Arch Linux BasedManjaro

How To Install PPTP VPN on Manjaro

r00t

Install PPTP VPN on Manjaro

Point-to-Point Tunneling Protocol (PPTP) VPN connections provide a method for secure access to private networks over the internet. While newer VPN protocols offer improved security, PPTP remains in use due to its simplicity and widespread compatibility. This guide will walk you through the complete process of setting up a PPTP VPN on Manjaro Linux, using both command-line and graphical approaches.

Understanding PPTP VPN

PPTP (Point-to-Point Tunneling Protocol) was originally developed by Microsoft in the late 1990s to enable secure remote connections. The protocol creates a tunnel between your device and a VPN server, encrypting data that travels through this tunnel.

PPTP works by encapsulating Point-to-Point Protocol (PPP) packets within IP datagrams, allowing them to be transmitted over the internet. When you connect to a PPTP VPN, your device establishes a control connection using TCP port 1723 and creates a GRE (Generic Routing Encapsulation) tunnel for data transfer.

Despite being one of the oldest VPN protocols, PPTP continues to be used for several reasons:

  • Fast connection speeds due to lower encryption overhead
  • Wide compatibility across operating systems, including Linux distributions like Manjaro
  • Simple configuration and implementation
  • Low processing requirements, making it suitable for older hardware

However, it’s important to understand that PPTP has known security vulnerabilities. The protocol uses MS-CHAPv2 for authentication and MPPE (Microsoft Point-to-Point Encryption) for data encryption, both of which have been compromised. For situations requiring the highest security standards, alternatives like OpenVPN, WireGuard, or IPsec are recommended.

Prerequisites for Installation

Before installing and configuring a PPTP VPN connection on your Manjaro system, ensure you have the following:

  • An updated Manjaro Linux installation
  • Root or sudo privileges on your system
  • Active internet connection
  • Required VPN credentials from your provider:
    • VPN server address (IP or domain name)
    • Username
    • Password
    • Domain name (if required by your VPN provider)

To prepare your system, first update your Manjaro packages. Open a terminal and run:

sudo pacman -Syu

This command synchronizes your package database and upgrades all installed packages to their latest versions. Having an updated system minimizes potential compatibility issues during the VPN client installation.

You should also check your network configuration. Ensure your system can resolve domain names by verifying your DNS settings and that there are no firewalls blocking the required PPTP ports (TCP 1723 and GRE protocol 47).

Installing PPTP Client on Manjaro

The first step in setting up a PPTP VPN connection is installing the PPTP client package. On Manjaro, this package is named pptpclient and is available in the official repositories.

To install the PPTP client, open a terminal and execute:

sudo pacman -S pptpclient

When prompted, enter your password and confirm the installation. The package manager will download and install the PPTP client and its dependencies. The primary components installed include:

  • pptp – The main PPTP client
  • pptpsetup – A utility script for creating and managing PPTP connections
  • Required PPP (Point-to-Point Protocol) libraries

After installation, verify that the PPTP client was installed correctly by checking its version:

pptp --version

You should see output displaying the version number of the installed PPTP client. If you encounter errors during installation, check common issues like:

  • Repository connectivity problems
  • Insufficient disk space
  • Dependency conflicts

Resolve these issues before proceeding to the configuration stage. With the client successfully installed, you’re ready to configure your PPTP VPN connection.

Configuring PPTP VPN Using pptpsetup Tool

The pptpsetup utility simplifies PPTP VPN configuration by automatically creating the necessary configuration files. This approach is recommended for beginners or those who prefer a straightforward setup process.

To create a new PPTP connection using pptpsetup, use the following syntax:

sudo pptpsetup --create [tunnel_name] --server [server_address] --username [username] --password [password] --encrypt

Replace the placeholders with your specific information:

  • [tunnel_name] – A name for your VPN connection (e.g., work_vpn, home_vpn)
  • [server_address] – Your VPN server’s IP address or domain name
  • [username] – Your VPN account username
  • [password] – Your VPN account password

For example, to create a connection named “my_vpn” to a server at “vpn.example.com” with username “user123” and password “pass456”:

sudo pptpsetup --create my_vpn --server vpn.example.com --username user123 --password pass456 --encrypt

The --encrypt option enables MPPE (Microsoft Point-to-Point Encryption) for the connection, which is typically required for PPTP VPNs.

