Setup PPTP on Ubuntu 16.04 with WiFi router support

This guide has been tested with Ubuntu 16.04 Server.

This configuration is also supported by WiFi Routers

Setup PPTP Server
First we need to install pptp server using apt-get

Then we need to configure the pptpd.

Add server IP and client IP at the end of the file. You can add like below:

This sets up the PPTP server to use IP while distributing the IP range to to PPTP clients. Change these as you wish as long as they are private IP addresses and do not conflict with IP addresses already used by your server.

Configure DNS servers to use when clients connect to this PPTP server

Uncomment the ms-dns and add google like below or OpenDNS

Now change the following


Now add a VPN user in /etc/ppp/chap-secrets file.

The column is username. Second column is server name, you can put “pptpd” in there. Third column is password. The last column is the IP addresses, you can put * to allow all IP.

Finally start your server

Setup IP Forwarding
To enable IPv4 forward. Change /etc/sysctl.conf file, add forward rule below.

Uncomment the line

Then reload the configuration

Add forward rule in iptables

adding to the bottom just before the exit 0

This example is using 192.168.0 for its PPTP subnet. The second rule adjusts the MTU size :

You are done. Just reboot your server and you should be able to connect to using PPTPD and send all your traffic through this server.

Install httpd 2.4 on centos 6/7 from source

Here is the guide to install httpd 2.4 on your centos 7 / 6 install

Make sure you have already installed following packages on your server.

Then, we will choose the latest version from Apache website. and download it.

If you are using this article on CentOS 7, the APR version on yum won’t work for you, and you should compile the apr, and apr-util from source, so please remove it from your server if you installed it via yum, `and try following:

Download and unzip all needed files

Configure , make and make install

Start Your server


You can see the reference article here

How to Protect Your SSH Server With Fail2Ban [Linux/Ubuntu]

SH is a good tool for you to remotely access your computer/server and make changes to it as if you are in front of the computer. If you have a SSH server, we have shown you how to generate and use a public/private key so you can connect to the remote server securely, but that doesn’t mean your SSH server is safe. On the contrary, most SSH servers are vulnerable to brute force attack and if you are not paying attention, hackers could easily hack into your server and destroy/steal everything you have.

Fail2Ban is a simple, yet useful tool that can monitor your server from malicious attack and block them before they can wreak havoc.


Fail2Ban is already available in the Ubuntu repository, so you just issue install  command:

When you have finished installing Fail2Ban, the next step is to move the configuration file to a local folder so you won’t change the main configuration file accidentally.

Configuring fail2ban

After installall, Fail2Ban will automatically start to monitor your server for malicious attacks. In most cases, the default settings are sufficient to protect your site, but if you have some custom server configuration (like different port for SSH access) or want to enable some other services, here is how you can do so:

The configuration file is divided into different sections. The first one that you will come across is



The few parameters that you need to take note here is ignoreipbantime and maxretry.

  • ignoreip – this is the place where you whitelist the IP that you don’t want to block. The default is the localhost ( You can add additional IPs to the field, separating each IP with a space.
  • bantime – this is the amount of time in seconds to block the IP from accessing your server. The default is 10 minutes (600 seconds)
  • maxretry -this is the number of failed login attempt before the IP is blocked.

There is also the destemail field to specify an email  to notify when there is malicious attack is detected. (You need a mail server installed to get email working).

The next section is the “Actions”.


Most of the settings here can be left default unless you want to change the banaction andprotocol. The default “banaction” is via the IPTable. You can get it to use the multi-port setting or create a new IpTable for this. The default value for the “protocol” is tcp, but you can change it to udp , depending on which connection you are using.

The last part of the “Jail” section where you can configure Fail2Ban to monitor your Apache server, FTP server, mail server and DNS server.


n most cases, you just have to change the “enabled = false” setting to “enabled = true” and it will be activated for that service. If you are not using the usual port 20 for SSH, you can also change the port number in the setting above.

Once you are done with the configuration, press “Ctrl + o” to save and “ctrl + x” to exit.

Lastly, restart the Fail2Ban service with the command:

If you want to protect your Webmin which is running on port 10000

Ref :