This short tutorial helps you set up a PPTP VPN connection on your Linux machine. It is well-known that PPTP is not a secure protocol. However, there are still options to set up PPTP on Linux. But, if you can, you should switch to an alternative VPN protocol.
PPTP VPN setup on Linux [Summary]
Setting up PPTP on Linux is easy and several options are available:
- Option 1: Use the Network Manager (GUI) to set up PPTP on Linux manually.
- Option 2: Use the command line (CLI) for more control on the PPTP setup.
- Option 3: Install a VPN client app for Linux.
Additionally, you may consider a more general solution to set PPTP on your router and connect all your devices in need of using the encrypted tunnel (including your Linux machines) to the router.
What is PPTP and when to use it on Linux?
The Microsoft Point-to-Point Tunneling Protocol (PPTP) is outdated and insecure. However, it may still be useful for hiding your IP address and changing your location when no sensitive data is involved, such as unblocking streaming channels or accessing gaming servers.
PPTP became popular due to its speed and simplicity. However, due to security vulnerabilities exposed by various parties, PPTP is no longer seen as suitable for securing VPN tunnels.
PPTP can no longer be set up on iOS; on Mac, you need to use some workarounds, but you may still use PPTP on Windows, to create PPTP tunnels on Android, and, of course, on Linux. Again, make sure you use PPTP only when you are comfortable with a weakly secured VPN tunnel.
How to set up PPTP VPN on Linux
There are several options to set PPTP on Linux, from the simplest by installing a VPN (Virtual Private Network) app to the more complicated by using the command line. Here are the available options.
Use the Network Manager (GUI)
Setting up a PPTP connection using the graphical interface is similar for various Linux distributions, and it is a simple way to proceed. I am going to exemplify the setup on Ubuntu GNU/Linux (v20):
- Open the Settings app.
- Click on the Network connections panel from the left menu.
- Click the “+” (Add) button next to VPN.
- From the Add VPN window, choose Point-to-Point Tunneling Protocol (PPTP).
- Fill in the connection Name (whatever you want), the server IP or hostname (Gateway), the username, and the password of your VPN account (optional).
- Click on the Advanced button and check Use Point-to-Point encryption (MPPE).
- Click OK, and then Save.
- Switch ON the PPTP connection you have just set up.
- Once you are connected to the VPN, you will see a lock icon on the network icon from the top-right on the screen. You may also connect/disconnect from the network menu.
Use the command line (CLI)
Most Linux distributions install the PPTP client by default. However, if not present, you may install it as follows:
- On Debian/Ubuntu, by using the apt-get command (pptp-linux is the command-line PPTP client and network-manager-pptp is the GUI management tool):
$ sudo apt-get install pptp-linux network-manager-pptp
- On Fedora/CentOS, by running the yum command (check the PPTP client docs for other distros):
# rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
# yum --enablerepo=pptp-stable install pptpconfig
Next, you need to edit or create the configuration files:
- The CHAP secrets file (/etc/ppp/chap-secrets) for authenticating the user to the VPN channel.
- The VPN connection config file (/etc/ppp/peers/vpnname) to add connection-related info such as the VPN server name, encryption settings, etc.
Suppose that you want to connect to a PPTP server with the following connection data (you will need to fill in your own data):
- PPTP VPN server name: pptp-us1.vladtalks.tech
- PPTP username: anonymousbat
- PPTP password: whoiam
Proceed with the following steps:
- Edit the CHAP secrets file:
# sudo vi /etc/ppp/chap-secrets
The syntax for the authentication info using CHAP is:
DOMAIN\\username PPTP vpnpassword *
Thus, you need to enter something similar to:
anonymousbat PPTP whoiam *
Save and close the chap-secrets file.
- Create a file that contains the tunnel configuration data (where pptp-us1 is the name you will use to connect to the VPN):
# vi /etc/ppp/peers/pptp-us1
- Append the config file with the following commands and options:
pty "pptp pptp-us1.vladtalks.tech --nolaunchpppd"
Note that you need to replace the VPN server name (pptp-us1.vladtalks.tech), VPN username (anonymousbat), connection file name (pptp-us1) with your own data.
- Finally, you need to route all the traffic through the VPN interface. An entry must be added to the routing table.
Create the following file:
# vi /etc/ppp/ip-up.d/vpn-traffic
And, add the code:
route add -net 10.0.0.0/8 dev ppp0
Save and close. Make the file vpn-traffic executable:
chmod +x /etc/ppp/ip-up.d/vpn-traffic
- Now, you are ready to connect to the encrypted tunnel:
pppd call pptp-us1
- To disable the VPN stop the pppd process:
You may create a separate configuration file for every VPN server you want to connect to and initiate the PPTP connection as needed.
Install a Linux VPN client app
Major VPN providers have retired their PPTP clients for all operating systems. For example, Hide.me had a PPTP client app for Linux but discontinued it at the end of 2019.
Thus, theoretically, you may still find VPN services that offer VPN client apps for Linux with the PPTP protocol. But I strongly recommend that you don’t use them. Instead, set up a manual connection (as explained above, if you really have to) or switch to a more secure protocol (check the alternatives listed below).
PPTP VPN alternatives on Linux
PPTP is not the protocol that you want to use to secure your VPN connections. Other VPN protocols are safer and more reliable, and you should use them on Linux:
- WireGuard, the new VPN protocol, is included in the Linux kernel, and you may set it up easily.
- OpenVPN works great on Linux.
- L2TP/IPSec can be set up similarly to PPTP.
You may still set PPTP up on Linux. Even though it is seen as a legacy VPN protocol, there are still options to use PPTP from the command line or using the Network manager graphical interface.
Would you like to know more about VPN? Subscribe to our newsletter! It will make a Transylvanian baby-bat 🦇happy.