home / blog

Ubuntu VPN server setup

Want to use VPN to circumvent geo-IP detection on channel 4OD, BBC iPlayer etc whilst abroad?

Here’s a quick checklist.

Make sure your UK home network isn’t using a standard IP subnet (192.168.0.*, 192.168.1.* or 10.0.0.*). This is important as these addresses tend to allocated for hotel/airport wireless networks and home routers and you can’t VPN between addresses on the same subnet. I’m using 10.5.1.*.

Make sure your linux machine has a static address. Edit /etc/network/interfaces if necessary.

auto eth0
iface eth0 inet static
address 10.5.1.51
netmask 255.255.255.0
gateway 10.5.1.254

Setup port mapping on your router for port 1723 to the static address of your linux machine.

Get a dyndns account or similar and set it up so can find your machine whilst abroad.

Install the VPN server.

apt-get install pptpd

Edit /etc/pptpd.conf, add the following options. localip is the address of your linux machine, and remoteip is the range of address to allocate to VPN clients.

localip 10.5.1.51
remoteip 10.5.1.27-37

Edit /etc/ppp/pptpd-options, set the DNS server to give to clients. This should be the address of your broadband router.

ms-dns 10.5.1.254

Edit /etc/ppp/chap-secrets, add usernames/passwords. * means allow all client IP address which is probably what you want if roaming abroad.

# client        server  secret         IP addresses
joebloggs       pptpd   password123    *

Restart daemon to apply changes

/etc/init.d/pptpd restart

Edit /etc/sysctl.conf, enable forwarding if necessary. You’ll need to reboot to apply this change.

# Uncomment the next line to enable packet forwarding for IPv4
net.ipv4.ip_forward=1

Client setup, example with windows XP, other clients probably similar.

  • Network connections – New connection
  • Connect to the network at my workplace, Next.
  • Virtual Private Nework Connection, Next.
  • Company Name, enter something random, Next.
  • Hostname, enter your dyndns hostname, Next.
  • Finish.
  • Select new connect, right click menu, connect.
  • Properties, Security, Advanced Custom, Settings…, Select “Allow these protocols”, un tick MS-CHAP and tick MS-CHAP v2. OK.
  • Enter username password, then Press Connect.
This entry was posted in geek and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.