How to set-up PPTP Client on Debian 9

This is an instruction how to install PPTP Client on Debian GNU/Linux KVM.

PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN).

All commands should be run as root!

Installing the Client Program

Install PPTP Client from the Debian Project:

apt install pptp-linux

Configuration, by hand

1. obtain from your PPTP Server administrator:

  • the IP address or host name of the server ($SERVER),
  • the name you wish to use to refer to the tunnel ($TUNNEL),
  • the authentication domain name ($DOMAIN),
  • the username you are to use ($USERNAME),
  • the password you are to use ($PASSWORD),
  • whether encryption is required.

In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.

2. create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:

lock noauth nobsdcomp nodeflate

3. create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:


Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.

Note: if the passwords contain any special characters, quote them. See man pppd for more details.

4. create a /etc/ppp/peers/$TUNNEL file:

pty "pptp $SERVER --nolaunchpppd"
remotename PPTP
file /etc/ppp/options.pptp
ipparam $TUNNEL

Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.

5. start the tunnel using the pon command:


to further diagnose a failure, add options to the command:

pon $TUNNEL debug dump logfd 2 nodetach

Note: we have further information on enabling debug mode, and on diagnosing problems.

6. stop the tunnel using the poff command:

poff $TUNNEL

7. to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.

8. to have a tunnel started on system boot,
add to the file /etc/network/interfaces this iface eth0:

iface tunnel inet ppp
provider $TUNNEL

and edit the iface eth0 for your default network connection, usually eth0, to connect the tunnel when possible:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto tunnel
iface tunnel inet ppp
        provider $TUNNEL
        pre-down ip -4 addr flush dev ppp0 scope global || :
auto eth0
iface eth0 inet static
        address XXX.XXX.XXX.XXX
        broadcast +
        up route -A inet add XXX.XXX.XXX.XXX dev eth0
        up route -A inet add default gw XXX.XXX.XXX.XXX dev eth0

iface eth0 inet6 manual
        pre-down ip -6 addr flush dev eth0 scope global || :

Note: this eliminates a race between the tunnel startup and the default network connection, which can prevent tunnel connection.

9. (Optional) Add routes through the PPTP Connection:

– create a /etc/ppp/ip-up.d/$TUNNEL file:

– Inside add the routes you want like this:

/sbin/route add gw dev ppp0

– Save the file

– Make it executable:

chmod +x /etc/ppp/ip-up.d/$TUNNEL

You could for example do a simple check and show which scripts would be run:


run-parts --test /etc/ppp/ip-up.d/

Leave a Reply

Your email address will not be published. Required fields are marked *