Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
By djbanaan at 2005-03-16 17:06
|
This document describes how to set up a Point-to-Point tunneling protocol (PPTP)
VPN server (and client) using Slackware Linux [www.slackware.com] and PoPToP
[www.poptop.org]. PPTP - a Microsoft protocol - may not be the most advanced
protocol for setting up VPN, but is relatively easy to set up and isn't as
intrusive to your system as other VPN solutions such as OpenSwan. Another
plus is that it is supported by nearly every Windows version in their default
installation, making it a breeze for your clients to connect.
A word of warning before getting started:
MPPC, the compression protocol used for PPTP, is a patented technology.
Therefore, it may be illegal in your country to use this technology without
the consent of Hifn Inc (http://www.hifn.com/), the patent holder for MPPC.
With the legal chit-chat out of way, let's get going!
***************************************************
Table of contents
***************************************************
***************************************************
1. Requirements
2. Installing and configuring the server end
2.1 Installing MPPC/MPPE support in the kernel
2.2 Installing poptop
2.3 Configuring poptop
2.3.1 Setting up IP-addressing
2.3.2 Configuring the pptp daemon
2.3.3 Adding users
3 Installing and configuring the client end
3.1 Installing the Linux pptp client
3.2 Configuring the Linux pptp client
***************************************************
*****************
1 Requirements
*****************
The installation of the PPTP server and client requires the following packages
on your system:
- Kernel sources
- ppp (from the "n" series of packages)
For the remainder of this document we are going to assume that your kernel sources
are installed in /usr/src and that the ppp package installed is the default Slackware
ppp package, which is already equipped with MPPE support.
Apart from these requirements this document also assumes some basic knowledge of
TCP/IP networking and familiarity with Linux kernel compilation.
*********************************************
2 Installing and configuring the server end
*********************************************
************************************************
2.1 Installing MPPC/MPPE support in the kernel
************************************************
The first step is making sure that our kernel has support for MPPC/MPPE.
The PoPToP project provides several methods for installing MPPC/MPPE support,
but these are for older kernels. Therefore we are going to do things by hand
using the MPPC/MPPE patch from http://www.polbox.com/h/hs001/
Download the appropriate MPPE/MPPC patch for your kernel version from
http://www.polbox.com/h/hs001/#AEN56 and place it in /usr/src.
- Note 1 : The patch assumes the path of your kernel sources
to be /usr/src/linux-$VERSION, but since /usr/src/linux is
usually a symlink to this directory this should not be much of a problem.
- Note 2 : If there is no patch for your kernel version, you can try
downloading the patch with a version number closest to yours and
making a symlink like this:
ln -s /usr/src/linux-$MYVERSION /usr/src/linux-$MPPE-MPPC-PATCH-VERSION
Apply the patch to your kernel sources:
cd /usr/src
zcat linux-$VERSION-mppe-mppc-1.3.patch.gz | patch -p0
configure the kernel:
cd /usr/src/linux
make menuconfig
in the kernel configuration menu go to Device drivers --> networking support
make sure the configuration options for ppp look like this:
[...]
<M> PPP (point-to-point protocol) support
[ ] PPP multilink support (EXPERIMENTAL)[*] PPP filtering
<M> PPP support for async serial ports
<M> PPP support for sync tty ports
<M> PPP Deflate compression
<M> PPP BSD-Compress compression
<M> Microsoft PPP compression/encryption (MPPC/MPPE)
[...]
Next go to Cryptographic options in the kernel configuration menu and enable
SHA1 and RC4 algorithms. Exit menuconfig and save your configuration.
Compile your new kernel and modules. For this I use "make modules modules_install bzImage"
and handle post compilation tasks by hand, but feel free to compile the new kernel in a way you feel comfortable with. Reboot your system and verify that your new kernel functions OK.
Add the following lines to /etc/modules.conf:
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldics-14 ppp_synctty
alias ppp-compress-18 ppp_mppe_mppc
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias tty-ldisc-14 ppp_synctty
This concludes the kernel part of the installation.
***********************
2.2 Installing poptop
***********************
Grab the latest stable pptpd sources from http://sourceforge.net/project/showfiles.php?group_id=44827
compile and install pptpd:
tar zxvf pptpd-$VERSION.tar.gz
cd pptpd-$VERSION
./configure
make
su
make install (or use checkinstall (available from "extra" series of packages) to generate a slackpack)
************************
2.3 Configuring poptop
************************
********************************
2.3.1 Setting up IP-addressing
********************************
Now that we've got all the packages installed in the correct location we can start configuring poptop.