Once executed, pptpsetup creates several configuration files:

  • /etc/ppp/peers/[tunnel_name] – Contains the connection settings
  • /etc/ppp/chap-secrets – Stores authentication credentials

To view the tunnels you’ve created, check the contents of the /etc/ppp/peers/ directory:

ls /etc/ppp/peers/

If you need to remove a tunnel configuration, use:

sudo pptpsetup --delete [tunnel_name]

The pptpsetup tool handles most of the configuration details automatically, making it an efficient way to set up PPTP VPN connections on Manjaro.

Manual Configuration Method

While pptpsetup is convenient for basic setups, manual configuration gives you more control over the connection parameters. This approach is useful for advanced users or when troubleshooting connection issues.

To manually configure a PPTP VPN connection, you’ll need to create or edit several configuration files:

  1. Create a peer configuration file for your tunnel: 
    sudo nano /etc/ppp/peers/[tunnel_name]

    Add the following content to the file:

    pty "pptp [server_address] --nolaunchpppd"
name [username]
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam [tunnel_name]

    Replace [server_address], [username], and [tunnel_name] with your specific information. If your VPN requires a domain name, use name [domain]\$$username] instead.

  2. Edit the CHAP secrets file to add your authentication credentials: 
    sudo nano /etc/ppp/chap-secrets

    Add a line with your username, server, password, and IP address:

    [username] PPTP [password] *
  3. Verify the global PPP options file: 
    sudo nano /etc/ppp/options

    Ensure it contains appropriate settings for your connection. Common options include:

    asyncmap 0
lcp-echo-failure 4
lcp-echo-interval 30
  4. Create a specific options file for PPTP if it doesn’t exist: 
    sudo nano /etc/ppp/options.pptp

    Add the following content:

    lock
noauth
nobsdcomp
nodeflate
mppe required,stateless

These settings configure the encryption and compression options for your PPTP connection. The mppe required,stateless line enables 128-bit MPPE encryption, which is essential for PPTP security.

For added security, ensure your configuration files have appropriate permissions:

sudo chmod 600 /etc/ppp/chap-secrets
sudo chmod 644 /etc/ppp/peers/[tunnel_name]

The manual configuration method gives you precise control over every aspect of your PPTP connection, allowing for customization based on specific requirements or network conditions.

Connecting to Your PPTP VPN

After configuring your PPTP VPN, you can establish a connection using the pon command. This utility initiates the PPP connection using the configuration files you’ve created.

To connect to your VPN, run:

sudo pon [tunnel_name]

Replace [tunnel_name] with the name you chose during configuration. The command doesn’t produce output if successful, but you can verify the connection status using several methods.

To check if the connection was established:

ip addr show

Look for a new interface named ppp0 (or ppp1, etc. if you have multiple connections). This interface represents your VPN connection.

You can also check connection logs for detailed information:

sudo tail -f /var/log/syslog

Or on Manjaro specifically:

journalctl -f

Watch for messages related to pppd and PPTP to diagnose any connection issues.

To test if your VPN is working correctly, try pinging a host on the remote network:

ping [remote_host_ip]

If you need to disconnect from the VPN, use the poff command:

sudo poff [tunnel_name]

Common connection errors include:

  • Authentication failures (incorrect username or password)
  • Server connectivity issues (incorrect server address or network problems)
  • Routing conflicts (addressed in the next section)

If you encounter errors like “LCP terminated by peer” or “Connection refused,” check your credentials and server settings, and ensure the PPTP protocol is supported by your VPN provider.

Configuring Network Routing

Proper routing configuration is crucial for a functional PPTP VPN connection. By default, connecting to a VPN doesn’t automatically route all your traffic through it, which can lead to connectivity issues.

There are two main routing approaches for PPTP VPNs:

Split Tunneling

Split tunneling routes only specific traffic through the VPN while sending other traffic directly through your regular internet connection. This is useful when you only need to access resources on the remote network.

To set up split tunneling, add routes for the remote network after connecting to the VPN:

sudo ip route add [remote_network]/[subnet_mask] dev ppp0

For example, to route traffic destined for the 192.168.10.0/24 network through your VPN:

sudo ip route add 192.168.10.0/24 dev ppp0

This command tells your system to send packets destined for the specified network through the VPN interface (ppp0).

Routing All Traffic

If you want all your internet traffic to pass through the VPN (for privacy or to bypass geographical restrictions), you need to:

  1. Set up a default route through the VPN interface: 
    sudo ip route add default dev ppp0
  2. Preserve the route to the VPN server through your regular connection to prevent breaking the VPN tunnel: 
    sudo ip route add [vpn_server_ip] via [gateway_ip] dev [interface]

Replace [vpn_server_ip] with your VPN server’s IP address, [gateway_ip] with your network gateway, and [interface] with your primary network interface (e.g., eth0 or wlan0).

