PPTP Server setup help

team_traitor

[UPDATE]
It seems like those tutorial works properly. The reason that I cannot connect is that my ISP is blocking PPTP port so maybe they block 1723 or 47. I tried connecting to it on my cheapwindowsvps and it works smoothly (locking me out on my remote desktop, stupid me!)
Damn this ISP limiting our freedom.

I need help guys this PPTP thing is kinda new to me although it is old but I don't have experience setting this thing up.

I followed these tutorials:
https://help.ubuntu.com/community/PPTPServer
https://newbedev.com/easiest-way-to-setup-ubuntu-as-a-vpn-server
https://www.kittell.net/code/ubuntu-pptpd-vpn-install-configure/

When I am trying to connect I get an error saying

A connection to remote computer cannot established, so the port used 
for this connection is closed.

I have installed ufw cause I am not that knowledgeable of iptables. This is my ifconfig by the way

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
    inet 127.0.0.1  netmask 255.0.0.0
    inet6 ::1  prefixlen 128  scopeid 0x10<host>
    loop  txqueuelen 1000  (Local Loopback)
    RX packets 1060551  bytes 70683377 (70.6 MB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 1060551  bytes 70683377 (70.6 MB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
    inet 127.0.0.1  netmask 255.255.255.255  broadcast 0.0.0.0  destination 127.0.0.1
    inet6 ::2  prefixlen 128  scopeid 0x80<compat,global>
    inet6 2001:41d0:800:1b4b:91::d5ce  prefixlen 80  scopeid 0x0<global>
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  
(UNSPEC)
    RX packets 14035805  bytes 15657555153 (15.6 GB)
    RX errors 0  dropped 0  overruns 0  frame 0
    TX packets 11780312  bytes 12380854293 (12.3 GB)
    TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

venet0:0: flags=211<UP,BROADCAST,POINTOPOINT,RUNNING,NOARP>  mtu 1500
    inet XX.195.XX.2XX  netmask 255.255.255.255  broadcast XX.195.XX.2XX   destination 
XX.195.XX.2XX 
    unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 0  (UNSPEC)

most of the tutorial uses eth0 but since I don't see it on my ifconfig I used venet0 and venet0: and I also tried eth0 but I cannot still connect to the PPTPD

This the result when I run netstat -an | grep LISTEN

tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9050          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:1723            0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9051          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:5372            0.0.0.0:*               LISTEN
tcp6       0      0 :::80                   :::*                    LISTEN
tcp6       0      0 :::5372                 :::*                    LISTEN
unix  2      [ ACC ]     STREAM     LISTENING     3689833825 /run/php/php7.2-fpm.sock
unix  2      [ ACC ]     STREAM     LISTENING     1599317863 /run/screen/S-root/16446.pts- 
0.gullo-bf
unix  2      [ ACC ]     STREAM     LISTENING     3689695850 /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     1163923624 
/var/run/dbus/system_bus_socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     1163917243 /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     1163917247 /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     3688616154 /var/run/tor/socks
unix  2      [ ACC ]     STREAM     LISTENING     3688616156 /var/run/tor/control

and here is the ufw rule that currently I am trying to use.

# NAT table rules
*nat

:POSTROUTING ACCEPT [0:0]
# Allow forward traffic to eth0
-A POSTROUTING -s 10.99.99.0/24 -o venet0: -j MASQUERADE

-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p 47 -j ACCEPT
-A ufw-before-input -p 47 -j ACCEPT
-A ufw-before-output -p 47 -j ACCEPT

# drop INVALID packets (logs these in loglevel medium and higher)
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP

In UFW I added 1723 and 47 allow rule.

In /etc/pptpd.conf I tried changing this IP address for localip and remoteip. I don't really understand this part.

#localip 10.99.99.99
localip XX.195.XX.2XX
remoteip 10.99.99.100-199

Why I am doing this?

My ISP does not give us static ip address so port forwarding is seems to be the only option. So I was thinking of setting up an openvpn but my research says that it is slow. PPTP seems to be best for my scenario. I don't mind that this is insecure.

I wanted to access my storage box at home whenever I go outside like camping and able to access some of my files (in-case of emergency)

Basically I want to access this 45.XX6.XXX.100:9043 and must point into my internal box (port forwarded) and if I access this 45.XX6.XXX.100:4043 I will also be able to access my brothers PC. This is possible right? Openvpn needs to be installed on every device and that is a drawback for me.

What I am trying to do is use my router to open a PPTP to my online vps (now I have static ip) and using different port number my router should forward this to my internal pc/box

Please correct me if I am misunderstanding things or being wrong.

Is there a better way to do this?
I think the exact words for this is make NAT box (ftp/sftp box, my pc, pi, music box)

I actually thought of these because of NAT VPS. How does NAT VPS by the way. I need your help guys.

If you have better solution please suggest.

PS: opening a dynamic dns server something like that won't work since my ISP gave me private
ip.

My router by way only have PPTP/L2TP that is why I am trying to setup a PPT connection.

LordSpock

Buy a better router that supports alternative protocols.

RFC2637 doesn't really allow for a different port and you can't change it in PPTPD to my knowledge.

You could potentially use iptables to translate 1723 to a port of your choice, but this isn't a supported configuration.

mad_4u

on
/etc/pptpd.conf

#

option /etc/ppp/pptpd-options
localip 192.168.0.1
remoteip 192.168.0.100-245

#

you can not change the local ip this ip is localhost on the VPS

zombrox

What i understand is u trying access ur desktop from outside ur local network but ur isp not gave u static ip (under nat ) . correct me if im wrong

team_traitor

@zombrox said:
What i understand is u trying access ur desktop from outside ur local network but ur isp not gave u static ip (under nat ) . correct me if im wrong

yes you are right @zombrox . I already closed this. The reason why my PPTD is not working is because my ISP blocks the 1723 as well as 47.

I am used the L2PT but it seems like it is complex in setting individual machine.
Now I am intro openvpn without encryption to lessen CPU usage.

Encryption is not my concern. Now I am studing iptables.. zz

zombrox

@team_traitor Why dont u use zerotier im using it for few years works like charm no need all this headach open ports .... and is free

TimboJones

Holy fuck, just install zerotier on the devices themselves and skip this abandoned and unsecure crap.

PS: opening a dynamic dns server something like that won't work since my ISP gave me private ip

Also, having a private IP is a major use case for using dynamic DNS. You're very confused on how things work, it sounds.

Lastly, since this is openvz, I think you need to enable tun in your VPS panel.

team_traitor

@zombrox @TimboJones I did not know this. This is the first time I heard this. Thanks. I am looking into this ZeroTier. thanks