LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-29-2010, 05:30 PM   #1
sergani
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora, CentOS, OpenSuse, Oracle Enterprise Linux, MacOSX
Posts: 27

Rep: Reputation: 0
Linux VPN server... please help


Dear all,

Please help with the following:
I need to setup a Linux VPN server at work for resources' sharing, I currently have a server running CentOS 5.4, and tried endless tutorials on the web, but to no avail, and can't find where the logs are kept for the VPN server to check where the error is. But all my attempts to try to connect keep failing.

I am looking for a fresh start for this, so any detailed guide will be more than helpful, and very much appreciated.

Thanks,
Sergani.
 
Old 08-29-2010, 05:33 PM   #2
damgar
Senior Member
 
Registered: Sep 2009
Location: dallas, tx
Distribution: Slackware - current multilib/gsb Arch
Posts: 1,949
Blog Entries: 8

Rep: Reputation: 201Reputation: 201Reputation: 201
I found openvpn to be exactly what I was needing. I started here:

http://www.openvpn.net/index.php/ope...wto.html#quick
 
Old 08-29-2010, 07:57 PM   #3
morphix
Member
 
Registered: Nov 2007
Location: Newcastle, Australia
Distribution: Ubuntu, Debian, Arch
Posts: 53

Rep: Reputation: 15
I second OpenVPN.

I was previously using PPTP and then switched to OpenVPN and its brilliant.

Only 1 UDP or TCP port required.

It is also very solid and reliable.

I now have 4 different subnets/connections all connected via VPN on 1 server allowing all 5 (including the network the server is on) networks/subnets to communicate.

This is also via multiple devices such as my Smartphone, laptop and work computers.
 
Old 08-29-2010, 08:44 PM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,576
Blog Entries: 31

Rep: Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195Reputation: 1195
+1 to what damgar and morphix wrote.
 
Old 08-29-2010, 09:29 PM   #5
quanta
Member
 
Registered: Aug 2007
Location: Vietnam
Distribution: RedHat based, Debian based, Slackware, Gentoo
Posts: 724

Rep: Reputation: 100Reputation: 100
Quote:
Originally Posted by sergani View Post
...
but to no avail, and can't find where the logs are kept for the VPN server to check where the error is.
You willl see it from Terminal (both of server and client) when you trying to connect.

Last edited by quanta; 08-29-2010 at 09:30 PM.
 
Old 08-30-2010, 06:58 AM   #6
sergani
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora, CentOS, OpenSuse, Oracle Enterprise Linux, MacOSX
Posts: 27

Original Poster
Rep: Reputation: 0
@damgar and @morphix ... thx alot guys, I'll get to work on OpenVPN, and will let you know my progress and/or problems, hopefully none!

Thanks,
Sergani.
 
Old 09-03-2010, 09:48 PM   #7
James259
LQ Newbie
 
Registered: Sep 2010
Posts: 18

Rep: Reputation: 0
If you need quick and easy setup for Windows clients then pptpd worked well for me. Reasonably simple to setup and works. Windows has native PPTP support. (Forgive me if I am wrong guys, but last time I looked at OpenVPN it required extra software on windows clients.)

OpenVPN is probably far better though in general from what I saw of it.
 
Old 09-03-2010, 10:42 PM   #8
sergani
LQ Newbie
 
Registered: Jan 2010
Distribution: Fedora, CentOS, OpenSuse, Oracle Enterprise Linux, MacOSX
Posts: 27

Original Poster
Rep: Reputation: 0
@James259, do you have a detailed step-by-step guide for pptpd? I tried everything, but it will just not work.
 
Old 09-04-2010, 08:11 AM   #9
James259
LQ Newbie
 
Registered: Sep 2010
Posts: 18

Rep: Reputation: 0
I will briefly list the setup I commonly use for servers we give to our clients. This setup is intended to allow remote callers to access the server only. If you want routing so that they can access the rest of the local network then there is more to do.

