Raspberry Pi Home Server

Install on Raspberry Pi a VPN with PPTP server

by · 12 May 2013

Here's the first article made at the request of a person who follows this site (and via Facebook and more ! 🙂 ). So today let's see how to set up a VPN on Raspberry Pi Server.

Raspberry Pi Home Server - Installer un serveur VPN avec PPTP

Before you begin, There may be a few details about what is a VPN and what it can be used.

How it works ?

You can find details technical everywhere on the Internet but what you should remember it is only the VPN (Virtual Private Network) connects two networks together or external machines to a specific network. The connection is done in a secure manner and in theory communications are not understandable by people outside even when everything via the Internet.

All this allows to pretend that one is on the same network as it passes through an intermediary which is often Internet.

The client initiates the connection to the server and encrypts data, the server decrypts, performs the actions and returns the requested information to the client with the same encryption.

This is so very very high level how it works (I pass on the different layers of the OSI model - souvenirs course network …)

It is well and good but what ?

Can find all a list for using a Server VPN on the raspberry:

  • Remote access to machines on its domestic network. Including printers, the NAS, etc.
  • Provide internet access in France if it is abroad (as for some sites of replay)
  • Share some resources with specific individuals
  • To connect from a public place at home to then go on the Internet securely from his home
  • Surement d’autres utilisations que vous pourrez me donner 🙂

Voilà. So I think it can miss some details but broadly you now know what you could do.

Technically, There are a lot of solutions that exist. The most common are PPTP and OpenVPN.

  • PPTP is a protocol developed by Microsoft. It has deficiencies but is relatively simple to implement.
  • OpenVPN pushes technology further with further encryption, It passes through the proxy more easily than PPTP. Its implementation is however more complex.

You can find an article that compares the main protocols here.

I chose at first to talk about PPTP because it is also very well supported by most mobile devices. J’espère vous faire un autre article pour OpenVPN 😉

  1. Update of the system
    apt-get update && apt-get upgrade
  2. Verify that the distribution kernel support PPP. This is the condition to install PPTP. If this command returns an error then it will need to recompile a kernel with PPP support or use Raspbian which has the module installed.
    modprobe ppp-compress-18
  3. Install the following package :
    apt - get install pptpd
  4. Configure PPTPd via its configuration file /etc/pptpd.conf. All at the end of the file, There are two options :
    • LocalIP : It's the local address of your Pi Raspberry. At home I'm on IP 192.168.1.25.
    • remoteip : You must define on what IPs will be machines that will connect you. Personally I've set that 2 IPs because I did not intend to have my whole family on my network !
    LocalIP 192.168.1.25
remoteip 192.168.1.200-201
  5. Now, need to update the options of PPP via /etc/ppp/pptpd-options :
      • Ms - dns : It is DNS used for name resolution. Here I took those of Google.
      • noipx : recommended option to disable IPX and IPXCP
    name pptpd refuses pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd ms - dns 8.8.8.8
Ms - dns 8.8.4.4
  6. In the file /etc/ppp/chap-secrets You can define the access you want to give to your VPN. The first line of the file contains the format of entries ([TAB] corresponds to the tab character):
    # Secrets for authentication using CHAP
# client[TAB]server[TAB]secret[TAB]IP addresses username[TAB]*[TAB]my_pwd[TAB]*
  7. Restart the service
    restart service pptpd
  8. To enable IP Forwarding on the server in order to surf out of the VPN. For this, in the file /etc/sysctl.conf, Add the following line
    net.ipv4.ip_forward=1
  9. Run the following command to take into account the change. Don't forget otherwise not access Internet (I lost time on this command that I had forgotten to apply) ! 
    sysctl p

Well this is. Your VPN server is in place. It is now accessible from the outside. For this, to redirect the port 1723 in TCP to your Pi Raspberry. This is happening on your router or box.

The test !

