This tutorial will cover how to:
Configure a locally controlled VPN server (PPTP Server)
The setup of the PPTP server is covered here in the Ubuntu community. I have, however, included these instructions below with some additional notes that helped me.
Setup a PPTP Server
Before we start, if you are using a VM, please ensure that you have bridged connection enabled.
If you havent already, install PPTP server
sudo apt-get install pptpdFirst, add a server IP and client IP to the end of the PPTP server configuration file
sudo sed -i '$ a\localip 192.168.0.1' /etc/pptpd.conf
sudo sed -i '$ a\remoteip 192.168.0.100-200' /etc/pptpd.confIf we now call
sudo cat /etc/pptpd.confThe end of the configuration file should now look something like this:
# (Recommended)
#localip 192.168.0.1
#remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,92.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
localip 192.168.0.1
remoteip 192.168.0.100-200This has set up the PPTP server to use IP 192.168.0.1 while distributing the IP range 192.168.0.100 to 192.168.0.200 to PPTP clients. Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.
Next, configure which DNS servers to use when clients connect to this PPTP server
sudo nano /etc/ppp/pptpd-optionsAdd google (below) or OpenDNS
ms-dns 8.8.8.8
ms-dns 8.8.4.4Now add a VPN user into /etc/ppp/chap-secrets.
sudo sed -i '$ a\username pptpd password *' /etc/ppp/chap-secretsIf we now call
sudo cat /etc/ppp/chap-secretsThe end of the file should now look something like this:
# Secrets for authentication using CHAP
# client server secret IP addresses
username * password *The first column is username, the second is server name, the third is password, and the last is the allowed IP addresses (we will put * to allow all).
Setup IP Forwarding
Open '/etc/sysctl.conf'
sudo nano /etc/sysctl.confEnable IPv4 forwarding by uncomment the line
net.ipv4.ip_forward=1Reload the configuration
sudo sysctl -pOpen your iptables configuration '/etc/rc.local'
sudo nano /etc/rc.localAdd the following two rules just before the 'exit 0' at the bottom of the file.
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE
iptables -A FORWARD -p tcp --syn -s 192.168.0.0/24 -j TCPMSS --set-mss 1356The first rule sets 192.168.0 for the PPTP subnet, the second rule adjusts the MTU size.
The server setup is now complete, call the following to start the server
service pptpd restartor
/etc/init.d/pptpd restartConnect an Android device to a PPTP server
We will need the following before we can connect our device to the server:
Call the following on your server to obtain its IP
ifconfigThe output should be similar to the following:
eth0 Link encap:Ethernet HWaddr 09:00:12:90:e3:e5
inet addr:192.168.1.29 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe70:e3f5/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:54071 errors:1 dropped:0 overruns:0 frame:0
TX packets:48515 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 ...From the output, our IP is 'inet addr:192.168.1.29'.
Setup and forward VPN traffic to mitmproxy
# sudo iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 80 -j REDIRECT --to-port 8080# sudo iptables -t nat -A PREROUTING -i ppp0 -p tcp --dport 443 -j REDIRECT --to-port 8080Click here to view this pages source.