Visit the LQ Articles and Editorials section
Go Back > Linux Answers > Networking
User Name


By djbanaan at 2005-03-16 17:06
This document describes how to set up a Point-to-Point tunneling protocol (PPTP)
VPN server (and client) using Slackware Linux [] and PoPToP
[]. PPTP - a Microsoft protocol - may not be the most advanced
protocol for setting up VPN, but is relatively easy to set up and isn't as
intrusive to your system as other VPN solutions such as OpenSwan. Another
plus is that it is supported by nearly every Windows version in their default
installation, making it a breeze for your clients to connect.

A word of warning before getting started:

MPPC, the compression protocol used for PPTP, is a patented technology.
Therefore, it may be illegal in your country to use this technology without
the consent of Hifn Inc (, the patent holder for MPPC.

With the legal chit-chat out of way, let's get going!

Table of contents
1. Requirements
2. Installing and configuring the server end
2.1 Installing MPPC/MPPE support in the kernel
2.2 Installing poptop
2.3 Configuring poptop
2.3.1 Setting up IP-addressing
2.3.2 Configuring the pptp daemon
2.3.3 Adding users
3 Installing and configuring the client end
3.1 Installing the Linux pptp client
3.2 Configuring the Linux pptp client

1 Requirements

The installation of the PPTP server and client requires the following packages
on your system:

- Kernel sources
- ppp (from the "n" series of packages)

For the remainder of this document we are going to assume that your kernel sources
are installed in /usr/src and that the ppp package installed is the default Slackware
ppp package, which is already equipped with MPPE support.

Apart from these requirements this document also assumes some basic knowledge of
TCP/IP networking and familiarity with Linux kernel compilation.

2 Installing and configuring the server end

2.1 Installing MPPC/MPPE support in the kernel

The first step is making sure that our kernel has support for MPPC/MPPE.
The PoPToP project provides several methods for installing MPPC/MPPE support,
but these are for older kernels. Therefore we are going to do things by hand
using the MPPC/MPPE patch from

Download the appropriate MPPE/MPPC patch for your kernel version from and place it in /usr/src.

- Note 1 : The patch assumes the path of your kernel sources
to be /usr/src/linux-$VERSION, but since /usr/src/linux is
usually a symlink to this directory this should not be much of a problem.

- Note 2 : If there is no patch for your kernel version, you can try
downloading the patch with a version number closest to yours and
making a symlink like this:

ln -s /usr/src/linux-$MYVERSION /usr/src/linux-$MPPE-MPPC-PATCH-VERSION

Apply the patch to your kernel sources:

cd /usr/src
zcat linux-$VERSION-mppe-mppc-1.3.patch.gz | patch -p0

configure the kernel:

cd /usr/src/linux
make menuconfig
in the kernel configuration menu go to Device drivers --> networking support
make sure the configuration options for ppp look like this:

<M> PPP (point-to-point protocol) support
[ ] PPP multilink support (EXPERIMENTAL)[*] PPP filtering
<M> PPP support for async serial ports
<M> PPP support for sync tty ports
<M> PPP Deflate compression
<M> PPP BSD-Compress compression
<M> Microsoft PPP compression/encryption (MPPC/MPPE)

Next go to Cryptographic options in the kernel configuration menu and enable
SHA1 and RC4 algorithms. Exit menuconfig and save your configuration.

Compile your new kernel and modules. For this I use "make modules modules_install bzImage"
and handle post compilation tasks by hand, but feel free to compile the new kernel in a way you feel comfortable with. Reboot your system and verify that your new kernel functions OK.

Add the following lines to /etc/modules.conf:

alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldics-14 ppp_synctty
alias ppp-compress-18 ppp_mppe_mppc
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias tty-ldisc-14 ppp_synctty

This concludes the kernel part of the installation.

2.2 Installing poptop

Grab the latest stable pptpd sources from

compile and install pptpd:

tar zxvf pptpd-$VERSION.tar.gz
cd pptpd-$VERSION
make install (or use checkinstall (available from "extra" series of packages) to generate a slackpack)

2.3 Configuring poptop

2.3.1 Setting up IP-addressing

Now that we've got all the packages installed in the correct location we can start configuring poptop.

First we are going to define an IP-address for the pptp server and IP-addresses to assign to our clients. We can chose to either assign a separate IP-address for the server to be used for every incoming connection, or we can use a single IP address to be used for each connection. In this example we will use a single IP address on the server end.