For this, I took my phone, I turned off Wi - Fi to be certain of going through 3G (3G , H , 4G, In short you have understood). And then I cried. Do not buy any Windows Phone ! Integrated VPN no, and VPN client not more !

So the solution has been to force the phone to cell, then force the iPad a pass by 3G of the phone and not the wifi and then configure the VPN on iPad. Phew !

Raspberry Pi Home Server - Installer un serveur VPN avec PPTP

Configuration of the VPN on iPad

The address of the server must be the external IP or type no ip, for example domain name. Do not put the local ip type 192.168.x.y otherwise outside you can not connect.

Raspberry Pi Home Server - Installer un serveur VPN avec PPTP

Connecting to the VPN

Raspberry Pi Home Server - Installer un serveur VPN avec PPTP

Connection to the VPN server

Raspberry Pi Home Server - Installer un serveur VPN avec PPTP

Here we see the VPN server IP and ip (Remote) attributed to the iPad (see step 4 the tutorial). Upper-left icon like what VPN is enabled.

This is for your private network.

I'm sorry for the Android device owners but I did not at home. A priori it seems also integrated into the bone so no need to download tool. Side Windows, Linux and Mac Google/Bing or other remains your best friend and you will easily find how to configure a VPN connection when you are on the move.

Do not hesitate to give your impression on this solution : Security, speed, use, etc.

Source : wellsb

Tags:

You may also like...

  • Just to complete the note on the mobile support: OpenVPN is fully supported on iOS via a free official client since the beginning of this year (It is a trying to configure hair) and also on Android (not personally tested this solution however).

    Beau tuto 😉

  • Fred

    Merci pour ce tuto , It works very well , However I have a question,

    What is the command to find out if someone is connected on vpn.

    Thank you thank you

    • Hello,
      Listening to what is happening on the PPTP port which is the 1723 in TCP.
      With the following command :
      netstat -tn | grep 1723

  • Hello,

    It's been 2-3 days that I me interested in the Raspberry and one of the ideas that made me me y interested, This is to make my own VPN… and poof I stumble upon this hot article. Super 🙂

    But I have a few small question:

    1 - to be on, If I connect to a wifi that is not secure and that I go through my VPN, my data cannot be “read” by someone who espionnerais this wifi?

    2 - in this example you have installed what version of Linux top?

    3 - does it work if I connect via a freebox Raspberry? Is there a special firewall config to do?

    Thanks in advance for your help

  • I forgot:

    4 - is that version 256 MB is enough or it is better to take the 512?

    • Hello. Alors mes réponses 🙂

      1) Yes it is the client that will encrypt the data and it will be decrypted by the server

      2) I always start from Moebius. It is a completely lean Raspbian.

      3) C’est par une freebox que je suis passé 🙂 Il faut aller sur l’interface de ton compte free et rediriger le port 1723 to the IP of your Raspberry with the same port number. Then restart the freebox.

      4) Yes that goes with a 256 MB (This is my test model)

      Voilà. Amuses toi bien avec ton Raspberry 🙂

      • Hello,

        Super and thanks for all these elements. On the other hand 2 additional questions:

        - is that just a 2 GB SD?

        - to power the Raspeberry, You can connect it with USB on the Freebox or need a dedicated PSU?

        Impatient de tester ce petit VPN homemade 😉

        • Hello,
          Moebius can fit on a card of 1 GB so no worries for the 2 GB
          Food of the freebox can be start the raspberry but I will advise if you do not want crashes in mass or even SD card corruption.

  • François Gilbert (@Frankynov)

    Thank you thank you for this tutorial !

    Works perfectly (I had an error writing to IP address beast that enfoiraient all the Bazaar…)

    Just a small note, When I tested with an iPhone/iPad, He does not like given a particular port for redirection VPN WAN->local (in the config of the box).

    I chose the port 6900 for example and it refused to connect, It was necessary that I return the default (1723 TCP and UDP).

