in Linux

How to solve PPTP VPN client cannot open web pages


If you are running PPTP VPN server (pptpd) on a Linux host, and your PPTP clients cannot open any web pages, here is a checklist for you to debug the problem.

Is there another client connected to the PPTP VPN server?

If two clients are under the same NAT, they may not connect to the same PPTP VPN server at once. This is a limitation in PPTP implementation.

Does PPTP VPN server allow IP forwarding?

Check kernel configuration on the PPTP server and make sure that ip_forward is enabled by running:

# sysctl -a | grep ip_forward

If you see net.ipv4.ip_forward = 0
That means IP forwarding is not enabled and you must enable it. One way is to edit /etc/sysctl.conf and change/add the following line:

net.ipv4.ip_forward = 1

Does PPTP VPN server firewall masquerade network interfaces?
It is essential to configure firewall to masquerade public Internet network interface and ppp network interface, here are the firewall rules:

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

Does PPTP VPN server have clamp-mss-to-pmtu set in iptables?If your VPN clients can visit certain websites but not others, then you are very likely encountering MTU problem. It can be fixed easily by the following iptables rule:

iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Are DNS server addresses set correctly on PPTPD configuration?

If your VPN clients can ping IP addresses (such as Google DNS 8.8.8.8) but not visiting any websites, then it is likely a DNS issue. You can set DNS server addresses on VPN clients, or set them on the VPN server’s options.pptpd, change/add the following lines:

ms-dns 8.8.8.8
ms-dns 8.8.4.4