To make these routing changes persistent across connections, create a script in /etc/ppp/ip-up.d/:

sudo nano /etc/ppp/ip-up.d/01-routes.sh

Add your routing commands to this script:

#!/bin/bash
# This script is called when the VPN connection is established
# $5 contains the peer IP address (VPN server's internal IP)

# For split tunneling
ip route add 192.168.10.0/24 dev ppp0

# Or for routing all traffic
# ip route add default dev ppp0
# ip route add [vpn_server_ip] via [gateway_ip] dev [interface]

Make the script executable:

sudo chmod +x /etc/ppp/ip-up.d/01-routes.sh

This script will run automatically when the VPN connection is established, applying your routing rules.

To verify your routing configuration, use:

ip route show

This command displays your current routing table, allowing you to confirm that traffic is being routed correctly through your VPN connection.

Setting Up Automatic Connection on Boot

For VPN connections that need to be persistent, setting up automatic connection at system startup is useful. This can be achieved using systemd, Manjaro’s init system.

First, create a systemd service file:

sudo nano /etc/systemd/system/vpn-[tunnel_name].service

Add the following content to the file:

[Unit]
Description=PPTP VPN connection to [tunnel_name]
After=network-online.target
Wants=network-online.target

[Service]
Type=forking
ExecStart=/usr/sbin/pon [tunnel_name]
ExecStop=/usr/sbin/poff [tunnel_name]
Restart=on-failure
RestartSec=30

[Install]
WantedBy=multi-user.target

Replace [tunnel_name] with your VPN connection name.

Enable the service to start on boot:

sudo systemctl enable vpn-[tunnel_name].service

You can also start the service immediately without rebooting:

sudo systemctl start vpn-[tunnel_name].service

To check the service status:

sudo systemctl status vpn-[tunnel_name].service

This should show whether the service is active and any recent logs.

For securing credentials in this automatic setup, make sure the permissions on your configuration files are restricted:

sudo chmod 600 /etc/ppp/chap-secrets

You can also create a separate script that securely retrieves credentials from a password manager or encrypted storage, rather than storing them in plain text in the configuration files.

To handle potential connection failures, the systemd service includes Restart=on-failure and RestartSec=30, which attempts to restart the connection 30 seconds after a failure. This provides automatic recovery from temporary network issues.

Using Network Manager GUI for PPTP

For users who prefer graphical interfaces, Manjaro’s Network Manager provides a user-friendly way to configure and manage PPTP VPN connections. This method is particularly useful for desktop environments like GNOME, KDE, or XFCE.

First, install the Network Manager PPTP plugin:

sudo pacman -S networkmanager-pptp

After installation, follow these steps to configure a PPTP connection:

  1. Click on the Network Manager icon in your system tray
  2. Select “VPN Connections” and then “Configure VPN…”
  3. In the Network Connections window, click the “+” button to add a new connection
  4. Select “Point-to-Point Tunneling Protocol (PPTP)” from the dropdown menu and click “Create…”

In the configuration dialog:

  1. Enter a name for your connection in the “Connection name” field
  2. Enter the VPN server’s IP address or domain name in the “Gateway” field
  3. Enter your username in the “User name” field
  4. Click the “Advanced…” button to configure encryption settings
    • Check “Use Point-to-Point encryption (MPPE)”
    • Set security to “128-bit (most secure)”
    • Select authentication methods (typically MSCHAPv2)
  5. Click “OK” to save the advanced settings
  6. Click “Save” to create the VPN connection

To connect to the VPN:

  1. Click the Network Manager icon in your system tray
  2. Select “VPN Connections”
  3. Click on your newly created PPTP connection

When connected, Network Manager displays a VPN icon to indicate an active connection. You can disconnect by clicking the Network Manager icon again and selecting “Disconnect” under VPN Connections.

The Network Manager GUI automatically handles most of the underlying configuration details, including authentication and routing. For advanced settings not available in the GUI, you can still edit the configuration files manually as described in previous sections.

Security Considerations and Best Practices

When using PPTP VPN on Manjaro, it’s important to understand its security limitations and follow best practices to minimize risks.