    I'll finally be able to print from the outside of my home ! 😀 et ça c’est coool !

  • Hello,

    I finally received my little Raspberry Pi and I have fun with :).

    Unfortunately the procedure does not work for me :(.

    Difficult to know where the real problem, but I have several ideas:

    - When you config the VPN on your Ipad, at the server level, you learn what? the Raspberry localip?

    - at the level of your freebox you configure a fixed IP for your Raspberry?

    Thanks again for your help

    • It's good I found on another site, This is the address of the Freebox that needed information at the server level.

      For beginners like me, you could maybe add info :).

      Thanks again, I can connect from anywhere with my phone… une fois que les Windows Phone auront un VPN 🙂

      • Oui c’est l’adresse extérieure sinon en déplacement tu ne pourras pas y accéder 😉
        I've corrected the tutorial and added a line.
        Thanks for the info

    • For the Raspberry Pi Yes need you a fixed IP so that your port forwarding works
      Ca manque un peu de précision effectivement 😉

  • François Gilbert

    Hello,

    Then I run this small config for a week and it rolls of Thunder, en 3G 😉

    I just encountered a small problem :

    My printer (for example) has a fixed IP in my network, namely 192.168.1.120

    My raspberry is set at 192.168.1.100.

    Everything is so in 192.168.1.0/24 (255.255.255.0).

    The problem, is that when I run the VPN connection by being apart from my home, 99% time the local network to which I am connected is 192.168.1.0/24 also. The coup, If I try to connect to my remote printer, It does not work because my client is looking in the local network and not on my remote network (same ip pool).

    So I tried to put in the config of the VPN, field remoteip, something of the kind 172.16.0.1-3 but I can't reach my clients on the remote network (and I can't surf either).

    I have yet well enabled the ip forwarding in the /etc/sysctl.conf.

    An idea, Apart from completely change my network addressing internal ? 🙂

    • Burn2

      Hello, After having me also concerns to run my vpn, I realized that it lacks a nat rule.

      Kind if your reason “VPN” Remote ip is 192.168.1.X over an ip network 192.168.0.0
      It is necessary to add a nat rule:
      iptables-t nat-A POSTROUTING s 192.168.0.0/24 -o eth0-j MASQUERADE

      I do not understand why my computer does not however pi ip recover… So this is not yet necessarily ca…

  • Gauthier

    Still a very good tutorial I'll install on my Pi Raspberry… ^^

    Merci pour tes conseils 😉

    Little info, There is a setting located in the Android system (Version 4.1.1) pour la configuration du VPN 😉

  • Lucwal

    Hello, I was wondering if you could install a vpn on our raspberry, and use it for something else at the same time ?
    Thank you for your reply.

    • Install VPN Yes. Pour autre chose en même temps ça va bien sur dépendre du autre chose 😉 Si c’est de la conversion de vidéo ça ne passera pas, an SSH server, No worries.

  • Olivier

    Thank you for the procedure, Unfortunately, for me, It does not work. I blocked at this level:

    root@raspberrypi:~ # modprobe ppp-compress-18
    ERROR: could not insert 'ppp_mppe': Exec format error
    root@raspberrypi:~ # cat/etc/issue
    Raspbian GNU/Linux 7 \n l

    However, I am well under Rasbian as advised in the description, but an error occurs… 🙁
    Thanks for your help and continue like this!

    Olivier

    • Looks like the module is corrupt or not intended for Raspbian. It comes from where ?

    • Bruno

      I have exactly the same concern, same configuration. Have you solved the problem?

  • Olivier

    I installed my RP by downloading the image NOOBS_v1_2_1.zip the week on the site http://www.raspberrypi.org/downloads. After, When I started the install, He asked me what distro I wanted to install. I have installed Raspbian. After, I followed the above procedure.

  • Mmega

    Hello, I have completed the manipulations and I managed to connect has my rpi from my Android smartphone except that I have access to local addresses (192.168.X.X) but not to the internet. How come ?