First we are going to define an IP-address for the pptp server and IP-addresses to assign to our clients. We can chose to either assign a separate IP-address for the server to be used for every incoming connection, or we can use a single IP address to be used for each connection. In this example we will use a single IP address on the server end.
In /etc/pptpd.conf add the following lines:
localip 10.0.0.1
remoteip 10.0.0.2-20
This assigns the IP-address 10.0.0.1 to the pptp server, note that this ip-address does not get assigned to any of the physical interfaces on the server, it is used purely for virtual interfaces. You should, of course, use an IP-range appropriate for your subnet.
The second line defines a range of ip-addresses to be assigned to clients.
***********************************
2.3.2 Configuring the pptp daemon
***********************************
With the IP-addressing sorted, we can move along to the configuration of our server. We are going to configure pptpd using the file /etc/ppp/options.pptpd. We have to make sure pptpd reads this file by adding the following line to /etc/pptpd.conf:
option /etc/ppp/options.pptpd
Next, add the following lines to /etc/ppp/options.pptpd:
name pptpd
ipparam PoPToP
lock
mtu 1490
mru 1490
ms-wins $YOUR WINS SERVER IP, IF APPLICABLE, GETS ASSIGNED TO WIN CLIENTS
ms-dns $YOUR PRIMARY DNS SERVER, GETS ASSIGNED TO WIN CLIENTS
ms-dns $YOUR SECONDARY DNS SERVER, GETS ASSIGNED TO WIN CLIENTS
multilink
proxyarp
auth
require-mschap
require-mschap-v2
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 30
lcp-echo-interval 5
deflate 0
require-mppe-128
nopcomp
noaccomp
Remember to inspect the ms-wins and ms-dns options and assign the appropriate ip-addresses if necessary. ms-wins is only required if windows clients are going to access windows servers on the other end of the tunnel.
Note that this configuration allows only 128 bit encryption, some versions of Windows need an 128-bit encryption pack installed for this to work. This pack is available from Microsoft.com. It is also possible to set the cypher strength to 40 bits:
require-mppe-40
This will allow any Windows client to connect, but it is, of course, inherently less secure.
********************
2.3.3 Adding users
********************
Next we are going to set up user accounts. There are several ways to authenticate users on the pptp server, including radius and Samba. In this how-to we'll stick to using ppp's chap-secrets file.
Users are added to the file /etc/ppp/chap-secrets in the following manner:
username pptp-server-name password ip-address
So a valid user entry would look like this:
joesixpack pptpd somepassword *
This allows user "joesixpack" to authenticate with server "pptpd" using the password "somepassword". Once joesixpack is logged in and connection has been established, his machine will be assigned the first available ip-address as defined in the previous step. It is also possible to assign each user his or her own ip-address.
Note that passwords containing special characters have to be quoted.
We can now start the pptp daemon:
/usr/sbin/pptpd
You can now test your connection using a Windows machine. If you don't have a Windows machine for testing (hey, that's understandable ;-)), read on through the next section to set up a pptp linux client.
*********************************************
3 Installing and configuring the client end
*********************************************
The client end has the same requirements as the server end. It requires the MPPE/MPPC patch to be applied to the kernel and also requires the ppp package to be installed. For instructions on applying the kernel patch, see section 2.1.
**************************************
3.1 Installing the Linux pptp client
**************************************
If all went well you should have an MPPE/MPPC enabled kernel. We can proceed with the installation of the pptp client. First, grab the sources from [http://pptpclient.sourceforge.net/#download]
unpack the sources:
tar zxvf pptp-linux-$VERSION.tar.gz
compile the software and install the binaries:
cd pptp-linux-$VERSION
make
su
make install
***************************************
3.2 Configuring the Linux pptp client
***************************************
Create a file called /etc/ppp/options.pptp and put the following line in it:
lock noauth nodeflate nobsdcomp
Add the following line to /etc/ppp/chap-secrets:
username pptpd password *
Substitute username and password for the credentials you want to use to connect to the pptp server.
Now create a file called /etc/ppp/peers/YOURTUNNELNAME, replacing YOURTUNNELNAME with whatever
name you want to use to identify your tunnel. Place the following lines in this file:
pty "pptp YOURPPTPSERVER --nolaunchpppd"
name YOURUSERNAME
mtu 1490
mru 1490
remotename pptpd
require-mschap
require-mschap-v2
require-mppe-128
file /etc/ppp/options.pptp
ipparam YOURTUNNELNAME
persist
Where YOURPPTPSERVER is the address of the pptp server you want to connect to, YOURUSERNAME speaks for itself and YOURTUNNELNAME should be the same name as the file you just created in /etc/ppp/peers.
