Just set up a VPN server on Debian for my Mac and iPhone to use when they are using public WiFi. Surprisingly straight forward really!

First thing to do is to install the PPTP server:

sudo aptitude install pptpd

Next setup an account:

echo "<username> pptpd <password> *" >> /etc/ppp/chap-secrets

Enable IP forwarding and masquerading so that you are able to access the internet rather than just the local network of the VPN server:

echo 1 > /proc/sys/net/ipv4/ip_forward /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED - j ACCEPT /sbin/iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT

Next, you need to let PPTPD know what DNS servers to tell clients to use:

vim /etc/ppp/pptpd-options

Change the settings for ms-dns and ms-wins to your desired DNS servers:

ms-dns ms-dns ms-wins ms-wins

Obviously replace the IP addresses here with your own ones!

Finally reset the PPTP server:

service pptpd restart

When setting up the VPN configuration on the Mac, make sure to select “Send all traffic over VPN connection” in the Advanced settings.

If you can’t establish a VPN connection, you may need to open the PPTP port in iptables:

iptables -I INPUT -p tcp --dport 1723 -j ACCEPT

When setting up the VPN configuration on the iPhone, make sure to set the “Encryption Level” setting to “Auto” and to set the “Send All Traffic” setting to “ON”.

To save your itables settings permanently:

service iptables save active

If you get an error about an unrecognized service, follow the instructions here regarding saving your iptables settings instead.

To enable IP forwarding permanently, set the following setting in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

Safe browsing!