Due to known security vulnerabilities, the PPTP protocol is no longer recommended for scenarios requiring secure communication. Microsoft has also removed the ability to create PPTP servers from its modern operating systems. Therefore, this article aims to provide technical guidance and strongly recommends that you use it only for testing, learning, or internal network access with extremely low security requirements. For any production environment involving sensitive data transmission, please choose a more secure alternative.

If, after understanding the above risks, you still wish to set up a PPTP service on a Linux US-based cloud server for specific purposes, the following is the operation process based on a CentOS 7 system. The entire process can be summarized in four core steps: preparing the server environment, installing the PPTP server software, configuring account and network parameters, and finally connecting on the client side. Let's start with the server-side preparation.

First, you need a lightweight cloud server running Linux and ensure you have root privileges. The first step is to log in to your server. Next, a crucial step is configuring the server's firewall and security group rules. The PPTP service requires the use of TCP port 1723 and the GRE protocol (protocol number 47). You must manually add inbound rules in the server console provided by your cloud service provider (such as the firewall of Tencent Cloud Light Application Server or the security group of Alibaba Cloud) to allow TCP:1723 and GRE protocol traffic to pass through. Simultaneously, to allow clients to access the internet through the server later (i.e., traffic forwarding), you also need to enable the server's IP forwarding function. This can be achieved by editing the system configuration file and executing the following commands:

# Enable IP forwarding
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# Make the configuration take effect immediately
sysctl -p

After completing the basic environment configuration, begin installing the PPTP server software. On CentOS 7, the PPTP server functionality is primarily provided by the `pptpd` package. Since the default software repository may not include this package, you may need to add the EPEL extension repository first before installation. The installation commands are as follows:

# Add EPEL source (skip if already added)
yum install -y epel-release
# Update package cache
yum makecache
# Install pptpd
yum install -y pptpd

After successful installation, the next step is to modify the main configuration files for the PPT service. There are two main files to edit: `/etc/pptpd.conf` and `/etc/ppp/chap-secrets`. The first file is used to set the local IP address of the private private network server and the pool of IP addresses assigned to clients. Open `/etc/pptpd.conf` using a text editor (such as vim or nano), find and ensure the following two lines are valid. They define the server's own virtual IP address and the range of IP addresses available to clients:

localip 192.168.99.1
remoteip 192.168.99.100-200

Next, you need to configure the account information for the private private network users, i.e., username and password. This is achieved by editing the `/etc/ppp/chap-secrets` file. The file format is very simple: each line defines a user, followed by the username, service type (fixed to pptpd), password, and assigned IP address (`*` indicates dynamic allocation from the address pool). For example, to add an account with the username `private private network user1` and password `your_strong_password_123`, simply add the following line to the file:

user1 pptpd your_strong_password_123 *

Note that for security, please use a strong password. After configuring the account, to allow clients to access the internet through the server, you also need to set up network address translation rules. We can use `iptables` to add a simple MASQUERADE rule. To ensure the service loads automatically at startup and the rules are persisted, you can execute the following commands:

# Add NAT forwarding rules
iptables -t nat -A POSTROUTING -s 192.168.99.0/24 -o eth0 -j MASQUERADE
# Save iptables rules (requires iptables-services)
yum install -y iptables-services
systemctl enable iptables
service iptables save
# Start the pptpd service and set it to start automatically on boot
systemctl start pptpd
systemctl enable pptpd

At this point, the server-side configuration is basically complete. Now you can switch to your personal computer (client) to test the connection. In Windows 10 or 11, you can create a new connection through "Settings" -> "Network & Internet" -> "Private network" -> "Add a private network connection". In the provided interface, you can customize the connection name, enter the public IP address of your US-based cloud server for the server address, select "Point-to-Point Tunneling Protocol (PPTP)" for the private private network type, and enter the username and password you just set in the `chap-secrets` file. Then click "Save." After saving, click "Connect" to attempt to establish a private private network tunnel. The process is similar on macOS or mobile devices; simply find the option to add a PPTP private private network in network settings.

If you encounter problems during the connection process, you can troubleshoot from several aspects: First, double-check that the security group/firewall in the US-based cloud server console has accurately allowed TCP port 1723 and the GRE protocol, as this is the most common source of problems. Second, check if the `pptpd` service on the server is running normally; you can use the command `systemctl status pptpd` to check. Additionally, you can check the server logs for clues. Use the commands `tail -f /var/log/messages` or `journalctl -u pptpd` to view the connection logs in real time, which usually provides clear error messages, such as authentication failure.

Finally, it must be emphasized again that PPTP, due to its protocol-level vulnerabilities, should not be used to protect any important data. If you require a secure, modern private network solution, it is strongly recommended that you consider switching to WireGuard. Implemented in the Linux kernel, it boasts extremely high performance, equally simple configuration, and employs more advanced encryption technologies. Alternatively, you can choose the more user-friendly Open PPPoE, which, while slightly more complex to configure, is powerful, well-supported by the community, and is a time-tested choice.