hallajs.net

pptpd on Fedora 23 Cloud Edition on DigitalOcean

Well, I finally did it. I was bored and decided to setup PPTPD on my DigitalOcean’s VM and let my OpenWRT router connect to it. This allows me to tunnel using DigitalOcean and enjoy a slightly better international bandwidth via it.

The current downfall that I see is that I had to drop my MTU to 1000 in order to get my speed optimized. I’ll still be fiddling around with it to see what works best, but below are the steps done in order to archive it.

PPTPD setup on Fedora 23 Cloud Edition, on DigitalOcean

  1. Spin off a new DigitalOcean node, and pick Fedora 23.

  2. Start with installing PPTPD.

    dnf -y update ; dnf -y install pptpd
    
  3. Install kernel modules, to include ppp modules, etc

    dnf -y install kernel-modules
    
  4. Edit the /etc/ppp/chap-secrets file, and add your user credentials. Since this file contains plain-text password, the permission is set (by default) to 600, with root user and root group ownership.

    # username service password ip_address
    hallaj pptpd password *
    
  5. Edit /etc/ppp/options.pptpd and add the following changes.

    name pptpd  # this needs to match the service part in /etc/ppp/chap-secrets
    mtu  1000   # so far this has given me the best bandwidth setting when I tunnel
    
  6. Edit /etc/pptpd.conf and add the following changes.

    localip 192.168.100.1
    remoteip 192.168.100.200-250
    
  7. Allow the incoming connections to PPTPD

    iptables -I INPUT -p gre -j ACCEPT
    iptables -I INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
    
  8. Start up the service, and we’re good to go :)

    systemctl start pptpd
    
  9. (Optional) Enable the service to start on boot-time

    systemctl enable pptpd
    
  10. (Optional) Save the firewall settings

    service iptables save
    

In order to use the internet from the recently created PPTPD, continue ahead.

Allowing PPTP clients to use the internet connection

  1. Enable IP forwarding from the Fedora server

    sysctl -w net.ipv4.ip_forward=1
    

    or to make the changes survive a reboot..

    echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/51-ip-forwarding.conf
    
  2. Add nat rules to allow connections to go through

    iptables -I FORWARD -i eth0 -j ACCEPT
    iptables -I FORWARD -i ppp+ -o eth0 -j ACCEPT
    iptables -I FORWARD -i eth0 -o ppp+ -j ACCEPT
    
  3. (Optional) Save the firewall settings

    service iptables save