In /etc/pptpd.conf add the following lines:


This assigns the IP-address to the pptp server, note that this ip-address does not get assigned to any of the physical interfaces on the server, it is used purely for virtual interfaces. You should, of course, use an IP-range appropriate for your subnet.

The second line defines a range of ip-addresses to be assigned to clients.

2.3.2 Configuring the pptp daemon

With the IP-addressing sorted, we can move along to the configuration of our server. We are going to configure pptpd using the file /etc/ppp/options.pptpd. We have to make sure pptpd reads this file by adding the following line to /etc/pptpd.conf:

option /etc/ppp/options.pptpd

Next, add the following lines to /etc/ppp/options.pptpd:

name pptpd
ipparam PoPToP
mtu 1490
mru 1490
lcp-echo-failure 30
lcp-echo-interval 5
deflate 0

Remember to inspect the ms-wins and ms-dns options and assign the appropriate ip-addresses if necessary. ms-wins is only required if windows clients are going to access windows servers on the other end of the tunnel.

Note that this configuration allows only 128 bit encryption, some versions of Windows need an 128-bit encryption pack installed for this to work. This pack is available from It is also possible to set the cypher strength to 40 bits:


This will allow any Windows client to connect, but it is, of course, inherently less secure.

2.3.3 Adding users

Next we are going to set up user accounts. There are several ways to authenticate users on the pptp server, including radius and Samba. In this how-to we'll stick to using ppp's chap-secrets file.

Users are added to the file /etc/ppp/chap-secrets in the following manner:

username pptp-server-name password ip-address

So a valid user entry would look like this:

joesixpack pptpd somepassword *

This allows user "joesixpack" to authenticate with server "pptpd" using the password "somepassword". Once joesixpack is logged in and connection has been established, his machine will be assigned the first available ip-address as defined in the previous step. It is also possible to assign each user his or her own ip-address.

Note that passwords containing special characters have to be quoted.

We can now start the pptp daemon:


You can now test your connection using a Windows machine. If you don't have a Windows machine for testing (hey, that's understandable ;-)), read on through the next section to set up a pptp linux client.

3 Installing and configuring the client end

The client end has the same requirements as the server end. It requires the MPPE/MPPC patch to be applied to the kernel and also requires the ppp package to be installed. For instructions on applying the kernel patch, see section 2.1.

3.1 Installing the Linux pptp client

If all went well you should have an MPPE/MPPC enabled kernel. We can proceed with the installation of the pptp client. First, grab the sources from []

unpack the sources:

tar zxvf pptp-linux-$VERSION.tar.gz

compile the software and install the binaries:

cd pptp-linux-$VERSION
make install

3.2 Configuring the Linux pptp client

Create a file called /etc/ppp/options.pptp and put the following line in it:

lock noauth nodeflate nobsdcomp

Add the following line to /etc/ppp/chap-secrets:

username pptpd password *

Substitute username and password for the credentials you want to use to connect to the pptp server.

Now create a file called /etc/ppp/peers/YOURTUNNELNAME, replacing YOURTUNNELNAME with whatever
name you want to use to identify your tunnel. Place the following lines in this file:

pty "pptp YOURPPTPSERVER --nolaunchpppd"
mtu 1490
mru 1490
remotename pptpd
file /etc/ppp/options.pptp

Where YOURPPTPSERVER is the address of the pptp server you want to connect to, YOURUSERNAME speaks for itself and YOURTUNNELNAME should be the same name as the file you just created in /etc/ppp/peers.

There is one last detail to be handled, which is routing.

To make sure our traffic gets routed to the other end of the tunnel, create a file called ip-up in /etc/ppp and add the following lines to this file:

/sbin/route add -net REMOTE-NET-IP netmask REMOTE-NET-MASK dev ppp

In which you have to replace the IP-address and the mask with those of the subnet on the other end of the tunnel. If there is no network on the other side, but just the pptp server, you can use -host instead of -net. When your done, save the file and make it executable:

chmod +x /etc/ppp/ip-up

Now that all is set up we can start the tunnel:


If all has gone well you should see something along the lines of:

Mar 16 19:25:53 feike pppd[7319]: local IP address
Mar 16 19:25:53 feike pppd[7319]: remote IP address

in /var/log/messages and you should be able to ping across the tunnel.

by Monkey Magic on Mon, 2005-09-12 23:15
Does polbox have any mirrors? I've been trying to contact for the last few weeks with no luck (it times out). Are other people still seeing polbox?

by Monkey Magic on Tue, 2005-09-13 17:39
OK, per chance, it worked today. The new link for the MPPC stuff is

by eder_michael11 on Mon, 2006-06-05 13:54
i configured all for slackware server...

