Setting up pptpd on debian (lenny)

There are other giudes to do this, but none seemed complete, I had to get the iptables rules from the debug document on I guess they are not always needed.

I started with a clean install of lenny from

Install poptop

# aptitude install pptpd

Edit pptpd config files


You need to set the private ip of the server and the ip range for clients, the 2 lines are added to this file:


Set them to whatever private (or public) ip addressing you want. You could use IP addresses currently available in your network, if you do this you will not need to add the iptables rules for natting later in this guide.


Option 1
Set ms-wins and ms-dns to the name server the server you are currently working on is using (look in reolv.conf).

Option 2
Or as I did install dnsmasq on the server and run it as a chaching dns server

# aptitude install dnsmasq

And then set ms-dns and ms-wins to (or the localip you set)


Setup users and passwords to connect the pptp server

username pptpd somepassword *

Turn on IP Forwarding

# echo 1 > /proc/sys/net/ipv4/ip_forward

Set the change permanantly in /etc/sysctl.conf by uncommenting the line:


Turn on NATing

If you have created a new private network for your pptpd server, you probably have, you need to add a rule to iptables.

# iptables --table nat --append POSTROUTING
--out-interface eth0 --jump MASQUERADE

But this rule needs be persistant so we need to create a script to run when the interface starts up

# iptables-save > /etc/iptables.conf

Create a new file: /etc/network/if-up.d/iptables and paste in the following

/sbin/iptables-restore < /etc/iptables.conf

Set it to executable
# chmod 755 /etc/network/if-up.d/iptables

All Done!. Just startup pptpd

# /etc/init.d/pptpd start

9 thoughts on “Setting up pptpd on debian (lenny)”

  1. Thank you for this tutorial.
    You have a typo on 1. Line:
    aptitude install pptp ->
    aptitude install pptpd

    If you run named (bind) this will not work.
    Stop bind (if you dont need it)
    /etc/init.d/bind9 stop

    If you see that message:
    dnsmasq: setting capabilities failed: Operation not permitted
    nano /etc/dnsmasq.conf
    An ucomment user and set user to root.

    And run:
    sudo /etc/init.d/dnsmasq restart

    Costs me some hours to figure it out, so i want to share it here.

  2. At last! Thankyou! There are loads of ‘howtos’ on setting up pptpd on Debian but none of them seem to actually include everything or talk about requirements “outside the scope of this tutorial”… I followed exactly what you said and it all just works – thanks!

  3. Much thanks! I had gotten set up from another guide, but I was getting nowhere because I didn’t know about setting up iptables to do nat. :mrgreen:

  4. I have successfully set up my vpn, but dont have internet access; I tried to follow your guide (on my RasberryPi) but I keep getting the error
    #sudo iptables-save > /etc/iptables.conf
    #-bash: /etc/iptables.conf: Permission denied’

    Any help would be appreciated… and if it’s a chmod problem, I don’t know what to change the permissions of….

    1. That’s a common mistake. You are runing the iptables-save as root, but your pipe is attempting to write the file using your normal user’s permissions.

      2 solutions.

      1. Just drop a root shell – “sudo su -“. Run the commands as the root user.
      2. You can elevate your privileges by piping to tee:

      sudo iptables-save | sudo tee /etc/iptables.conf

Leave a Reply

Your email address will not be published. Required fields are marked *