This works on Ubuntu 8.04, 9.10 and 10.04 (or did for us at least)

I also used a second virtual network for use with VPN clients.
VPN server is 172.25.55.1 and clients that connect in will be given other IP's in that range.

I did note that you are on CentOS. I have only done this on Ubuntu so you might have to adapt this slightly. Specifically, you may be using yum instead of apt-get and your network interfaces file may be in a different place.

A long time ago I seem to remember it being split into different files in a folder somewhere like /etc/sysconfig/network-scripts
The file with the network config in for eth0 was called 'ifup-eth0' and to make the virtual network I had to make a copy of this file called 'ifup-eth0:0' and then modify it as per below. If you dont already know how to do this bit and my suggestion does not work, maybe google it - the question will have been asked plenty.

sudo bash #just to make life easier

#setting up the virtual network/second range
vi /etc/network/interfaces #add the following to the end of the file.
Code:
auto eth0:0
iface eth0:0 inet static
        address 172.25.55.1
        netmask 255.255.255.0
/etc/init.d/networking restart

#setting up pptpd
apt-get install pptpd
vi /etc/pptpd.conf
Code:
###############################################################################
# $Id: pptpd.conf 4255 2004-10-03 18:44:00Z rene $
#
# Sample Poptop configuration file /etc/pptpd.conf
#
# Changes are effective when pptpd is restarted.
###############################################################################

# TAG: ppp
#       Path to the pppd program, default '/usr/sbin/pppd' on Linux
#
#ppp /usr/sbin/pppd

# TAG: option
#       Specifies the location of the PPP options file.
#       By default PPP looks in '/etc/ppp/options'
#
option /etc/ppp/pptpd-options

# TAG: debug
#       Turns on (more) debugging to syslog
#
#debug

# TAG: stimeout
#       Specifies timeout (in seconds) on starting ctrl connection
#
# stimeout 10

# TAG: noipparam
#       Suppress the passing of the client's IP address to PPP, which is
#       done by default otherwise.
#
#noipparam

# TAG: logwtmp
#       Use wtmp(5) to record client connections and disconnections.
#
logwtmp

# TAG: bcrelay <if>
#       Turns on broadcast relay to clients from interface <if>
#
#bcrelay eth1

# TAG: localip
# TAG: remoteip
#       Specifies the local and remote IP address ranges.
#
#       Any addresses work as long as the local machine takes care of the
#       routing.  But if you want to use MS-Windows networking, you should
#       use IP addresses out of the LAN address space and use the proxyarp
#       option in the pppd options file, or run bcrelay.
#
#       You can specify single IP addresses seperated by commas or you can
#       specify ranges, or both. For example:
#
#               192.168.0.234,192.168.0.245-249,192.168.0.254
#
#       IMPORTANT RESTRICTIONS:
#
#       1. No spaces are permitted between commas or within addresses.
#
#       2. If you give more IP addresses than MAX_CONNECTIONS, it will
#          start at the beginning of the list and go until it gets
#          MAX_CONNECTIONS IPs. Others will be ignored.
#
#       3. No shortcuts in ranges! ie. 234-8 does not mean 234 to 238,
#          you must type 234-238 if you mean this.
#
#       4. If you give a single localIP, that's ok - all local IPs will
#          be set to the given one. You MUST still give at least one remote
#          IP for each simultaneous client.
#
# (Recommended)
localip 172.25.55.1
remoteip 172.25.55.2-254
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
vi /etc/ppp/ppptd.options
Code:
###############################################################################
# $Id: pptpd-options 4643 2006-11-06 18:42:43Z rene $
#
# Sample Poptop PPP options file /etc/ppp/pptpd-options
# Options used by PPP when a connection arrives from a client.
# This file is pointed to by /etc/pptpd.conf option keyword.
# Changes are effective on the next connection.  See "man pppd".
#
# You are expected to change this file to suit your system.  As
# packaged, it requires PPP 2.4.2 and the kernel MPPE module.
###############################################################################


# Authentication

# Name of the local system for authentication purposes
# (must match the second field in /etc/ppp/chap-secrets entries)
name pptpd

