Raspberry PI PPTP VPN with No-IP

Raspberry PI PPTP VPN with No-IP

I have wanted to buy a VPN router for some time now but couldn’t justify spending $100+ on something I only need occasionally. I already have a couple Raspberry Pi’s lying around from different projects . I decided to see what the level of effort would be getting VPN setup on a Pi. Turns out it isn’t too hard.

The two options I found were PPTP and OpenVPN. I choose PPTP because of the built in support for iOS devices. The articles I found were a little hard to follow so I have consolidated my notes here.

If you haven’t picked up a Raspberry Pi yet, you can get it here.


IP Configuration

There are two common ways to ensure you have the same IP everytime. You will need to choose one.

  • Static IPThis is probably the easiest.
  • DHCP ReservationIf you have a Verizon Fios (by Actiontec) router this option is call a static lease. I like this option because it is based on the Raspberry Pi’s MAC address to I don’t have to keep setting the IP every time I wipe a device.http://www.dslreports.com/faq/16728

Run inital Raspberry Pi setup.

sudo raspi-config

Apply the following configuration:

  • Expand Filesystem
  • Change User Password
  • Overclock
    • High
  • Advanced Options
    • Hostname: pi-vpn
    • Memory Split: 16

Select Finish to apply the settings and reboot. If you do not select finish you will continue to be notified that “Raspberry Pi has not been fully configured”.


Run updates and install packages

sudo su -
apt-get update -y
apt-get upgrade -y

Install and Setup PPTP

# check MPPE support
# should return "success" and nothing else
modprobe ppp-compress-18 && echo success

# install PPTP server package
apt-get install pptpd -y

Edit pptpd.conf

nano /etc/pptpd.conf

At the end of the file uncomment the following lines. Replace RASPBERRY_PI_IP with the IP of your Raspberry Pi. The remoteip param is for the addresses that will be handed out to VPN clients.

localip RASPBERRY_PI_IP
remoteip 192.168.1.234-238,192.168.1.245

Edit pptpd-options

nano /etc/ppp/pptpd-options

Append the following to the end of the file. The ms-dns param is the IP of the internal DNS server. In most cases this will be the router.

ms-dns 192.168.1.1
noipx
mtu 1490
mru 1490

Edit chap-secrets

nano /etc/ppp/chap-secrets

Add authentication accounts as needed. This is a tab delimited file. Column #1 is the usernane and Column #2 is the password.

username    *   password   *

Restart PPTPD

service pptpd restart

Make sure the Raspberry PI is listening on port 1723

netstat -ntlp

IP Forwarding

Edit sysctl.conf

nano /etc/sysctl.conf
# Uncomment
net.ipv4.ip_forward=1

Apply the changes.

sudo sysctl -p

Edit rc.local

nano /etc/rc.local

Append to the end of the file just before exit 0. For reference, 192.168.0.234 is the first IP distributed to VPN clients.

sudo iptables -t nat -A POSTROUTING -s 192.168.0.234/24 -o eth0 -j SNAT --to RASPBERRY_PI_IP

Reboot

reboot

No-IP

Signup for an account http://www.noip.com/

mkdir /home/pi/noip
cd /home/pi/noip
wget https://www.noip.com/client/linux/noip-duc-linux.tar.gz
tar vzxf noip-duc-linux.tar.gz
cd noip-2.1.9-1 # or whatever the folder is
sudo make
# you will be asked for your login info
# leave the default interval at 30
# choose "N" when asked if you want to "run something at successful update"
sudo make install
sudo /usr/local/bin/noip2

Create the startup script

sudo nano /etc/init.d/noip

Add the following content

#! /bin/sh
# /etc/init.d/noip

### BEGIN INIT INFO
# Provides:          noip
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Simple script to start a program at boot
# Description:       A simple script from www.stuffaboutcode.com which will start / stop a program a boot / shutdown.
### END INIT INFO

# If you want a command to always run, put it here

# Carry out specific functions when asked to by the system
case "$1" in
  start)
    echo "Starting noip"
    # run application you want to start
    /usr/local/bin/noip2
    ;;
  stop)
    echo "Stopping noip"
    # kill application you want to stop
    killall noip2
    ;;
  *)
    echo "Usage: /etc/init.d/noip {start|stop}"
    exit 1
    ;;
esac

exit 0

Set permissions, test and register.

# Set permissions
sudo chmod 755 /etc/init.d/noip

# Test stop
sudo /etc/init.d/noip stop

# Test start
sudo /etc/init.d/noip start

# Register the the start-up script
sudo update-rc.d noip defaults

Port Forwarding

You will need to forward TCP and UDP port 1723 to your Raspberry Pi. This process will vary based on your router. See portforwarding.com for reference.


Get connected

Confirm that no-ip has the correct external IP.

ping YOUR_ACCOUNT.no-ip.biz

Settings

  • Server: YOUR_ACCOUNT.no-ip.biz
  • Account: (What you set in /etc/ppp/chap-secrets)
  • Password: (What you set in /etc/ppp/chap-secrets)

References

Short URL: http://bit.ly/141TiuU

8 Comments

  1. Alan · July 4, 2013 Reply

    U gotta nice tutorial with programmin code bu i didn’t understand it because may be em not quite technical enough

    • Lowell · January 16, 2014 Reply

      I would also have to agree that it start out nice and clear and get to technical. Why are you ip forwarding at all. Why cant the software just connect to make the tunnel. Can this be done with just a script that makes the connection based off a non static ip and random changing port. I do not understand why everyone want to do all this extra work. I dont understand why the computer cant just make a secure connection to the server once it knows the servers address and your login credentials. Why does making everything static and predictable on my computers end matter.
      Maybe some screen shot of you doing it step by step would help the guide. Sorry got off on a tangent. VPN seem great, but are utterly way to complicated to set up. I have been trying for days now and all I have gotten is practice reinstalling raspbian on my pi.

  2. Ben · February 2, 2014 Reply

    This guide was just what I was looking for – thanks!

    I started by trying to use the LogMeIn Hamachi route, but those guides were riddled with inconsistencies, much like the various releases of its debian package.

    This looks to be much more stable, and it works with my iOS devices too – perfect – only took about 10 minutes to get up and running too!

  3. Iparable · March 28, 2014 Reply

    Awesome tutorial!
    It’s the best i could find.

    Thank you so much.

  4. Rune · March 31, 2014 Reply

    Hi,

    I am trying to set up a vpn connection from my cabin with satellite internet access. The ISP has closed all incoming ports so I have to set up a vpn tunnel initiated by a Raspberry Pi in my cabin in order to actually get to it.
    Hence I need an outgoing vpn tunnel being initiated from my cabin Raspberry to a Raspberry at home.
    I have been set up the Raspeberry VPN server on my home network following your instructions and I can access it from my iPhone.
    I am however not able to figure out how to initiate the vpn client on my cabin Raspberry at boot (in case of power failure etc.)
    Can you help?
    (I am pretty illiterate when it comes to networking and vpn, but I have managed to get something running at least)

  5. michael parcels · November 29, 2014 Reply

    what do I do if I run netstat -lp and port 1723 doesn’t show up?

  6. Dimitris Nasoufis · February 6, 2016 Reply

    Thank you so much !!!
    It’s the best i should find.
    Continue to upload posts about RPi !!

  7. Dimitris Greece · December 9, 2016 Reply

    Can i connect to my raspberry pi pptp vpn from an android device using internet data ?

Leave a reply