Tutorial Home‎ > ‎

Configuring PPTP in Linux

PPTP remains one of the most popular methods of accessing a Virtual Private Network Service. This article will cover a basic setup and configuration of PPTP for most generic GNU/Linuxdistributions. The distribution(s) of choice here at Section6 happen to be

Installing the PPTP package

In Debian Linux we would simply install the package:

 root@host# apt-get install pptp-linux

Note: make sure your apt-sources are current and the package repository is up to date.

In Gentoo Linux you would need a couple of packages:

 root@host# emerge ppp
 root@host# emerge pptp-client

Configuring PPTP connections

You will need to know a few variables before continuing from here:

$SERVER = the IP address of the PPTP server you will be connecting to $TUNNEL = the name you wish to refer to this tunnel as $DOMAIN = the name of the Windows Domain you are logging into; if needed $USERNAME = the username you will be logging in as $PASSWORD = the password you will be using to connect

During the rest of the course of this article, any configuration file that refers to these variables should actually contain the information supplied.

From here we need to create an options file for out PPTP connection. Simply create a file called /etc/ppp/options.pptp and populate it with the following info:


Now we wil need to create a file called /etc/ppp/chap-secrets, and populate it with the following info:


If we are not logging into a WIndows Domain, we can simply leave out the $DOMAIN\\ portion of the configuration and simply use:


Now we need to actually create a tunnel file for the PPTP client to use. In this case we will call our tunnel "work". Create a file called /etc/ppp/peers/work file and populate it with the follwing info:

 pty "pptp $SERVER --nolaunchpppd"
 remotename PPTP
 file /etc/ppp/options.pptp
 ipparam work

Again, if the Windows Domain is not needed.. then simply omit the $DOMAIN\\ option and only use $USERNAME

Running the PPTP Client

At this point we should be able to test our pptp connection. We will run the tunnel in debug mode to make sure each step is occuring as it should.

 root@host# pon work debug dump logfd 2 nodetach

The pon command will turn the PPTP tunnel on. In this case we are specifying the "work" tunnel to use. We are turning debug options on and dumping the output.

Once this has complete we should be successfully connected and see a new interface device.

 root@host# ifconfig
 ppp0      Link encap:Point-to-Point Protocol
           inet addr:  P-t-P:  Mask:
           RX packets:9 errors:0 dropped:0 overruns:0 frame:0
           TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:90 (90.0 b)  TX bytes:90 (90.0 b)

At this point we are connected to host Our IP address assigned to the ppp0 device is We should be able to ping the host we are connected to:

 root@host# ping
 64 bytes from icmp_seq=1 ttl=128 time=0.306 ms
 64 bytes from icmp_seq=2 ttl=128 time=0.340 ms

This is a good start, but what if we want connectivity to other machines on the 192.168.0.x network? Let us assume we need connectivity to a machine with the IP address of

 root@host# ping
 PING ( 56(84) bytes of data.
 From icmp_seq=2 Destination Host Unreachable
 From icmp_seq=3 Destination Host Unreachable

We must add additional routes to that we have connectivity to the rest of the 192.168.0.x network.

Configuring Routing for additional networks

In the previous scenario, we just need to add an additional route to the interface. In this case we could simply type:

 root@host# route add -net netmask dev ppp0

Now we should be able to ping any accessible machine on the 192.168.0.x network.

 root@host# ping
 64 bytes from icmp_seq=1 ttl=128 time=0.306 ms
 64 bytes from icmp_seq=2 ttl=128 time=0.340 ms

This is nice.. but we dont want to have to type a route add command everytime we connect. Let us disconnect the tunnel by running the follwong command:

 root@host# poff

Now we place the tunnel and route commands in a script. In the following example, we made a file called /usr/local/sbin/vpn and populated it with this info:

 pon work updetach && route add -net netmask dev ppp0

Now simply chmod the script +x and we should be able to execute it.

Of course there are a variety of ways in which we could script this. But the previous example was a simple demonstration of the possibilities.

From here you should be up and on your way to PPTP happiness.