pptpd on Fedora 23 Cloud Edition on DigitalOcean

Authored by Hallaj on March 30, 2016

Well, I finally did it. I was bored and decided to setup PPTPD on my DigitalOcean’s VM and let my OpenWRT router connect to it. This allows me to tunnel using DigitalOcean and enjoy a slightly better international bandwidth via it.

The current downfall that I see is that I had to drop my MTU to 1000 in order to get my speed optimized. I’ll still be fiddling around with it to see what works best, but below are the steps done in order to archive it.

PPTPD setup on Fedora 23 Cloud Edition, on DigitalOcean

  1. Spin off a new DigitalOcean node, and pick Fedora 23.
  2. Start with installing PPTPD.

     dnf -y update ; dnf -y install pptpd
  3. Install kernel modules, to include ppp modules, etc

     dnf -y install kernel-modules
  4. Edit the /etc/ppp/chap-secrets file, and add your user credentials. Since this file contains plain-text password, the permission is set (by default) to 600, with root user and root group ownership.

     # username service password ip_address
     hallaj pptpd password *
  5. Edit /etc/ppp/options.pptpd and add the following changes.

     name pptpd  # this needs to match the service part in /etc/ppp/chap-secrets
     mtu  1000   # so far this has given me the best bandwidth setting when I tunnel
  6. Edit /etc/pptpd.conf and add the following changes.

  7. Allow the incoming connections to PPTPD
     iptables -I INPUT -p gre -j ACCEPT
     iptables -I INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
  8. Start up the service, and we’re good to go :)

     systemctl start pptpd
  9. (Optional) Enable the service to start on boot-time

     systemctl enable pptpd
  10. (Optional) Save the firewall settings

     service iptables save

In order to use the internet from the recently created PPTPD, continue ahead.

Allowing PPTP clients to use the internet connection

  1. Enable IP forwarding from the Fedora server

     sysctl -w net.ipv4.ip_forward=1

    or to make the changes survive a reboot..

     echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/51-ip-forwarding.conf
  2. Add nat rules to allow connections to go through

     iptables -I FORWARD -i eth0 -j ACCEPT
     iptables -I FORWARD -i ppp+ -o eth0 -j ACCEPT
     iptables -I FORWARD -i eth0 -o ppp+ -j ACCEPT
  3. (Optional) Save the firewall settings

     service iptables save

Migrated content from

Authored by Hallaj on December 19, 2015

I have “again” allowed my domain to expire and I’ll only be maintaining as of now.

I’ve also migrated the content of here (although, I have to admit, it took a very long time).

This site is now running on Middleman instead of Ghost :)

PPTP Client on OpenWRT

Authored by Hallaj on June 21, 2015

PPTP Client on OpenWRT

  1. Refresh the OpenWRT’s repository

     opkg update
  2. PPTP client installation

     opkg install ppp-mod-pptp kmod-pptp kmod-nf-nathelper-extra
  3. OpenWRT network configuration

     config interface 'PPTP_VPN'
             option proto        'pptp'
             option server       'pptp.server'
             option username     'myusername'
             option password     'mypassword'
             option defaultroute '0'  # not using as default route
             option peerdns      '0'  # not using the dns servers
  4. (Optional) Adding static routes for connection via your VPN

     config route
             option interface 'PPTP_VPN'
             option target    ''  # LAN / WAN to connect via PPTP
             option gateway   ''     # gateway from PPTP