Configure PPTP VPN server on Linux.

Note: this instruction as is works only for virtual servers created via type-1 (bare-metal) hypervisors such as KVM, ESXi, Xen and others but for containers (OpenVZ, LXC, Docker, etc.) it needs modifications.

1. Update package lists and install pptpd:

# apt update && apt install pptpd

2. Install iptables-persistent package which stores iptables rules permanently even after reboot:

# apt install iptables-persistent

3. Add masquerading rule (all traffic which goes via ens3 interface will get its real IP). Change ens3 to your default outgoing interface, leave IP subnet the same:

# iptables -t nat -A POSTROUTING -s -o ens3 -j MASQUERADE

4. Save all current iptables rules permanently:

# iptables-save > /etc/iptables/rules.v4

5. In /etc/sysctl.conf uncomment the following line to allow changing source IP for packets for masquerading rule to work:


6. Apply changes:

# sysctl -p

7. At the bottom of /etc/pptpd.conf append the following two lines:


8. Restart daemon:

# systemctl restart pptpd

9. In the file /etc/ppp/chap-secrets append necessary users (it's not necessary to restart daemon, just make changes and save the file, it's enough):

user1 * pass1 *
user2 * pass2 *

You can now connect to your server via its IP and using credentials from chap-secrets file. All your traffic will go through this server and your external IP will be the same as server's.