How to Install PPTP VPN on Fedora 43
PPTP (Point-to-Point Tunneling Protocol) is still widely used in legacy corporate networks and ISP-provided VPN environments. If you manage a remote team or connect to an older enterprise gateway, you’ve likely hit the wall where Fedora 43 doesn’t support PPTP out of the box. This guide shows you exactly how to install PPTP VPN on Fedora 43 using both the GUI NetworkManager interface and the CLI terminal — fully configured and tested in under 10 minutes.
⚠️ Security Notice: PPTP uses MS-CHAPv2 authentication, which has known cryptographic weaknesses. Use this guide only when PPTP is required by your network environment. For new deployments, consider WireGuard or OpenVPN instead.
Prerequisites
Before starting this PPTP VPN on Fedora 43 setup, confirm you have the following:
- Fedora 43 installed — verify with
cat /etc/fedora-release - sudo or root privileges on the system
- Active internet connection
- VPN server credentials: hostname/IP, username, and password
- GNOME desktop (for GUI method)
- Terminal access (required for both methods)
- firewalld active — check with
sudo systemctl status firewalld
Step 1: Update Your Fedora 43 System
Always update your system before installing new packages. This prevents dependency conflicts and ensures you’re working with the latest package metadata.
sudo dnf update -yAfter the update, verify your OS version and kernel:
uname -r
cat /etc/fedora-releaseExpected output:
6.x.x-xxx.fc43.x86_64
Fedora release 43 (...)Step 2: Install Required PPTP Packages
Fedora 43 does not include PPTP support by default. You need three packages from the official Fedora repositories:
- pptp — the core PPTP client that manages tunnel creation
- NetworkManager-pptp — integrates PPTP with NetworkManager and
nmcli - NetworkManager-pptp-gnome — adds PPTP to the GNOME Settings VPN dialog
Install all three in one command:
sudo dnf install pptp NetworkManager-pptp NetworkManager-pptp-gnome -yVerify the installation succeeded:
rpm -qa | grep pptpExpected output:
pptp-1.10.0-23.fc43.x86_64
NetworkManager-pptp-1.x.x-x.fc43.x86_64
NetworkManager-pptp-gnome-1.x.x-x.fc43.x86_64Optionally, install the pptp-setup helper script for guided configuration:
sudo dnf install pptp-setup -yStep 3: Load Required Kernel Modules
PPTP depends on two kernel modules for connection tracking. Skipping this step is the most common cause of “tunnel connects but no traffic passes” issues.
Load them immediately:
sudo modprobe nf_conntrack_pptp
sudo modprobe nf_conntrack_proto_greMake them persistent across reboots:
echo "nf_conntrack_pptp" | sudo tee /etc/modules-load.d/pptp.conf
echo "nf_conntrack_proto_gre" | sudo tee -a /etc/modules-load.d/pptp.confConfirm the modules loaded:
lsmod | grep nf_conntrack_pptpStep 4: Configure Firewall Rules for PPTP
PPTP uses TCP port 1723 for control traffic and GRE protocol 47 for data. Both must be explicitly allowed through firewalld — blocking GRE is the second most common cause of PPTP failures on Fedora.
sudo firewall-cmd --permanent --add-port=1723/tcp
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 1723 -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
sudo firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 0 -p gre -j ACCEPT
sudo firewall-cmd --permanent --add-masquerade
sudo firewall-cmd --reloadVerify rules are active:
sudo firewall-cmd --list-allPort 1723/tcp should appear in the ports section. The --add-masquerade flag enables NAT, which routes VPN traffic correctly to the external network.
Step 5: Connect via GUI — NetworkManager (Desktop Method)
This is the recommended method for Fedora 43 desktop users running GNOME.
Open Network Settings
Go to Activities → Settings → Network. Under the VPN section, click the + icon to add a new connection.
Select PPTP as the VPN Type
Select Point-to-Point Tunneling Protocol (PPTP) from the list. If it’s missing, run the following and restart NetworkManager:
sudo dnf install NetworkManager-pptp-gnome -y
sudo systemctl restart NetworkManagerEnter Connection Details
- Connection Name: e.g.,
Office-PPTP - Gateway: Your VPN server hostname or IP (e.g.,
vpn.company.com) - Username: Your VPN account username
- Password: Click the 🔑 icon → select “Store the password only for this user”
Configure Advanced Security Settings
Click Advanced and apply these settings to prevent authentication failures:
Authentication:
- ❌ Uncheck PAP
- ❌ Uncheck CHAP
- ✅ Check MSCHAP
- ✅ Check MSCHAPv2
Security and Compression:
- ✅ Enable Use Point-to-Point Encryption (MPPE) → set to 128-bit
- ✅ Enable Allow BSD data compression
- ✅ Enable Allow Deflate data compression
- ✅ Enable Use TCP header compression
Click OK, then Add to save the profile. Toggle the VPN to ON in the Network panel to connect.