# Optional: domain name to use for authentication
# domain mydomain.net

# Strip the domain prefix from the username before authentication.
# (applies if you use pppd with chapms-strip-domain patch)
#chapms-strip-domain


# Encryption
# Debian: on systems with a kernel built with the package
# kernel-patch-mppe >= 2.4.2 and using ppp >= 2.4.2, ...
# {{{
refuse-pap
refuse-chap
refuse-mschap
# Require the peer to authenticate itself using MS-CHAPv2 [Microsoft
# Challenge Handshake Authentication Protocol, Version 2] authentication.
require-mschap-v2
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
require-mppe-128
# }}}




# Network and Routing

# If pppd is acting as a server for Microsoft Windows clients, this
# option allows pppd to supply one or two DNS (Domain Name Server)
# addresses to the clients.  The first instance of this option
# specifies the primary DNS address; the second instance (if given)
# specifies the secondary DNS address.
# Attention! This information may not be taken into account by a Windows
# client. See KB311218 in Microsoft's knowledge base for more information.
#ms-dns 10.0.0.1
#ms-dns 10.0.0.2

# If pppd is acting as a server for Microsoft Windows or "Samba"
# clients, this option allows pppd to supply one or two WINS (Windows
# Internet Name Services) server addresses to the clients.  The first
# instance of this option specifies the primary WINS address; the
# second instance (if given) specifies the secondary WINS address.
ms-wins 172.25.55.1
#ms-wins 10.0.0.4

# Add an entry to this system's ARP [Address Resolution Protocol]
# table with the IP address of the peer and the Ethernet address of this
# system.  This will have the effect of making the peer appear to other
# systems to be on the local ethernet.
proxyarp

# Debian: do not replace the default route
nodefaultroute


# Logging

# Enable connection debugging facilities.
# (see your syslog configuration for where pppd sends to)
#debug

# Print out all the option values which have been set.
# (often requested by mailing list to verify options)
#dump


# Miscellaneous

# Create a UUCP-style lock file for the pseudo-tty to ensure exclusive
# access.
lock

# Disable BSD-Compress compression
nobsdcomp
#create one or more local users, or use existing ones below

vi /etc/ppp/chap-secrets
Code:
# Secrets for authentication using CHAP
# client        server  secret                  IP addresses

user1	pptpd	user1password	*
user2	pptpd	user2password	*
#the proxyarp you might be able to comment out. We use this to help some windows workstations find samba.
#the same goes for the ms-wins option.

#obviously use real usernames and passwords above.
#you can add more lines here as needed (or just have 1 if you only want to use a single user)

/etc/init.d/pptpd restart



I think that is about it. That setup works nicely for me.
Let me know if you get stuck.

Last edited by James259; 09-04-2010 at 08:18 AM.
 
Old 09-06-2010, 01:20 AM   #10
morphix
Member
 
Registered: Nov 2007
Location: Newcastle, Australia
Distribution: Ubuntu, Debian, Arch
Posts: 53

Rep: Reputation: 15
I find the biggest problem with PPTP being if the network you are trying to connect from does not allow GRE & PPTP outbound you cannot connect to the VPN.

With a setup using OpenVPN you simply install the OpenVPN client, which is a small download (and supports a lot of platforms/devices. eg. Even my Nokia N900 has it) and have the configuration setup on the client.

On the server, you only need 1 TCP or UDP port and this can be listening on any port which could allow you to have it listen on a port which is typically always allowed outbound (eg. 443/https or 80/http) if you are on a connection with outbound port restrictions.

I currently have mine listening on the typical IPSec port (UDP 500) and also listening on port 443 to allow if i am using a restricted connection access.

I also have 2 setups (running from the 1 machine just 2 different configurations simultaneous).
1 being a routed VPN (for LAN-to-LAN VPN) and also bridged (individual devices or clients will receive a local LAN IP)

Last edited by morphix; 09-06-2010 at 01:24 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux