I felt the need for a VPN capability for use on untrusted mobile Wifi nodes.
Commercial VPN services are plentiful, and cheap enough, but I believe I’ve found a better option for my purposes.
At the time of this writing, there are several options for personal VPS instances priced in the $5/TB/month range. That’s more than enough bandwidth for the purpose, and cheaper than the electricity bill to run a personal server. Once this is set up, you have a super-cheap VPN with no advertising or connection restrictions, with logging under your control, plus a server available for other purposes, as well.
But what about the bother of setting up a VPN server? Well, here’s a script that will automatically install and configure a PPTP service. It is possible to sign up with a VPS vendor, spin up a server, and get a working VPN in about 10 minutes.
#!/bin/sh # setup-pptpd.sh # # This will request a CHAP password. # The iptables-persistent install may query - say 'y' # # Once complete, there are opportunities to tighten things up in # /etc/ppp/chap-secrets. # apt-get -y update apt-get -y install pptpd apt-get -y install iptables-persistent apt-get -y install vim #set username and password if grep -q CONFIGURED /etc/ppp/chap-secrets ; then echo "CHAP is configured already"; else echo -n "Enter CHAP password: "; read pw; echo "# CONFIGURED" >>/etc/ppp/chap-secrets; # Note that this set a password valid from and to all hosts echo "* * $pw *" >> /etc/ppp/chap-secrets; fi #set the pptpd address if grep -q 10.0.0.1 /etc/pptpd.conf ; then echo "pptpd is configured already"; else echo "localip 10.0.0.1" >> /etc/pptpd.conf echo "localip 10.0.0.100-200" >> /etc/pptpd.conf fi #set the dns address if grep -q 18.104.22.168 /etc/ppp/pptpd-options ; then echo "dns is configured already"; else echo "ms-dns 22.214.171.124" >> /etc/ppp/pptpd-options echo "ms-dns 126.96.36.199" >> /etc/ppp/pptpd-options fi echo net.ipv4.ip_forward=1 >/etc/sysctl.d/ip_forward.conf /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE iptables-save >/etc/iptables/rules.v4 sysctl -p /etc/sysctl.d/ip_forward.conf /etc/init.d/pptpd restart
The script was developed for Debian ‘wheezy’, but should work on any Debian-derivative. Even if it doesn’t run successfully to completion on your distribution, it can serve as a highly-structure howto for manual installation.
The most up-to-date version of this script is available on github.
On the client side, set up a PPTP connection to the IP address of the server, using the CHAP password given to the script. The user name is not important.