Christoph's - VPN via PPTP

Using PPTP to Connect a Linux Box to a Windows VPN

This document will quickly sum up how to connect a Debian GNU/Linux box to a Windows VPN server using plain PPTP together with CHAP or a derivate for authentication. It will not explain how to secure the connection using encryption or strong authentication schemes.

For demonstration purposes we will assume we want to connect to the VPN server at "" using "johndoe" as our username and "secret" as our password.

First thing we have to do is install the PPTP helper utility for pppd. Debian provides it as package "pptp-linux" so we will run

apt-get install pptp-linux

Next thing we'll do is add login information for server "" to the file containing username/servername/password/address tuples:

johndoe "secret"

Next step is creating a peer configuration file, so we will not have to type every configuration option over and over again but can instead use "pon" to bring up the tunnel

pty "pptp --nolaunchpppd"
name johndoe
ipparam tunnel
#logfd 2

While starting the tunnel for the first time you may want to leave the last four lines uncommented to debug the connection and make sure everying works alright up to here.

So far, so good. Our tunnel should be working just fine now, but how do we go about routing packets through the tunnel? We will place a script in /etc/ppp/ip-up.d so it gets run every time a tunnel is created. This script will set up routes so all packets but (the now tunneled) packets to, the external interface of the tunnel endpoint, will get sent to the tunnel startpoint, represented by the tunnel interface, then routed via the internal interface (say of the tunnel endpoint to their destination. You can download and install 99tunnel, a sample script I wrote, to do this for you. It uses the iproute utilities to manipulate routes, so you'll have to install the iproute package first:

apt-get install iproute
cd /etc/ppp/ip-up.d
wget ""
chmod a+x 99tunnel

When everything is in place you should be able to simply run


to bring up the tunnel and set up the routing. Running


should close the tunnel and revert routing back to normal.

Keep in mind that this setup will only allow you to participate in an unencrypted PPTP/CHAP VPN, so make sure not to transmit sensitive information through the tunnel.