    • Good evening,
      Is that DNS configured securely ? And there was a restart of the service after the configuration change ?

      • Mmega

        Well I restarted the services and I rule ms - dns as you.

        • Question beast : raspberry access to internet ? There must be a trouble side config but I see

          • Mmega

            Yes it accesses to internet because I can connect me from outside.

          • lechercheur123

            Hello,
            I know it's been 2 month, But having had the same problem, It can be used for other. You must enter this command : iptables-t nat-A POSTROUTING o eth0 s REMOTE.IP/24 j SNAT -to IP.DE.YOUR.SERVER
            With REMOTE instead.IP the IP in remoteip, and IP.DE.YOUR.SERVER, you put the local ip of the raspberry. I would like to say that this command just not me, but this site , lower light : http://www.artiflo.net/2008/10/serveur-vpn-pptp-sous-debian-en-ms-chapv2/

            If it's still not working, make sure that the default font of iptables to FORWARD is ACCEPT : iptables-p FORWARD ACCEPT (This command, elle est de moi 🙂 )

  • cinocks

    Hello,

    my side cela blocks. I connect with an iphone. Local, the connection is made. On the other hand, CA crashes when I try to go through the outside (3G).

    A netstat tells me that the iphone is attempting a connection. No worries on this side. On the other hand, CA goes no further. syslog gives me the following logs :

    LCP : timeout sending config-Request

    GRE : read(FD = 6, buffer = 15b9c …
    CTRL : PTY read or GRE write failed

    Exiting

    I have the impression that the raspberry cannot send what it takes. Do you have an idea ?

  • Monsieur2

    Newbie in the world of the Raspberry (I find awesome) I followed your tutorial to the letter, and it works.
    It is clear, and the implementation is more simple, command line is missing one or two sudo nano but it comes out.
    Thanks anyway for this great tutorial,
    I can also confirm that a connection from an Android phone works.
    Thank you to you,
    Monsieur2

    • Thanks for the confirmation of the proper functioning.
      For the sudo I la (very) bad habit of making root in tutus for ease. C’est mal 😉

  • boogieman

    Hello,
    I had the good (or the bad, This is according to) idea to start iptable. But the coup, with the VPN, it becomes a little bit complicated for a noob.
    What is accidentally, you wouldn't have a small list of rules to be applied because there, I dry a little trying to understand the pro tutorials?
    Thank you for the work,
    PS: you are no longer on the planet?

    • Hello,
      Then there no idea ! iptable is something that I don't control absolutely not …

      PS : si si je publie moins donc j’apparais moins sur le planet 😉

      • boogieman

        Well then, for those that are interested, I followed the tutorial for iptable:

        http://www.artiflo.net/2008/10/serveur-vpn-pptp-sous-debian-en-ms-chapv2/

        And it works.
        On the other hand, There is a trick I pige not it is what are the dns addresses.
        Because, I have not and be it works anyway.
        East - this really useful?

        • Thanks much for the link !
          For DNS ca depends I think that if you're in DHCP on your dashboard, then it is useless. Otherwise it is necessary to define the servers manually

  • Alexi

    Hello,

    At the outset, very good tutorial.
    But I have a small problem, When I type the command modprobe-compress-18 I get the following error message:
    ERROR: could not insert 'ppp_mppe': Exec format error

    I do not know where that came from, and shipment of the impossible shot to operate the van even if all other commands do back no error.

    Thank you to answer me,

    Alexi.

    • Problem encountered by others. A priori is a concern based on the distributions of this add-on. It is a Raspbian ?

      • Manu

        hello
        I have the same error and yet raspbian just raspberry.org, is that one you could tell us how ? STP
        Thanks in advance

        • I always leave a Moebius distribution. It may be the origin of the concerns. I'll see to find time to redo the tutorial and better detail

  • Merci pour ce tuto, This will allow me to connect the ADSL line which is with my mother to play two on some game sites that require different IP ! Ofcourse I could go through a free external VPN, but often they are hyper slow. The more, the RPi is discreet and it consumes nothing !

