Since nqhost.com offers unmetered bandwidth through a SoftLayer data center in Texas, I decided to set up a VPN server for my own use.
In this tutorial, I will be showing you how to set up pptpd (poptop) on Ubuntu 12.04 to provide PPTP VPN services.
The following instructions are inspired by http://eran.sandler.co.il/2010/08/30/pptp-vpn-on-ubuntu-10-04-for-your-iphone-ipad/
sudo apt-get install pptpd ufw
Allow Ports 22 and 1723 on UFW and Enable UFW
Warning: if you are connected to SSH on a port other than 22, please adjust the first command accordingly so you don't get kicked off.
sudo ufw allow 22
sudo ufw allow 1723
sudo ufw enable
Comment out (by placing a "#" at the beginning of the line) the following lines in "/etc/ppp/pptpd-options":
Add the following:
*note, you can use any DNS servers you like, the two above are OpenDNS's public DNS servers.
At the end of the file "/etc/pptpd.conf", add:
These values do not have to correspond to your network. It is best to pick un-accessible/unused addresses here if you only want to use the VPN for Internet access.
The format for "/etc/ppp/chap-secrets" is [Username] [Service] [Password] [Allowed IP Address]
Add something like this to the end (replacing sampleusername and samplepassword with whatever you want):
sampleusername pptpd samplepassword *
Finally, you can reboot the pptpd server with:
sudo /etc/init.d/pptpd restart
Un-comment the following line in "/etc/sysctl.conf":
The following command reloads the configuration (you can also just reboot at the end of this guide):
sudo sysctl -p
Edit "/etc/default/ufw" and change the option "DEFAULT_FORWARD_POLICY" from "DROP" to "ACCEPT"
Add the following either at the beginning of "/etc/ufw/before.rules" or just before the *filter rules (recommended):
# NAT table rules
:POSTROUTING ACCEPT [0:0]
# Allow forward traffic to eth0
-A POSTROUTING -s 10.99.99.0/24 -o eth0 -j MASQUERADE
# Process the NAT table rules
At this point, you can run "sudo ufw disable && sudo ufw enable" or just reboot to be safe. You should be able to connect now. It took me several tries before I could get it to work, and it looks like the "require-mppe-128" line was what gave me so much trouble. I ultimately enabled encryption, but not before I tested it without.