Recipe for PPTP VPN from Debian to MS Server
(corrected version)
Required Packages
-----------------
The versions of the following packages in testing as of 2007/09/18
work for this recipe.
1. Kernel image: Includes the module ppp_mppe, which had to be built
with m-a in some earlier versions.
2. pptp-linux
3. ppp
Terms
-----
domain Windows domain name
user Windows user ID
password Windows user password
pptp_server Remote Windows machine that will be at the other end
of the
the VPN/tunnel (either name or IP address is
fine).
my_tunnel What we will call the VPN/tunnel we want to start.
my_gw_IP Your local gateway; such as the broadband router at
home, or
the hotel router. The output of
ifconfig
will help you determine this.
my_nw_if Network interface you use to connect to the internet;
such as
eth1 (wireless device on my notebook), or
wlan0, etc.
The output of
ifconfig
will help you determine this.
pptp_vpn_if What the new interface representing my_tunnel will be
called.
Will be ppp0 usually. If your internet
connection is through
a modem, that interface will be ppp0 and this
one will be
ppp1.
Files
-----
In the following, replace terms in angle braces, like <my_gw_IP>, with
its
value, like 192.168.1.1.
All files will be owned by root, and the VPN will be started as root.
There are 6 files (A through F) described below.
Once these files are in place, start the tunnel with
pon <my_tunnel>
You can observe the progress of the connection with
tail -f /var/log/syslog
If you like, you can add this command to the gkrellm launcher plugin,
or other launcher (you need to use sudo so that pon can run as root).
A. /etc/ppp/peers/<my_tunnel>
Create this file specifically for this tunnel.
--- begin file ---
remotename <my_tunnel>
linkname <my_tunnel>
ipparam <my_tunnel>
pty "pptp <pptp_server> --nolaunchpppd "
name <domain>\\<user>
usepeerdns
require-mppe
refuse-eap
noauth
file /etc/ppp/options.pptp
--- end file ---
B. /etc/ppp/chap-secrets
Add the following line to this file, which already exists.
--- begin addition ---
<domain>\\<user> <my_tunnel> <password> *
--- end addition ---
C. /etc/ppp/ip-up.d/<my_tunnel>
Create this file specifically for this tunnel.
One you set up the VPN, MS PPTP wants all traffic to go through the
VPN. So these files, C & D, make the necessary changes to the routing.
These files are simplified by using hard-coded values specific to this
tunnel. If you will be connecting from many different networks, you
can generalize them using the variables described in /etc/ppp/ip-up.
--- begin file ---
#!/bin/sh
# pppd ip-up script for all-to-tunnel routing
## direct tunnelled packets to the tunnel server
route add -host <pptp_server> gw <my_gw_IP> dev <my_nw_if>
## direct all other packets into the tunnel
route del default dev <my_nw_if>
route add default dev <pptp_vpn_if>
--- end file ---
D. /etc/ppp/ip-down.d/<my_tunnel>
Create this file specifically for this tunnel.
--- begin file ---
#!/bin/sh
route del -host <pptp_server> dev <my_nw_if>
route del default dev <pptp_vpn_if>
route add default gw <my_gw_IP> dev <my_nw_if>
--- end file ---
E. /etc/ppp/options.pptp
This file is as distributed - no changes are required. I provide it
for
reference only.
--- begin file ---
################################################## #############################
# $Id: options.pptp,v 1.1 2005/02/18 01:40:23 quozl Exp $
#
# Sample PPTP PPP options file /etc/ppp/options.pptp
# Options used by PPP when a connection is made by a PPTP client.
# This file can be referred to by an /etc/ppp/peers file for the
tunnel.
# Changes are effective on the next connection. See "man pppd".
#
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 or later from
http://ppp.samba.org/
# and the kernel MPPE module available from the CVS repository also on
#
http://ppp.samba.org/, which is packaged for DKMS as
kernel_ppp_mppe.
################################################## #############################
# Lock the port
lock
# Authentication
# We don't need the tunnel server to authenticate itself
noauth
# We won't do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
#refuse-eap
#refuse-chap
#refuse-mschap
# Compression
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate
# Encryption
# (There have been multiple versions of PPP with encryption support,
# choose with of the following sections you will use. Note that MPPE
# requires the use of MSCHAP-V2 during authentication)
#
http://ppp.samba.org/ the PPP project version of PPP by Paul
Mackarras
# ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
# {{{
# Require MPPE 128-bit encryption
require-mppe-128
# }}}
#
http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
# ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
# {{{
# Require MPPE 128-bit encryption
#mppe required,stateless
# }}}
--- end file ---
F. /etc/ppp/options
No changes are required to this file. I provide it for reference only.
It
is as distributed, except that it was very long, so I took out all the
comments and options that were commented out.
--- begin file ---
# /etc/ppp/options
#
# Originally created by Jim Knoble <(E-Mail Removed)>
# Modified for Debian by alvar Bray <(E-Mail Removed)>
# Modified for PPP Server setup by Christoph Lameter
<(E-Mail Removed)>
#
# To quickly see what options are active in this file, use this
command:
# egrep -v '#|^ *$' /etc/ppp/options
asyncmap 0
auth
crtscts
lock
hide-password
modem
proxyarp
lcp-echo-interval 30
lcp-echo-failure 4
noipx
--- end file ---
Similar Threads
Linear Mode
