I am trying to set up a VPN server. The server-side setup seems fine with no errors as does the client side. Yet, when I check a "what is my ip number" website, it shows my ISP IP not the VPN ip so I'm not browsing securely.
I have followed a couple of tutorials on the web that I have combined for my particular problem.
On the server side, this is my /etc/pptpd.conf
Code:
###############################################################################
# $Id$
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################
# TAG: ppp
# Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd
# TAG: option
# Specifies the location of the PPP options file.
# By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options
# TAG: debug
# Turns on (more) debugging to syslog
#
#debug
# TAG: stimeout
# Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10
# TAG: noipparam
# Suppress the passing of the client's IP address to PPP, which is
# done by default otherwise.
#
#noipparam
# TAG: logwtmp
# Use wtmp(5) to record client connections and disconnections.
#
logwtmp
# TAG: bcrelay <if>
# Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1
# TAG: localip
# TAG: remoteip
# Specifies the local and remote IP address ranges.
#
# Any addresses work as long as the local machine takes care of the
# routing. But if you want to use MS-Windows networking, you should
# use IP addresses out of the LAN address space and use the proxyarp
# option in the pppd options file, or run bcrelay.
#
# You can specify single IP addresses seperated by commas or you can
# specify ranges, or both. For example:
#
# 192.168.0.234,192.168.0.245-249,192.168.0.254
#
# IMPORTANT RESTRICTIONS:
#
# 1. No spaces are permitted between commas or within addresses.
#
# 2. If you give more IP addresses than MAX_CONNECTIONS, it will
# start at the beginning of the list and go until it gets
# MAX_CONNECTIONS IPs. Others will be ignored.
#
# 3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
# you must type 234-238 if you mean this.
#
# 4. If you give a single localIP, that's ok - all local IPs will
# be set to the given one. You MUST still give at least one remote
# IP for each simultaneous client.
#
# (Recommended)
#localip 192.168.0.1
localip XXX.XXX.XXX.XXX # hidden server address
remoteip 192.168.25.234-238,192.168.25.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
This is my /etc/ppp/pptpd-options
Code:
###############################################################################
# $Id$
#
# Sample Poptop PPP options file /etc/ppp/pptpd-options
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection. See "man pppd".
#
# You are expected to change this file to suit your system. As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################
# Authentication
# Name of the local system for authentication purposes
# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd
# Optional: domain name to use for authentication
# domain mydomain.net
# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain
# Encryption
# Debian: on systems with a kernel built with the package
# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}
# Network and Routing
# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients. The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by a Windows
# client. See KB311218 in Microsoft's knowledge base for more information.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2
# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients. The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
#ms-wins 10.0.0.3
#ms-wins 10.0.0.4
# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system. This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
# (you do not need this if your PPTP server is responsible for routing
# packets to the clients -- James Cameron)
proxyarp
# Debian: do not replace the default route
nodefaultroute
# Logging
# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
#debug
# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump
# Miscellaneous
# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock
# Disable BSD-Compress compression
nobsdcomp
ms-dns 208.67.220.220
noipx
mtu 1490
mru 1490
This is my output from iptables:
Code:
# iptables -t nat -L
# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
This is my server-side ifconfig
Code:
# ifconfig
eth0 Link encap:Ethernet HWaddr 06:6e:94:00:00:23
inet addr:37.48.67.35 Bcast:37.48.67.127 Mask:255.255.255.128
inet6 addr: 2001:1af8:4700:a100:46e:94ff:fe00:23/64 Scope:Global
inet6 addr: 2001:1af8:4700:a101:46e:94ff:fe00:23/64 Scope:Global
inet6 addr: fe80::46e:94ff:fe00:23/64 Scope:Link
inet6 addr: 2001:1af8:4700:a100:cc2c:d6ab:92b5:a295/64 Scope:Global
inet6 addr: 2001:1af8:4700:a101:cc2c:d6ab:92b5:a295/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1577473 errors:0 dropped:0 overruns:0 frame:0
TX packets:1210923 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:874180005 (874.1 MB) TX bytes:944174490 (944.1 MB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2157 errors:0 dropped:0 overruns:0 frame:0
TX packets:2157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:423415 (423.4 KB) TX bytes:423415 (423.4 KB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:37.48.67.35 P-t-P:192.168.25.234 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1486 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:68 (68.0 B) TX bytes:62 (62.0 B)
This is the server-side ip routing
Code:
default via 37.48.67.126 dev eth0 metric 100
XXX.XXX.XXX.XXX/25 dev eth0 proto kernel scope link src XXX.XXX.XXX.XXX
192.168.25.234 dev ppp0 proto kernel scope link src XXX.XXX.XXX.XXX
Here is the client-side ip routing:
Code:
default via 192.168.1.1 dev wlan0 proto static
XXX.XXX.XXX.XXX via 192.168.1.1 dev wlan0 src 192.168.1.51
XXX.XXX.XXX.XXX dev ppp0 proto kernel scope link src 192.168.25.234
192.168.1.0/24 dev wlan0 proto kernel scope link src 192.168.1.51
192.168.25.0/24 dev ppp0 scope link
Here is my peer /etc/ppp/peers/pptpserver file:
Code:
pty "pptp XXX.XXX.XXX.XXX --nolaunchpppd"
name myusername
password mypassword
remotename PPTP
require-mppe-128
On the server I edited /etc/sysctl.conf to contain:
Code:
net.ipv4.ip_forward = 1
Then ran:
Then setup the iptables with:
Code:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save
On the client side, I did:
Code:
# modprobe ppp_mppe
# pppd call pptpserver
# ip route add 192.168.25.0/24 dev ppp0
This should have it all working. What am I missing or doing wrong?
Thankfully . . .
