Just set up a VPN server on Debian for my Mac and iPhone to use when they are using public WiFi. Surprisingly straight forward really!
First thing to do is to install the PPTP server:
sudo aptitude install pptpd
Next setup an account:
echo "<username> pptpd <password> *" >> /etc/ppp/chap-secrets
Enable IP forwarding and masquerading so that you are able to access the internet rather than just the local network of the VPN server:
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -
/sbin/iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT
Next, you need to let PPTPD know what DNS servers to tell clients to use:
Change the settings for ms-dns and ms-wins to your desired DNS servers:
Obviously replace the IP addresses here with your own ones!
Finally reset the PPTP server:
service pptpd restart
When setting up the VPN configuration on the Mac, make sure to select “Send all traffic over VPN connection” in the Advanced settings.
If you can’t establish a VPN connection, you may need to open the PPTP port in iptables:
iptables -I INPUT -p tcp --dport 1723 -j ACCEPT
When setting up the VPN configuration on the iPhone, make sure to set the “Encryption Level” setting to “Auto” and to set the “Send All Traffic” setting to “ON”.
To save your itables settings permanently:
service iptables save active
If you get an error about an unrecognized service, follow the instructions here regarding saving your iptables settings instead.
To enable IP forwarding permanently, set the following setting in /etc/sysctl.conf:
net.ipv4.ip_forward = 1