There is one last detail to be handled, which is routing.
To make sure our traffic gets routed to the other end of the tunnel, create a file called ip-up in /etc/ppp and add the following lines to this file:
#!/bin/sh
/sbin/route add -net REMOTE-NET-IP netmask REMOTE-NET-MASK dev ppp
In which you have to replace the IP-address and the mask with those of the subnet on the other end of the tunnel. If there is no network on the other side, but just the pptp server, you can use -host instead of -net. When your done, save the file and make it executable:
chmod +x /etc/ppp/ip-up
Now that all is set up we can start the tunnel:
pppd call YOURTUNNELNAME
If all has gone well you should see something along the lines of:
Mar 16 19:25:53 feike pppd[7319]: local IP address 10.0.0.5
Mar 16 19:25:53 feike pppd[7319]: remote IP address 10.0.0.1
in /var/log/messages and you should be able to ping across the tunnel.
|
|
|
All times are GMT -5. The time now is 04:56 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|
i configured all for slackware server...
but wen i try to connect from windows client appear
error 800 unable to conecto to client..
do you know if at windows do i have to soecific something??? on the propieties..??
at the menu config ... in the kernel the options for PPP i selected like this
<M>PPP (point-to-point protocol) support
[ ] PPP multilink support (EXPERIMENTAL)[*] PPP filtering
<M>PPP support for async serial ports
<M>PPP support for sync tty ports
<M>PPP Deflate compression
<M>PPP BSD-Compress compression[*]Microsoft PPP compression/encryption (MPPC/MPPE)
if this is ok??
well other think i think could be the error for not connect the client windows to my server linux is that
/etc/pptpd.conf didnt exist at my slackware i have to copied from the directory /pptp-2../samples to /etc
other thing the file /etc/ppp/options.pptpd doesnt exist only existe
/etc/ppp/option .. i have to copied to this location from the samples too
my slackware version is 10.0
can you helpe to find wich is the error?? i can answer all you ask me please...
I did everything as written in Djbanaan's article and ... found two problems:
1. libwrap.so.0 is missing and I can't find it for Slackware (???). Problem occurs when pptpd is started "properly" (/usr/sbin/pptpd). However, when I start pptpd directly from command line, it doesn't ask for libwrap.so.0 and runs.
2. when pptpd is running I can't connect using windows xp sp2 client. Returned error code is 619. Firewall is, of course, off.
What is wrong?
(slackware 10.2)
Greets, Lukas
Anyway I'll always love linux and my web hosting plans run under linux really well.
The steps I needed were these
1. Install pptd package from slackbuilds
2. add to rc.modules
/sbin/modprobe ppp_mppe
3. mkdir /etc/ppp/peers
4. symlink bin/ip to sbin/ip
5. Create file
/etc/ppp/ip-up
/sbin/route add -host
6. pptpsetup --create imperial --server NETWORK_ADDRESS --username USERNAME --password PASSWORD
7. pppd call imperial dump debug logfd 2 nodetach require-mppe
this gets ppp0 running
8. /sbin/ip route add default dev ppp0
This adds ppp0 to the routing table
9. We can then connect to her folder using konquereor
smb://icfs.cc.ic.ac.uk/username
10. login as ic.ac.uk\username
Just a couple of things I noticed though:
The package you want from slackbuilds is "pptp" not "pptd"
When I ran
Either way I can access my files stored at uni now, thanks again!
I managed to set up the client correctly and it connects to the vpn.
This is the output from /var/logs/messages:
pppd[3307]: CHAP authentication succeeded
pppd[3307]: MPPE 128-bit stateless compression enabled
pppd[3307]: local IP address 93.182.149.27
pppd[3307]: remote IP address 93.182.149.2
This is output of ifconfig:
ppp0 Link encap:Point-to-Point Protocol
inet addr:93.182.149.27 P-t-P:93.182.149.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1496 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:62 (62.0 B) TX bytes:79893 (78.0 KiB)
My problem is setting up the routing for the connection to go from the vpn server to eth0
when I type:
route add -net 93.182.149.0 netmask 255.255.255.0 dev ppp0
that doesn't work. If anyone could help it would be much appreciated
Thanks