Virtual Private Network (VPN) is the most effective way to bypass access control, the censorship, and network spying. It is also a safe way to connect to the internet to protect your privacy. It is usually better than using web proxy.
For example, when you are on a business visit to Asia, very likely, you are not able to access your Hulu Plus contents, or Amazon Prime unless you use a VPN connection to a server located in US. The reason is that Hulu or Amazon is only allowed to stream videos in US per license agreement with copyright holders.
Of course, there are many VPN providers. But if you want full control or want to share the vpn with your buddies, you can get a server and install it by yourself.
Before you start, you need get a dedicated server with root access. VPS may not work well depending on the virtualization software used. You can get a cheap dedicated server with less than $50/month.
There are mainly 3 types of VPN servers: Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP) and OpenVPN. In this tutorial, we use PPTP because it is supported natively on almost all devices, Windows, Linux, Android, IOS and Mac OS.
Step 1. Install PPTPD
If your OS is CentOS/RedHat 5:
yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.rhel5.x86_64.rpm
rpm -Uhv pptpd-1.4.0-1.rhel5.x86_64.rpm
If your OS is CentOS/RedHat 6:
yum install ppp
cd /usr/local/src
wget http://poptop.sourceforge.net/yum/stable/packages/pptpd-1.4.0-1.el6.x86_64.rpm
rpm -Uhv pptpd-1.4.0-1.el6.x86_64.rpm
If you are using Ubuntu:
apt-get install pptpd
Step 2. Edit IP setttings in /etc/pptpd.conf
vi /etc/pptpd.conf
or
nano -w /etc/pptpd.conf
localip 192.168.0.1
remoteip 192.168.0.101-200
Step 3. Add user account in/etc/ppp/chap-secrets (assign username and password)
vi /etc/ppp/chap-secrets
or
nano -w /etc/ppp/chap-secrets
usernameForuser1 * setpassword1here *
usernameForuser2 * setpassword2here *
Step 4. Optional settings in /etc/ppp/options.pptpd
vi /etc/ppp/options.pptpd
or
nano -w /etc/ppp/options.pptpd
ms-dns 8.8.8.8
ms-dns 4.4.4.4
Step 5. Enable network forwarding in /etc/sysctl.conf
vi /etc/sysctl.conf
or
nano -w /etc/sysctl.conf
net.ipv4.ip_forward = 1
Use the following command to apply the change:
sysctl -p
Step 6. Configure firewall
iptables -A INPUT -i eth0 -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -i eth0 -p gre -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i ppp+ -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o ppp+ -j ACCEPT
service iptables save
service iptables restart
If you are using CSF firewall, you may refer to this post on firewall settings.
Step 7. Start PPTP VPN server
If your OS is CentOS or Redhat, using the following command:
service pptpd restart
To start PPTP Daemon automatically when rebooting next time, use command:
chkconfig pptpd on
If your OS is Ubuntu, you just reboot your machine.
Now you can test the VPN server from any client: Windows PCs, Linux PCs, Android phones/tablets, or iPhone and iPad.
The log of the VPN server, by default, is combined with system log located at /var/log/messages.
PS: for text editor you can also use nano, instead of vi, if you are not comfortable with vi. If you are using nano, make sure you start nano with “-w”.
Any questions? you post them in the comment section.
Updated 1: update the version of pptp daemon.