PPTP has several known security vulnerabilities:

  • The MS-CHAPv2 authentication protocol used in PPTP has been cracked
  • MPPE encryption (128-bit) is not considered strong by modern standards
  • The protocol doesn’t provide perfect forward secrecy
  • PPTP traffic can be identified and potentially blocked by firewalls

Given these limitations, consider the following security best practices:

  • Use PPTP only for non-sensitive data transmission or when other protocols aren’t available
  • Combine PPTP with additional encryption layers when possible
  • Use strong, unique passwords for your VPN authentication
  • Regularly update your PPTP client and Manjaro system to patch security vulnerabilities
  • Enable MPPE 128-bit encryption for maximum security within PPTP’s capabilities
  • Consider alternatives like OpenVPN, WireGuard, or IKEv2 for highly sensitive communications

To monitor your VPN connection for potential security issues:

  • Check connection logs regularly
  • Use tools like Wireshark to analyze network traffic patterns
  • Test for DNS leaks using services like dnsleaktest.com
  • Verify your apparent IP address has changed after connecting

For organizations requiring compliance with security standards like HIPAA or PCI-DSS, PPTP is generally not considered sufficient due to its known vulnerabilities. In these cases, stronger VPN protocols should be implemented.

Troubleshooting Common PPTP Issues

When setting up and using PPTP VPN on Manjaro, you might encounter various issues. Here are common problems and their solutions:

Authentication Failures

  • Verify your username and password are correct
  • Check if your VPN requires a domain prefix (domain\username format)
  • Ensure the secrets in /etc/ppp/chap-secrets match your credentials
  • Try disabling MSCHAPv2 if your VPN uses a different authentication method

Connection Timeouts

  • Check your internet connection
  • Ensure the VPN server address is correct
  • Verify that TCP port 1723 and GRE protocol 47 are not blocked by firewalls
  • Try connecting through a different network to rule out ISP restrictions

Routing Problems

  • Check the routing table after connection using ip route show
  • Verify that the necessary routes are added for the remote network
  • Try creating a custom routing script as described in the routing section
  • Ensure DNS resolution is working correctly

High CPU Usage

  • This is often related to routing issues or connection tracking
  • Check for connection tracking helpers if using a firewall
  • Try enabling or disabling compression options in your configuration

DNS Resolution Issues

  • Check if your VPN connection is overriding your DNS settings
  • Try manually setting DNS servers in the connection properties
  • Create a script to update /etc/resolv.conf after connection

Performance Problems

  • Try disabling compression if enabled
  • Check if your ISP throttles VPN traffic
  • Test with different server locations if available
  • Verify your local network isn’t congested

For detailed troubleshooting, examining logs is essential:

sudo journalctl -u ppp@[tunnel_name]

This command displays logs specific to your PPP connection, helping identify the exact cause of problems.

Using PPTP with Specific VPN Providers

Different VPN providers have varying requirements for PPTP connections. Here’s how to configure PPTP on Manjaro for several popular providers:

PureVPN

  1. Use one of these server addresses based on your preferred location:
    • Germany: de1.pointtoserver.com
    • Netherlands: nl1.pointtoserver.com
    • United Kingdom: ukl1.pointtoserver.com
    • United States: ustx1.pointtoserver.com or uswdc1.pointtoserver.com
    • Australia: au-sd1.pointtoserver.com
  2. Enter your PureVPN username and password
  3. In advanced settings, enable MSCHAP and MSCHAPV2 authentication
  4. Check “Allow BSD compression” and “Allow Deflate compression”

Private Internet Access

  1. Use server addresses in format: us-east.privateinternetaccess.com
  2. Use your PIA-provided credentials
  3. Enable MPPE encryption
  4. No domain name is required

NordVPN

  1. Use server addresses like: us123.nordvpn.com (check their website for current server list)
  2. Use your NordVPN username and password
  3. Enable MPPE encryption
  4. No domain name is required

For optimal performance with any provider:

  • Test multiple server locations to find the one with the lowest latency
  • Some providers offer specialized servers for different purposes (streaming, P2P, etc.)
  • Check your provider’s knowledge base for Manjaro-specific recommendations

If your provider isn’t listed here, the general configuration process remains the same. Look for:

  • PPTP server addresses specific to your provider
  • Any special authentication requirements
  • Recommended encryption settings

Most commercial VPN providers offer detailed guides for Linux configuration on their support websites.

Congratulations! You have successfully installed PPTP VPN. Thanks for using this tutorial for installing PPTP VPN on Manjaro Linux system. For additional help or useful information, we recommend you check the official PPTP VPN website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2025 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button