NOTE: This article uses Amazon Linux AMI (32 bit)
I used to host this website on an Amazon EC2 instance. But in fact, that EC2 instance had been mainly used as a VPN server.
And here is how it was setup.
First of all, you need to install
pptpd, with the following commands:
$ wget http://poptop.sourceforge.net/yum/stable/rhel6/i386/pptpd-1.3.4-2.el6.i686.rpm $ yum localinstall pptpd-1.3.4-2.el6.i686.rpm
(for 64 bit instances, get the package at http://poptop.sourceforge.net/yum/stable/rhel6/x86_64/pptpd-1.4.0-1.el6.x86_64.rpm)
And update pptpd configurations in file
/etc/pptpd.conf, by adding the following lines:
localip 192.168.9.1 remoteip 192.168.9.11-30
localip field determines the IP address of your EC2 instance on the VPN,
remoteip field determines the IP address of connected clients. Because
there may be potentially many clients connecting to this VPN, the
a range of 20 IP addresses.
Optionally, you might want need to tell your clients to use some specific DNS server.
This could be done by editing
/etc/ppp/options.pptpd, and add the following lines:
ms-dns 220.127.116.11 ms-dns 18.104.22.168
We are using Google’s public DNS servers here.
Now you want to setup VPN username and password in
/etc/ppp/chap-secrets. Each line
in the file has the format:
<username> pptpd <passwd> *
Next step is to enable IP forwarding. Edit
/etc/sysctl.conf, use the following config:
net.ipv4.ip_forward = 1
You need to reload the configuration by
And we also need to enable
iptables NAT configuration:
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
To ensure the NAT configuration be loaded when the machine boots, it might be a good idea to add in your
/etc/rc.local the command
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE.
OK, it’s nearly finished! You need to start the
pptpd service, and set it to
automatically start when the machine boots:
$ /sbin/service pptpd start $ chkconfig pptpd on
ONE FINAL THING: be sure to enable port 1723 of your EC2 instance, otherwise the firewall will prevent your VPN from working!
If the VPN server is not working correctly, check
/var/log/message for error messages.
UPDATE ON 2014-09-07
I recently setup an instance again and could not connect to it. The server side error log
says the following:
/usr/lib/pptpd/pptpd-logwtmp.so: wrong ELF class: ELFCLASS32 Couldn't load plugin /usr/lib/pptpd/pptpd-logwtmp.so GRE: read(fd=6,buffer=8059660,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
I found a solution from http://www.lidaren.com/archives/1229 (in Chinese). That is, comment out
the following line from
Restart pptpd and it should start working.
Client side configuration
For Mac, make sure you added PPTP VPN connection. Besides that you only need to setup server address, account name, and password in authentication settings. No pain here.
(Thanks to Slavomir J for the Mac screen shots)
For Linux, I used NetworkManager to add VPN connections. Make sure you added PPTP VPN connection. And the configuration I use is here:
And for Windows: