1 | apt-get install pptpd |
Modify /etc/pptpd.conf find ‘localip’ and ‘remoteip’ and replace with
1 2 | localip 10.0.0.1 remoteip 10.0.0.50-100 |
After add the ip scope, we can continue adding users VPN with modifying /etc/ppp/chap-secrets, for example
1 | max pptpd 123456 * |
modify /etc/ppp/options,
1 2 | ms-dns 8.8.8.8 ms-dns 8.8.4.4 |
/etc/sysctl.conf,
1 | net.ipv4.ip_forward=1 |
Run following, Pay attention to eth0, it may need change to right interface name
1 2 3 4 5 | $ sudo sysctl -p $ sudo /etc/init .d /pptpd restart $ sudo /sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0 /24 -o eth0 -j MASQUERADE |
1 2 3 4 5 6 7 | cat > /etc/init .d /pptpenable /sbin/iptables -t nat -A POSTROUTING -s 10.0.0.0 /24 -o eth0 -j MASQUERADE CTRL+D $ chmod +x vpnrule $ update-rc.d vpnrule defaults |
/etc/default/ufw
1 | DEFAULT_FORWARD_POLICY= "ACCEPT" |
/etc/ufw/before.rules add below rules. and then restart ufw
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | # NAT table rules *nat :POSTROUTING ACCEPT [0:0] # Forward traffic through eth0 - Change to match you out-interface -A POSTROUTING -s 192.168.1.0 /24 -o eth0 -j MASQUERADE # don't delete the 'COMMIT' line or these nat table rules won't # be processed COMMIT #adding this rule to the file /etc/ufw/before.rules before the line # drop INVALID packets ... -A ufw-before-input -p 47 -j ACCEPT #Then Run sudo ufw disable && sudo ufw enable |