Public Repository

Last pushed: a year ago
Short Description
Simple PPTP VPN Server with SNAT by default
Full Description

PPTP VPN Server Docker Image

This is a docker image with simple VPN (PPTP) server with chap-secrets authentication.

On Docker Hub Registry: samos123/pptp-vpn-server
Source code on GitHub: samos123/docker-pptp-vpn-server

PPTP uses /etc/ppp/chap-secrets file to authenticate VPN users.
You need to create this file on your own and link it to docker when starting a container.

Example of chap-secrets file:

# Secrets for authentication using PAP
# client    server      secret      acceptable local IP addresses
username    *           password    *

Starting VPN server

To start VPN server as a docker container run:

docker run -d --privileged -p 1723:1723 --net host -v {local_path_to_chap_secrets}:/etc/ppp/chap-secrets samos123/pptp-vpn-server

Edit your local chap-secrets file, to add or modify VPN users whenever you need.
When adding new users to chap-secrets file, you don't need to restart Docker container.

Connecting to VPN service

You can use any VPN (PPTP) client to connect to the service.
To authenticate use credentials provided in chap-secrets file.

Note: Before starting container in --net=host mode, please read how networking in host mode works in Docker:

Credits and Authors

Original Author of the image is Przemek Szalko

Minor modifications and maintenance of this image by Sam Stoelinga(samos123)

Docker Pull Command

Comments (3)
9 months ago

Also useful inside the container to update /etc/ppp/pppd-options (docker exec -it yourpptpcontainername bash)

  • vi /etc/ppp/ppd-options
    -- ms-dns <-- your internal dns
    -- ms-dns

Inside /etc/pptpd.conf define your localip and remoteip range.

For Docker v12, --net host isn't required (might not even be supported)

a year ago

One additional task required on the docker host machine as root:

  • modprobe ip_gre
  • modprobe nf_conntrack_pptp nf_nat_pptp
a year ago

For Amazon AWS users:

  • In AWS console > Networking & Security > Security Groups
    • inbound rules
      • open custom tcp rule - tcp - 1723
      • open custom protocol (47) port range all (enables GRE)