I have been using VPN servers as part of my day-to-day job for years. It is what lead me to starting a VPN review site. One of the issues I have found is that sometimes you need a VPN server but none of the providers seem to support your country. I have this often coming from South Africa. Very few VPN providers seem to support South Africa. I have a very simple script which you can use to set up your own private VPN server. Just think, your own PPTP server without everyone downloading torrents on it making it terribly slow to use.

For this example, I will be using Host1Plus who offer unbelievable cheap VPS’s in various locations which make them an ideal choice. For this example I will be using the Amber package, Joburg (South Africa) location and Ubuntu 14.04. If you take the 6 month subscription it works out to $16 or $2.70pm. That is a STEAL!

Host1Plus package information

Now that you have the server purchased and ready to rock and roll, you will then need the following script which will install the VPN for you in 1 go. I say VPN in one click, but thats not quite true. As we’re using bash it is a few more keystrokes and a few less mouse clicks 🙂

That is pretty much it. From here you can use your favourite VPN client to connect. When using Windows, you can use the built in VPN client. On Mac, I prefer to use a tool like Shimo VPN which allows PPTP which Mac OSX Sierra decided to drop support for (grump!).

#!/bin/sh
#    Setup Simple PPTP VPN server for Ubuntu and Debian
#    Copyright (C) 2015-2016 Danyl Zhang <[email protected]> and contributors
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.

printhelp() {

echo "
Usage: sh setup.sh [OPTION]
If you are using custom password , Make sure its more than 8 characters. Otherwise it will generate random password for you. 
If you trying set password only. It will generate Default user with Random password. 
example: sudo bash setup.sh -u vpn -p mypass
Use without parameter [ sudo bash setup.sh ] to use default username and Random password
  -u,    --username             Enter the Username
  -p,    --password             Enter the Password
"
}

while [ "$1" != "" ]; do
  case "$1" in
    -u    | --username )             NAME=$2; shift 2 ;;
    -p    | --password )             PASS=$2; shift 2 ;;
    -h    | --help )            echo "$(printhelp)"; exit; shift; break ;;
  esac
done

if [ `id -u` -ne 0 ] 
then
  echo "Need root, try with sudo"
  exit 0
fi

apt-get update
apt-get -y install net-tools
apt-get -y install pptpd || {
  echo "Could not install pptpd"
  exit 1
}

echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sed -i '[email protected]_syncookies.*@#net.ipv4.tcp_syncookies = [email protected]' /etc/sysctl.conf
sysctl -p

ETH=`route | grep default | awk '{print $NF}'`
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
iptables -I INPUT  --protocol 47 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -d 0.0.0.0/0 -o $ETH -j MASQUERADE
iptables -I FORWARD -s 192.168.2.0/24 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j TCPMSS --set-mss 1356
service iptables save
service iptables restart

#no liI10oO chars in password

LEN=$(echo ${#PASS})

if [ -z "$PASS" ] || [ $LEN -lt 8 ] || [ -z "$NAME" ]
then
   P1=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P2=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   P3=`cat /dev/urandom | tr -cd abcdefghjkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ23456789 | head -c 3`
   PASS="$P1-$P2-$P3"
fi

if [ -z "$NAME" ]
then
   NAME="vpn"
fi

cat >> /etc/ppp/chap-secrets <<END
$NAME pptpd $PASS *
END

cat >/etc/pptpd.conf <<END
option /etc/ppp/options.pptpd
#logwtmp
localip 192.168.2.1
remoteip 192.168.2.10-100
END

cat >/etc/ppp/options.pptpd <<END
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
ms-dns 209.244.0.3
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
END

apt-get -y install wget || {
  echo "Could not install wget, required to retrieve your IP address." 
  exit 1
}

#find out external ip 
IP=`wget -q -O - http://api.ipify.org`

if [ "x$IP" = "x" ]
then
  echo "============================================================"
  echo "  !!!  COULD NOT DETECT SERVER EXTERNAL IP ADDRESS  !!!"
else
  echo "============================================================"
  echo -e "You can now connect to your VPN via your external IP \033[32m${IP}\033[0m"
fi
  echo -e "Username: \033[32m${NAME}\033[0m"
  echo -e "Password: \033[32m${PASS}\033[0m"
sleep 2

service pptpd restart

exit 0

The above code assumes that you are running Ubuntu server and have iptables running as a ‘service’ and have the /etc/init.d script in place.

Steps

[[email protected]_vpn ~]# vim pptp.sh

Now paste the contents above into the file.

[[email protected]_vpn ~]# chmod +x pptp.sh

This will make the file executable. Now that this is done you can now ‘setup’ your VPN.

-- snipping all the output --

Reading package lists... Done
Building dependency tree
Reading state information... Done
wget is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.
============================================================
-e You can now connect to your VPN via your external IP 127.0.0.1 #changed IP but this will show your IP
-e Username: A_User_Name
-e Password: yourPassword

Now your new VPN server is ready to go. Enjoy

If you found this useful, please consider using my referal link for Host1Plus as a way to say thank you.