pptpd VPN: No internet access after connecting

networking internet vpn ip pptpd

30,565

Solution 1

If your main purpose of setting up the VPN server is to access website, So traffic has to be forwarded out of the VPN server’s public network interface.Thus, kindly enable port forwarding by editing the sysctl.conf file. I assume “net.ipv4.ip_forward” is commented in the /etc/sysctl.conf file:

nano /etc/sysctl.conf

Add or find and comment out the following line

net.ipv4.ip_forward=1

Save, close the file and run the following command to make the changes take effect.

sysctl -p

The following iptables firewall rules allow port 1723, GRE and perform NAT

iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

In the last rule replace “eth0″ with the interface connecting to the internet on your VPN server. Finally the following rule is required to ensure websites load properly

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS  --clamp-mss-to-pmtu

Replace 172.20.1.0/24 with the IP address range used in the “remoteip” option in the /etc/pptpd.conf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation.

Hope it could help.

Solution 2

The following command solved my problem (No internet) using PPTPD on Ubuntu 14.x

iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 10.0.0.0/24 -j TCPMSS  --clamp-mss-to-pmtu
sudo iptables-save

sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables-save

Please note: I used this IP address range 10.0.0.0/24 in my /etc/pptpd.conf use the range that matches your config as well.

30,565

Author by

Transcendent

Although I started programming by learning C++, I really love C# and rarely use C++ these days.

Updated on September 18, 2022

Comments

Transcendent over 1 year
I've followed the instructions in this tutorial to set up a vpn server, so that I can connect to that and surf the internet virtually from another location. So far from windows, I can connect to it but there is no internet access.

The ip addresses that I used in the conf file is exactly the same as in the tutorial
```
localip 192.168.0.1
remoteip 192.168.0.100-200
```
Same for the DNS which is 8.8.8.8.

(Everything you need to know about what I've done is already in that link)

What do you think could be the problem ?
- meccooll almost 10 years
  
  post netstat -rn after you VPN in
- Transcendent almost 10 years
  
  @meccooll: Sorry for my previous comment, that netstat worked like a magic. I'm through now but HTTPS websites not getting opened, the browser says SSL Connection Problem, do you have any idea ?
timelmer over 8 years

Still no HTTP/S access, but this lets me at least connect to devices on the target net. Thanks!
Iman Akbari over 7 years

you're a life saver.
Arya almost 7 years

This worked for me!
Aftab Naveed over 5 years

You deserve a clap!