PPTP - An older VPN server

August 22, 2021 23:20

Yes. The protocol itself is no longer secure, as cracking the initial MS-CHAPv2 authentication can be reduced to the difficulty of cracking a single DES 56-bit key, which with current computers can be brute-forced in a very short time (making a strong password largely irrelevant to the security of PPTP as the entire 56-bit keyspace can be searched within practical time constraints).

~ Nasrus

Really. Take that seriously. PPTP should not be used anywhere except inside secured, isolated and local environments anymore!

Install it with:

sudo apt install pptpd

Create a new config in /etc/pptpd.conf:


Add the users and passwords /etc/ppp/chap-secrets:

# Secrets for authentication using CHAP
# client        server  secret                  IP addresses
#vpnuser         *       pass123                 *
client1         pptpd   very_secure_password
client2         pptpd   very_secure_password

And add the upstream DNS servers in /etc/ppp/pptpd-options:


Need some more logs?

sudo tail -f /var/log/messages

-> Reference

And finally activate the service:

sudo systemctl enable pptpd
sudo systemctl start pptpd

Further reference