PPTP VPN is no longer supported in iOS 10 and macOS Sierra for security concerns. The alternative protocols are L2TP over IPSec,
IKEv2, Cisco IPSec. It forces me to update my previous blog Set up VPN on OS X with AWS.
Table of Contents
1. Set up VPN on the server-side, AWS
Step 1: Connect to EC2 instance through SSH
$ ssh -i wp_sparkandshine.pem email@example.com
Step 2: Download IPsec VPN Server Auto Setup Scripts
ubuntu@ip-xx-xx-xx-xx:~$ wget https://git.io/vpnsetup -O vpnsetup.sh
Step 3 (Option): Configure the following fields
YOUR_IPSEC_PSK='' YOUR_USERNAME='' YOUR_PASSWORD=''
Step 4: Run the shell script
sudo sh vpnsetup.sh
2. Set up VPN on the user-side, macOS
Follow the instructions on Configure IPsec/L2TP VPN Clients to set up IPsec/L2TP VPN clients.
3. Manage VPN Users
Excerpt from Manage VPN Users:
(1) IPsec PSK
The IPsec PSK (pre-shared key) is stored in
/etc/ipsec.secrets. To change to a new PSK, just edit this file. All VPN users will share the same IPsec PSK.
%any %any : PSK "your_ipsec_pre_shared_key"
IPsec/L2TP, VPN users are specified in
/etc/ppp/chap-secrets. The format of this file is:
"your_vpn_username_1" l2tpd "your_vpn_password_1" * "your_vpn_username_2" l2tpd "your_vpn_password_2" * ... ...
(3) Cisco IPsec
IPsec/XAuth ("Cisco IPsec"), VPN users are specified in
/etc/ipsec.d/passwd. The format of this file is:
your_vpn_username_1:your_vpn_password_1_hashed:xauth-psk your_vpn_username_2:your_vpn_password_2_hashed:xauth-psk ... ...
Passwords in this file are salted and hashed. This step can be done using e.g. the
# The output will be your_vpn_password_1_hashed openssl passwd -1 'your_vpn_password_1'
(4) Restart service
sudo service ipsec restart sudo service xl2tpd restart
 Prepare for removal of PPTP VPN before you upgrade to iOS 10 and macOS Sierra
 GitHub: IPsec VPN Server Auto Setup Scripts
 GitHub: Configure IPsec/L2TP VPN Clients
 GitHub: Manage VPN Users