I found a straightforward way to get the Poptop VPN server working on Redhat 9. I was having trouble for whatever reason, but here's what I did to get it working.
1. Install a fresh distro of Red Hat 9 using the Server installation option and the LILO bootloader.
2. Install webmin from
www.webmin.com Always a useful application for adminstrating your server.
3. Go to
http://www.spenneberg.com/Downloads/6.html Click the VPN folder and then the RedHat-9 folder.
4. Download the following .rpm files:
kernel-2.4.20-18.9_ipsec199_0.9.31_mppe.i686.rpm
libsmbpw-1.3-rh9_1.i386.rpm
ppp-2.4.1-rh9_mppe10.i386.rpm
poptop-1.1.4-rh9_beta4_1.i386.rpm
5. Install kernel-2.4.20-18.9_ipsec199_0.9.31_mppe.i686.rpm and then reboot so that the new kernel is booted.
6. Install libsmbpw-1.3-rh9_1.i386.rpm
7. Uninstall the ppp package that is already installed: rpm -e --nodeps ppp-2.4.1-10
8. Install ppp-2.4.1-rh9_mppe10.i386.rpm
9. Install poptop-1.1.4-rh9_beta4_1.i386.rpm
10. Now that everything is installed, edit /etc/pptpd.conf and uncomment the following:
option /etc/ppp/options.pptpd
debug
localip 192.168.0.234-238,192.168.0.245 (for whatever is appropriate for your network)
remoteip 192.168.1.234-238,192.168.1.245 (for whatever is appropriate for your network)
11. Edit /etc/ppp/options.pptpd or create it if it doesn't exist. I want mschap-v2, mppe-128 and mppe-stateless only, so mine looks
like this:
## CHANGE TO SUIT YOUR SYSTEM
lock
## turn pppd syslog debugging on
debug
## change 'pptpd' to whatever you specify as your server name in chap-secrets
name pptpd
proxyarp
#bsdcomp 0
# This option applies if you use ppp with chapms-strip-domain patch
#chapms-strip-domain
# These options apply if you use ppp with mppe patch
# NB! You should also apply the ChapMS-V2 patch
#-chap
-chapms
+chapms-v2
mppe-128
mppe-stateless
# These options will tell ppp to pass on these to your clients
# To use ms-wins or ms-dns in options.pptpd it must exist in /etc/resolv.conf
#ms-wins your.server.here
ms-dns my.dnserver.com
refuse-pap
refuse-chap
refuse-chapms
require-chapms-v2
12. Edit /etc/chap-secrets. I want to use the smbpasswd file to authenticate users, so mine reads:
# Secrets for authentication using CHAP
# client server secret IP addresses
"*" pptpd &/etc/samba/smbpasswd "*"
13. I used PWDUMP3 to dump my domain user accounts and password hashes into a text file. I populated my smbpasswd file with the results of PWDUMP so that I can use my domain accounts. Just remember that the usernames are case sensitive, yes I said case sensitive, so create 2 sets of users in the smbpasswd file. For each user there should be an entry for domain\username and DOMAIN\username. The reason for this is that if they are using the Windows VPN client and it's set to "Include Windows ogon domain", the domain name will be sent in caps. If you don't have the smbpasswd file populated with the domain name in caps, the authentication will fail. Just make sure your users don't put their username in caps and you'll be okay.
14. Edit the /etc/sysctl.conf file and change the following line from 0 to 1:
net.ipv4.ip_forward = 1
15. start the poptop server: /etc/rc.d/init.d/pptpd start
16. Test things out by trying to connect from a windows client. Just make sure the windows client is set to connect the way you have your options.pptpd set.
17. Configure your firewall if necessary. Good luck. I got this working with no problems after I found a reference to the
http://www.spenneberg.com site. I was having all kinds of trouble before that.