  • Vincent

    Hello,

    is that it is possible at the time to create a VPN Site-To-Site connection or only Client-To-Site with this method ?

    Thank you,

    Vincent

    • At home I'm at a minimum to do not consume resources but I did not really a precise comparison

  • IronRabbit

    Hello, and thank you for this tutorial.

    I have a little trouble :
    When I'm on my local network, I get no worries I connect to the VPN.
    On the other hand, impossible when I am logged using my phone as a modem…
    LocalIP 192.168.0.100 (fixed IP, I tried putting this ip in DMZ)
    remoteip 192.168.0.200-201

    Port forwarding is well correct (port 1723 in TCP to 192.168.0.100, same port).

    I therefore try to connect from my mac (10.9) on my pi (raspbmc).

    An idea ? 🙁

    Thanks in advance.

  • IronRabbit

    It is rule, iptables rules put the Bazaar.
    iptables-f and it works !

  • Yotop

    Hello,

    During the creation of the port forwarding, I seized not totally what @Ip must be filled in for the Destination ?

    Need some help !!

    Thanks in advance

    • The destination IP is the Raspberry Pi. It is to him that the flow should be redirected

  • Yotop

    Ah yes thank you !!

    However I do not understand, I get has connect me to my VPN but only when I am connected to my Wifi network :/
    Or if I am the end of your tutorial you disable wifi on your iphone and you arrived well has connect you to one ci.
    Know you where it comes from ?

    • Is that you pass by 3G only using the external IP (not the 192.168.x.x) to access the Raspberry Pi ? What is Pi in many Internet access ?

  • Yotop

    Then my Rasp is actually connected to internet !
    I do not quite understand your first question, But if it is “Are you truly connected over 3g / 4g is not a a type 192.168.X.X IP address ?” the answer is Yes
    I do not or is my mistake, redirection is good, I've filled in ms - dns dns issued by my box is the 192.168.0.254.
    I redid every step to be on and everything concorde, It is a pity :/

    • I advise you to watch the article comments that contain the iptables info to solve the problem

  • Yotop

    Problem solved, I hadn't seen your comment any at the end between your two screens for the creation of the VPN, or you said should not inform the local ip 192.168.X.X !!
    My error was the, Thanks for your help and for this tutorial !!
    Nice day !

  • Coco

    Hello,
    your tutorial is very interesting but it doesn't work with me. Indeed, I have raspbian via berryboot and when I type: apt-get update && apt-get upgrade
    It says that I have no rights and if I continue typing : modprobe ppp-compress-18
    It returns me an error.

    If someone just help me. Thank you in advance

    • Good evening,
      So in my case I do everything with Moebius as root. In your case before each statement must be add sudo then at the prompt enter the password the user

  • Coco

    Good evening,
    I have followed all of the tutorial and taken into account the remarks in comments but I still can't connect. When I activate the vpn, I have the following error: the PPTP-VPN server does not respond.
    If you can help me

  • Warrel

    Just for information, on windows phone, VPN functionality arrives in the next shift !

  • mrju

    Thank you for the tutorial !
    For those who like me, Despite the use of the last raspbian, It was an error for “modprobe ppp-compress-18”, I just have to make a “sudo rpi-update”. ça semble logique mais si ça peut aider 🙂

  • Samsam

    Everything works well on Android ! Tuto très efficace 🙂 La sécurité laisse quand même à désirer :/

    • If you have suggestions for improving the overall security of the solution, I'm interested (and some readers as I am on) 😉

Handpicked links

disk Page Caching using disk: enhanced Database Caching 339/953 queries in 1.193 seconds using disk Served from: pihomeserver.fr @ 2017-10-08 17:29:11 by W3 Total Cache -->