DigitalOcean

Report this

What is the reason for this report?
Question

VPN Trouble - Unable to connect to internet via VPN

Posted on July 8, 2014
mrkggg

By mrkggg

Hello:

I currently am running centos 6 and I followed the instructions found here (https://www.digitalocean.com/community/tutorials/how-to-setup-your-own-vpn-with-pptp ) To install a vpn on my droplet. I am able to connect to the vpn using PTPP however, when I am connected I am not able to connect to the outside internet?

If anyone knows of any quick fixes that would be wonderful or if you wouldn’t mind taking a look at my box that would also be helpful feel free to email me at markg@codebluehost.com to contact me.

Thanks again so much! Mark :)



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Kamal Nasser
Kamal NasserDigitalOcean Employee badge
July 11, 2014

What’s the output of the two following commands?

sysctl net.ipv4.ip_forward
sudo iptables-save
0
mrkggg
mrkggg
July 15, 2014

The first one outputs this net.ipv4.ip_forward = 1

0
raabooali
raabooali
July 18, 2014

If your main purpose of setting up the VPN server is to access website, So traffic has to be forwarded out of the VPN server’s public network interface.Thus, kindly enable port forwarding by editing the sysctl.conf file. I assume “net.ipv4.ip_forward” is commented in the /etc/sysctl.conf file:

nano /etc/sysctl.conf

Add or find and comment out the following line

net.ipv4.ip_forward=1

Save, close the file and run the following command to make the changes take effect.

sysctl -p

The following iptables firewall rules allow port 1723, GRE and perform NAT

iptables -I INPUT -p tcp --dport 1723 -m state --state NEW -j ACCEPT
iptables -I INPUT -p gre -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE

In the last rule replace “eth0″ with the interface connecting to the internet on your VPN server. Finally the following rule is required to ensure websites load properly.

iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -s 172.20.1.0/24 -j TCPMSS  --clamp-mss-to-pmtu

Replace 172.20.1.0/24 with the IP address range used in the “remoteip” option in the /etc/pptpd.conf this firewall rule is used to ensure a proper MTU value is used to prevent fragmentation.

Hope it could help.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.