Raspberry Pi VPN (pptpd)

Nomaran · January 5, 2016, 6:44pm

Alright I'm having a bit of trouble regarding VPNs. I've installed the package pptpd on my raspberry pi and configured the setting files. I'm able to connect to the VPN outside and inside my network. However when I do connect I'm unable to reach and websites. Also the only thing I can access locally is the VPN's host system.

I've read that I might need to forward the traffic using the firewall. I'm guessing some sort of loopback from the ptp adapter to the eth0 adapter? I'm kinda stumped at this point.

Thanks for any light you can shed on this.

spidernet · January 5, 2016, 6:50pm

How did you configure the VPN server?

In particular did you enable IP forwarding on your PPTP server?

Nomaran · January 5, 2016, 6:57pm

I edited the following:

/etc/sysctl.conf

I un-commented the "net.ipv4.ip_forward=1"

/etc/ppp/pptpd-option

un-commented the ms-dns and set to 8.8.8.8 (mostly to see if DNS was being stupid again.)
Then at the bottom I added:
mtu 1490
mru 1490

/etc/pptpd.conf

I added "localip 192.168.1.14" at the end of the configuration file.

spidernet · January 5, 2016, 7:01pm

Did you run sysctl -p afterwards?

Nomaran · January 5, 2016, 7:04pm

I thought I did but just to be sure I ran it again. No change.

spidernet · January 5, 2016, 7:05pm

Did you configure NAT for PPTP connections?

Nomaran · January 5, 2016, 7:06pm

I don't believe I did. How should I go about doing that?

spidernet · January 5, 2016, 7:08pm

# apt-get install iptables-persistent
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && /etc/init.d/iptables-persistent save

Reboot and test it.

Nomaran · January 5, 2016, 8:16pm

Alright when I run the second command I get "No such file or directory" I went a head and rebooted the machine in case iptables-persistent needed it for whatever reason and tried again, same error.

do I need to create that file? I also checked the directory of /etc/init.d/ No iptables-persistent but there is a netfiller-persistent, could that be it from a package update?

Thanks for the help so far.

spidernet · January 5, 2016, 8:22pm

try:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables-save > /etc/iptables/rules.v4

I was basically trying to save the configuration, otherwise it gets reset at each reboot.

To make sure the iptables rules are started on a reboot we'll create a new file:

# editor /etc/network/if-pre-up.d/iptables

Add these lines to it:

#!/bin/sh
/sbin/iptables-restore < /etc/iptables/rules.v4

The file needs to be executable so change the permissions:

chmod +x /etc/network/if-pre-up.d/iptables

Nomaran · January 5, 2016, 11:19pm

Alright, did all that, rebooted the pi, ensured the pptpd service was running, connected. Still no dice sadly. Any more suggestions?

spidernet · January 6, 2016, 10:41am

Let's see if they are correctly loaded:
# iptables -L
Then is eth0 the interface used by the VPN server for connecting to the internet?
Also do you use OpenVZ VPS containers or any other containers?

DreckigerDan · January 6, 2016, 12:55pm

Please keep in mind that PPTP is not secure. (https://en.wikipedia.org/wiki/Pptp#Security)
L2TP or OpenVPN are saver options.

Nomaran · January 6, 2016, 12:59pm

Yes I understand that but I had far more trouble setting up L2TP and OpenVPN. So I'm installing PPTP as a building block.

Nomaran · January 6, 2016, 1:06pm

After that command I get the following output:

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

As for the second bit, would the edit I made to the /etc/pptpd.conf set the VPN to use eth0 interface? when I do ifconfig the only interfaces I see are eth0 and the loop back.

spidernet · January 6, 2016, 1:42pm

if ifconfig returns eth0 as the only interface, it's all good there.
Try adding these two policies:

# iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT

save the changes:

# iptables-save > /etc/iptables/rules.v4

make sure that the file contains the three policies that we added:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT

restart pptpd: service pptpd restart and try again.

Nomaran · January 6, 2016, 2:31pm

Alright I did that and restarted the daemon, still no dice. I did notice that in the /etc/iptables/rules.v4 there was more text in there other then the ones you told me to look for:

#Generated by iptables-save v1.4.21 on Wed Jan 6 09:17:49 2016
*filter
:INPUT ACCEPT [84:6512]
:FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [47:3924]
-A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCE$-A FORWARD -i ppp0 -o eth0 -j
ACCEPT COMMIT
# Completed on Wed Jan 6 09:17:49 2016 # Generated by iptables-save v1.4.21 on Wed Jan 609:17:49 2016
*nat
:PREROUTING ACCEPT [3845:291610]
:INPUT ACCEPT [2779:230690]
:OUTPUT ACCEPT [823:61025]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Jan 6 09:17:49 2016

spidernet · January 6, 2016, 5:08pm

Everything looks good to me. I have no idea what else to try. Try reconfiguring everything from scratch, maybe follow one of those online guides.

Nomaran · January 7, 2016, 12:54pm

Yeah I was thinking the same thing, reinstall the OS and just start over. Again thanks for all the help.

Nomaran · January 15, 2016, 2:47pm

Figured I'd give another update to end this topic. Reinstalled Raspbian on the Pi and only installed the pptpd package and configured it while coming to these comments here and still no luck. For now I'll give up on setting up a VPN on Linux and just stick with Windows for a VPN service at home.