Step 6: Connect via CLI — Terminal Method (Server / Headless)
This method works perfectly on headless Fedora 43 servers or any SSH session. It gives you full control of the configure PPTP VPN on Fedora 43 process through the command line.
Create the PPP Peer Configuration File
sudo nano /etc/ppp/peers/my-vpnAdd the following — replace YOUR_SERVER_ADDRESS and YOUR_USERNAME with real values:
pty "pptp YOUR_SERVER_ADDRESS --nolaunchpppd"
name YOUR_USERNAME
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam my-vpnSave with Ctrl+O, Enter, then exit with Ctrl+X.
Add Authentication Credentials
sudo nano /etc/ppp/chap-secretsAdd your credentials using tabs (not spaces) between fields:
YOUR_USERNAME PPTP YOUR_PASSWORD *Lock down file permissions:
sudo chmod 600 /etc/ppp/chap-secrets
sudo chmod 644 /etc/ppp/peers/my-vpnLaunch the VPN Tunnel
sudo pppd call my-vpnVerify the ppp0 interface was created:
ip addr show ppp0Expected output:
3: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1396 qdisc fq_codel state UNKNOWN
inet 10.x.x.x peer 10.x.x.x/32 scope global ppp0Monitor live logs:
sudo journalctl -xe | grep pppd[IMAGE: Screenshot of terminal showing ppp0 interface created and IP address assigned]
Step 7: Verify and Test the VPN Connection
Run these three tests to confirm the tunnel is fully operational, regardless of which method you used:
# Test basic connectivity
ping -c 4 8.8.8.8
# Verify your public IP changed to the VPN server's IP
curl ifconfig.me
# Inspect the routing table for VPN entries
ip route showIf curl ifconfig.me returns your VPN server’s IP address instead of your local ISP IP, your setup is working correctly.
To enable autoconnect on login (GUI method via nmcli):
nmcli connection modify "Office-PPTP" connection.autoconnect yesTroubleshooting Common PPTP VPN Issues on Fedora 43
Here are the five most common problems encountered during a Linux server tutorial for PPTP — and exactly how to fix each one.
1. PPTP Not Listed in VPN Type Selection
Cause: NetworkManager-pptp-gnome is missing or NetworkManager hasn’t reloaded.
sudo dnf install NetworkManager-pptp-gnome -y
sudo systemctl restart NetworkManager2. Connection Fails or Hangs on “Authenticating”
Cause: Firewall blocking GRE traffic or kernel modules not loaded.
sudo modprobe nf_conntrack_pptp nf_conntrack_proto_gre
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT
sudo firewall-cmd --reload3. CHAP Authentication Rejected
Cause: PAP or CHAP enabled instead of MSCHAPv2 in Advanced settings.
Fix: Return to Advanced settings → uncheck PAP and CHAP → enable only MSCHAPv2.
4. ppp0 Interface Not Created (CLI Method)
Cause: Syntax error in peer config file or incorrect credentials format.
sudo journalctl -xe | grep pppd
cat /etc/ppp/peers/my-vpnEnsure fields in /etc/ppp/chap-secrets are separated by tabs, not spaces.
5. VPN Connects but Internet Stops Working
Cause: VPN is overriding your default gateway and capturing all routes.
ip route add default via YOUR_LOCAL_GATEWAY dev eth0 metric 100Alternatively, disable “Use this connection only for resources on its network” in the IPv4 tab of your VPN profile.
Security Considerations and Modern Alternatives
PPTP is cryptographically broken by current security standards. The MS-CHAPv2 protocol is vulnerable to offline dictionary attacks, and MPPE provides limited protection against a determined attacker. Use it only when your infrastructure mandates it.
For any new deployment, these modern alternatives are available on Fedora 43:
| Protocol | Security | Speed | Install Command |
|---|---|---|---|
| WireGuard | ✅ Excellent | ✅ Very Fast | sudo dnf install wireguard-tools |
| OpenVPN | ✅ Excellent | ⚠️ Moderate | sudo dnf install NetworkManager-openvpn |
| IPsec/L2TP | ✅ Good | ✅ Good | sudo dnf install NetworkManager-l2tp |
| PPTP | ❌ Weak | ✅ Fast | sudo dnf install pptp NetworkManager-pptp |
If your organization gives you any choice, migrate to WireGuard. It’s kernel-native on Fedora 43, faster than PPTP, and takes the same time to configure.
Congratulations! You have successfully installed PPTP VPN. Thanks for using this tutorial for installing PPTP VPN on Fedora 43 Linux system. For additional help or useful information, we recommend you check the official PPTP VPN website.
