Setup a VPN server to connect to your home network

February 23, 2015

If you like to access your network from a remote location, you might like to connect to it using vpn.

While not the most secure of the VPN solutions out there, PPTP is by far the simplest to install, configure and connect to from any modern system and from windows specifically as the client is a part of the OS since the XP days and you don’t need to mess with certificates (like with L2TP+IPsec or SSL VPNs) on both sides of the connection.

Installing the server

I have a (virtual) debian server running squeeze with 386M memory. Make sure you configure a static IP.

Install the pptp package.

$ apt-get install pptpd

Edit the “/etc/pptpd.conf” configuration file:

$ vim /etc/pptpd.conf

Add these lines:


Where the “localip” is the address of the server, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network’s requirements.

Edit the “/etc/ppp/pptpd-options” configuration file:

$ vim /etc/ppp/pptpd-options

Make sure all these settings are present, if not add them at the end of the file.

mtu 1490
mru 1490 

Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network’s configuration.

Edit the chap secrets file:

$ vim /etc/ppp/chap-secrets

Add to it the authentication credentials for a user’s connection, in the following syntax:

username <TAB> * <TAB> users-password <TAB> *

Restart the connection’s daemon for the settings to take affect:

$ /etc/init.d/pptpd restart

Enable port forwarding

While this step is optional and could be viewed as a security risk, it is needed to connect to devices other than this machine.

By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to ‘jump’ through the VPN server, to all other devices on the network.

 $ vim /etc/sysctl.conf

Find this line and change it to:


Restart it.

$ sysctl -p

With forwarding enabled, all the server side settings are done.

comments powered by Disqus