Trying to set specific Public IP for each PPTP VPN user from Linux server

Sakib Mahmud

2/25/23, 11:03 AM

I have a PPTP VPN server. There are 5 users. I want to give each user one specific Public IP address. I have been trying to do this with iptables.

`IP information`

Range: 50.250.█.81 to 50.250.█.85
CIDR Block: 50.250.█.80/29
Gateway IP Address: 50.250.█.86

iptables -t nat -A POSTROUTING -s 192.168.123.102 -o eth0 -j SNAT --to-source 50.250.█.82

I am using above iptables rule. My problem is, PPTP users can connect to the VPN server but can't use the internet. My current iptables rules are -

`iptables -t nat -L -v -n`

 pkts bytes target     prot opt in     out     source               destination

Chain INPUT (policy ACCEPT 1931 packets, 121K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 38 packets, 19511 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 SNAT       all  --  *      *       0.0.0.0/0            192.168.123.102      to:50.250.█.82

Chain OUTPUT (policy ACCEPT 7 packets, 482 bytes)
 pkts bytes target     prot opt in     out     source               destination

`iptables-save`

# Generated by xtables-save v1.8.2 on Mon Oct 25 12:28:21 2021
*filter
:INPUT ACCEPT [749:298243]
:FORWARD ACCEPT [816:328055]
:OUTPUT ACCEPT [421:118874]
COMMIT
# Completed on Mon Oct 25 12:28:21 2021
# Generated by xtables-save v1.8.2 on Mon Oct 25 12:28:21 2021
*nat
:PREROUTING ACCEPT [42:11756]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [42:11756]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.123.102/32 -o eth0 -j SNAT --to-source 50.250.█.82
COMMIT
# Completed on Mon Oct 25 12:28:21 2021

`ip route ls`

default via 50.250.█.86 dev eth0 src 50.250.█.81 metric 202
default via 10.1.10.1 dev wlan0 proto dhcp src 10.1.10.203 metric 303
10.1.10.0/24 dev wlan0 proto dhcp scope link src 10.1.10.203 metric 303
50.250.█.80/29 dev eth0 proto dhcp scope link src 50.250.█.81 metric 202
192.168.123.101 dev ppp0 proto kernel scope link src 192.168.123.1
192.168.123.102 dev ppp1 proto kernel scope link src 192.168.123.1

`cat /etc/ppp/chap-secrets`

user1 pptpd password 192.168.123.101
user2 pptpd password 192.168.123.102
user3 pptpd password 192.168.123.103
user4 pptpd password 192.168.123.104
user5 pptpd password 192.168.123.105

What could be the reason? Thanks in advance.

0 + 0

firewall

routing

iptables

pptp

pptpd

Nikita Kipriyanov

2/25/23, 11:20 AM

"it's not working" — and what's going on instead? What do you see? Also, it could help to flush the connection table (use `conntrack-tools`). Also, a side note: please, never do `iptables -L`. It hides important details. Always use `iptables-save`. I've encountered many cases when something did not work but appeared correct with `iptables -L`, and when we looked into `iptables-save`, it showed some additional match or option so the source of the problem became obvious.

Sakib Mahmud

2/25/23, 11:38 AM

Thanks, I updated the post. I flushed the connection table using ```conntrack -F``` but still user's can't access internet.

Nikita Kipriyanov

2/25/23, 11:42 AM

"Can't access Internet" is very vague symptom. You have to elaborate it, to find out exactly how they can't access. And, you want them not only access the Internet, but also have a particular IP. Did they really being NATed into this IP? I think traffic capture is best debug tool here, so try `tcpdump` and check which packets ingres from your VPN client and what are they being translated into.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Trying to set specific Public IP for each PPTP VPN user from Linux server

TH: กำลังพยายามตั้งค่า IP สาธารณะเฉพาะสำหรับผู้ใช้ PPTP VPN แต่ละคนจากเซิร์ฟเวอร์ Linux

RO: Încercarea de a seta un IP public specific pentru fiecare utilizator PPTP VPN de pe serverul Linux

RU: Попытка установить определенный общедоступный IP-адрес для каждого пользователя PPTP VPN с сервера Linux

VI: Cố gắng đặt IP công cộng cụ thể cho từng người dùng VPN PPTP từ máy chủ Linux

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.