If you are running PPTP VPN server (pptpd) on a Linux host, and your PPTP clients cannot open any web pages, here is a checklist for you to debug the problem.
If two clients are under the same NAT, they may not connect to the same PPTP VPN server at once. This is a limitation in PPTP implementation.
Does PPTP VPN server allow IP forwarding?
Check kernel configuration on the PPTP server and make sure that
ip_forward is enabled by running:
# sysctl -a | grep ip_forward
If you see
net.ipv4.ip_forward = 0
That means IP forwarding is not enabled and you must enable it. One way is to edit /etc/sysctl.conf and change/add the following line:
net.ipv4.ip_forward = 1
Does PPTP VPN server firewall masquerade network interfaces?
It is essential to configure firewall to masquerade public Internet network interface and ppp network interface, here are the firewall rules:
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
Does PPTP VPN server have clamp-mss-to-pmtu set in iptables?If your VPN clients can visit certain websites but not others, then you are very likely encountering MTU problem. It can be fixed easily by the following iptables rule:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
Are DNS server addresses set correctly on PPTPD configuration?
If your VPN clients can ping IP addresses (such as Google DNS 184.108.40.206) but not visiting any websites, then it is likely a DNS issue. You can set DNS server addresses on VPN clients, or set them on the VPN server’s
options.pptpd, change/add the following lines:
ms-dns 220.127.116.11 ms-dns 18.104.22.168