Well, I finally did it. I was bored and decided to setup PPTPD on my DigitalOcean’s VM and let my OpenWRT router connect to it. This allows me to tunnel using DigitalOcean and enjoy a slightly better international bandwidth via it.

The current downfall that I see is that I had to drop my MTU to 1000 in order to get my speed optimized. I’ll still be fiddling around with it to see what works best, but below are the steps done in order to archive it.

PPTPD setup on Fedora 23 Cloud Edition, on DigitalOcean

  1. Spin off a new DigitalOcean node, and pick Fedora 23.
  2. Start with installing PPTPD.

     dnf -y update ; dnf -y install pptpd
    
  3. Install kernel modules, to include ppp modules, etc

     dnf -y install kernel-modules
    
  4. Edit the /etc/ppp/chap-secrets file, and add your user credentials. Since this file contains plain-text password, the permission is set (by default) to 600, with root user and root group ownership.

     # username service password ip_address
     hallaj pptpd password *
    
  5. Edit /etc/ppp/options.pptpd and add the following changes.

     name pptpd  # this needs to match the service part in /etc/ppp/chap-secrets
     mtu  1000   # so far this has given me the best bandwidth setting when I tunnel
    
  6. Edit /etc/pptpd.conf and add the following changes.

     localip 192.168.100.1
     remoteip 192.168.100.200-250
    
  7. Allow the incoming connections to PPTPD
     iptables -I INPUT -p gre -j ACCEPT
     iptables -I INPUT -p tcp -m tcp --dport 1723 -j ACCEPT
    
  8. Start up the service, and we’re good to go :)

     systemctl start pptpd
    
  9. (Optional) Enable the service to start on boot-time

     systemctl enable pptpd
    
  10. (Optional) Save the firewall settings

     service iptables save
    

In order to use the internet from the recently created PPTPD, continue ahead.

Allowing PPTP clients to use the internet connection

  1. Enable IP forwarding from the Fedora server

     sysctl -w net.ipv4.ip_forward=1
    

    or to make the changes survive a reboot..

     echo "net.ipv4.ip_forward = 1" > /etc/sysctl.d/51-ip-forwarding.conf
    
  2. Add nat rules to allow connections to go through

     iptables -I FORWARD -i eth0 -j ACCEPT
     iptables -I FORWARD -i ppp+ -o eth0 -j ACCEPT
     iptables -I FORWARD -i eth0 -o ppp+ -j ACCEPT
    
  3. (Optional) Save the firewall settings

     service iptables save