is to install the pptpd package for the VPN.
apt-get install pptpd

Now in your favourite editor we need to open /etc/pptpd.conf. Scroll down until you see

These two lines need to be uncommented, so should look like this

Now we can add the user accounts we want to be able to connect through the VPN. Open up /etc/ppp/chap-secrets in your favourite editor. It should look something like this
# Secrets for authentication using CHAP
# client server secret IP addresses

Below those lines we can add users, seperate each user by a new line. Say for example we want to enter the username mark with a password cats, our file would look like this
# Secrets for authentication using CHAP
# client server secret IP addresses
mark pptpd cats *

We now need to open the file /etc/ppp/pptpd-options and locate ms-dns. These will look like this

Uncomment both of these and replace them with DNS servers. I will be using the free Google DNS servers in this tutorial. Your file should now look like this

The next step is to open /etc/sysctl.conf in your favourite editor, to enable packet forwarding. Locate the line the line below, and uncomment #net.ipv4.ip_forward=1.
# Uncomment the next line to enable packet forwarding for IPv4

You can now issue the command below, so that IP forwarding will take effect without a reboot.
echo 1 > /proc/sys/net/ipv4/ip_forward

Now we need to create an iptables rule so that our VPN traffic can pass through without issues. This command will depend on if you are running any virtualisation such as being on an XEN or OpenVZ VPS. You should issue below command to figure out the internet interface. In most cases it will be eth0 (No virtualisation or XEN) on OpenVZ it will most likely be venet0

Once we have found out the right interface we can issue the command below. Replace eth0 with the correct interface that you discovered in the step above.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The VPN will now work, however this iptables rule will disappear upon reboot of the server, therefore not allowing the VPN to work. To fix this we will issue the command
iptables-save > /etc/iptables.conf

Now edit the file /etc/network/interfaces at below the interface listed there add
pre-up iptables-restore < /etc/iptables.conf

My /etc/network/interfaces looks like this
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/iptables.conf

The final step is to issue the command
/etc/init.d/pptpd restart

Congratulations! You should now have a functioning PPTPD tunnel in which you can tunnel traffic to your server.