but wen i try to connect from windows client appear
error 800 unable to conecto to client..

do you know if at windows do i have to soecific something??? on the propieties..??

by eder_michael11 on Mon, 2006-06-05 14:16
i turned off the firewall the questions that i have are....

at the menu config ... in the kernel the options for PPP i selected like this

<M>PPP (point-to-point protocol) support
[ ] PPP multilink support (EXPERIMENTAL)[*] PPP filtering
<M>PPP support for async serial ports
<M>PPP support for sync tty ports
<M>PPP Deflate compression
<M>PPP BSD-Compress compression[*]Microsoft PPP compression/encryption (MPPC/MPPE)

if this is ok??

well other think i think could be the error for not connect the client windows to my server linux is that

/etc/pptpd.conf didnt exist at my slackware i have to copied from the directory /pptp-2../samples to /etc

other thing the file /etc/ppp/options.pptpd doesnt exist only existe
/etc/ppp/option .. i have to copied to this location from the samples too

my slackware version is 10.0
can you helpe to find wich is the error?? i can answer all you ask me please...

by lukki on Fri, 2006-07-07 08:07
A problem!
I did everything as written in Djbanaan's article and ... found two problems:
1. is missing and I can't find it for Slackware (???). Problem occurs when pptpd is started "properly" (/usr/sbin/pptpd). However, when I start pptpd directly from command line, it doesn't ask for and runs.
2. when pptpd is running I can't connect using windows xp sp2 client. Returned error code is 619. Firewall is, of course, off.

What is wrong?

(slackware 10.2)

Greets, Lukas

by mikese on Wed, 2009-05-20 13:01
I haven't ran slackware since around 1999 i've been on ubuntoo lately or whatever it's called. But setting up a VPN on a shared hosting account isn't that fun you should just get a dedicated server if you can afford it maybe split the cost with some friends.

by socialmaker on Tue, 2009-07-07 04:24
Although i'm not a big fan of slackware linux i know it's the toughest one of them all (along with debian if i'm not mistaking). People now are starting to use linux more and more (which is a good thing) but the similarities between linux and windows (i'm referring to the graphical user interface) are just annoying. I know they must make it pretty and all but cmon...
Anyway I'll always love linux and my web hosting plans run under linux really well.

by arubin on Sun, 2009-11-08 07:22
I have just configured my PC to connect to my daughter's University using VPN.

The steps I needed were these

1. Install pptd package from slackbuilds

2. add to rc.modules
/sbin/modprobe ppp_mppe

3. mkdir /etc/ppp/peers

4. symlink bin/ip to sbin/ip

5. Create file



/sbin/route add -host
and make it executable

6. pptpsetup --create imperial --server NETWORK_ADDRESS --username USERNAME --password PASSWORD

7. pppd call imperial dump debug logfd 2 nodetach require-mppe

this gets ppp0 running

8. /sbin/ip route add default dev ppp0

This adds ppp0 to the routing table

9. We can then connect to her folder using konquereor


10. login as\username

by trumpet_tom on Wed, 2010-02-24 05:57
I just used your guide arubin to connect to bristol university vpn. Thanks a lot!

Just a couple of things I noticed though:

The package you want from slackbuilds is "pptp" not "pptd"

When I ran
pppd call imperial dump debug logfd 2 nodetach require-mppe
the last line of output was
Can't execute /etc/ppp/ip-up: Invalid argument
I tried running
route add -host
as root in a separate console and it doesn't do anything. I tried connecting without the ip-up script present and it worked fine.

Either way I can access my files stored at uni now, thanks again!

by doyen on Mon, 2010-08-09 08:40
I'm trying to connect from my home to my vpn service using slackware 13.1.

I managed to set up the client correctly and it connects to the vpn.
This is the output from /var/logs/messages:

pppd[3307]: CHAP authentication succeeded
pppd[3307]: MPPE 128-bit stateless compression enabled
pppd[3307]: local IP address
pppd[3307]: remote IP address

This is output of ifconfig:

ppp0 Link encap:Point-to-Point Protocol
inet addr: P-t-P: Mask:
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:62 (62.0 B) TX bytes:79893 (78.0 KiB)

My problem is setting up the routing for the connection to go from the vpn server to eth0

when I type:
route add -net netmask dev ppp0

that doesn't work. If anyone could help it would be much appreciated


All times are GMT -5. The time now is 11:26 AM.

Main Menu

Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration