This howto outlines how to connect to a PPTP VPN server from a Linux computer running Ubuntu (or a Ubuntu based distribution). It covers the installing of the PPTP VPN client, configuration, and connecting/disconnecting from the VPN connection.
Installing the PPTP client for Linux on Ubuntu
The PPTP VPN client package is packaged under the name “pptp-linux” in the Ubuntu repositories. You can install it using the following command:
$ sudo apt-get -y install pptp-linux
Configuring the PPTP VPN connection
Start by editing the chap-secrets file, which will contain the username and password to use for the new connection.
$ sudo nano /etc/ppp/chap-secrets
This is what a blank, default chap-secrets file looks like:
# Secrets for authentication using CHAP # client server secret IP addresses
Add in the username and password, along with a name to identify that this will be used for the PPTP VPN connection. In this howto I am using the name “workvpn”.
The format should be:
<username> <server_name> <password> <ip_address>
You can space out the sections if you want them to line up with the headings at the top of the file. A * character can be used for the IP address if you are assigned a IP address from the server.
Example chap-secrets file with the details entered:
# Secrets for authentication using CHAP # client server secret IP addresses vpnuser workvpn password123 *
Save and exit the chap-secrets file.
Create a new ppp peers file for the new vpn connection. To make life easy, name it the same as the “server” section in the chap-secrets.
$ sudo nano /etc/ppp/peers/workvpn
Paste in the following lines, and modify to suit:
pty "pptp vpn.server.hostname.here.com --nolaunchpppd" name vpnuser remotename workvpn require-mppe-128 file /etc/ppp/options.pptp ipparam workvpn
Modify the VPN server address from “vpn.server.hostname.here.com” to either the IP address, or DNS hostname of the destination PPTP VPN server.
Modify the “name” parameter to use the username you set up in the chap-secrets file earlier.
The “remotename” parameter must match the “server” name in the chap-secrets file. The ipparam parameter is used for the route script later on. Keep it the same as the “remotename” parameter to make things easier to manage and remember.
Save the file and exit the editor.
Create a route script that will get run after the PPP connection establishes.
$ sudo nano /etc/ppp/ip-up.d/99vpnroute
This script will get run whenever any PPP connection is established, so using the below script, we specify that the route is only added if the PPP connection that gets established is for “workvpn”.
#!/bin/bash
if [ "$PPP_IPPARAM" == "workvpn" ]; then
route add -net 192.168.20.0/24 dev $PPP_IFACE
fi
Replace 192.168.20.0/24 with the network mask of the remote network you are connecting into. Make sure that your local LAN and the remote LAN aren’t on the same network range, or you may get connectivity issues.
If you need need to route more networks over the VPN connection, simply add another route line directly underneath the existing route line.
Save the file and exit the editor.
Make the vpn route script executable:
$ sudo chmod +x /etc/ppp/ip-up.d/99vpnroute
The configuration of the PPTP VPN connection is now complete.
Connecting to the PPTP VPN Server
To connect to the remote PPTP VPN server, issue the following command:
$ sudo pon workvpn
or
$ sudo pppd call workvpn
Where “workvpn” is the name used previously to identify the VPN connection.
To confirm that the connection is up, run ‘ifconfig’ to ensure a ppp interface gets created, and assigned an IP address.
If its all working so far, use ‘route -n’ to make sure the routes have been configured.
If the ppp connection doesn’t get established, check the /var/log/messages log file for errors:
$ sudo tail -n 50 /var/log/messages
Disconnecting from the PPTP VPN Server
The simplest way to disconnect from the PPP connection is to use the following command:
$ sudo poff workvpn
To kill all active PPP connections, you can use the following:
$ sudo killall pppd
or, to explicitly disconnect just one PPP session, assuming you know the PPP device name you want to disconnect, you can run the following command:
$ sudo kill `cat /var/run/ppp0.pid`
Replace ppp0 with the device name you wish to disconnect
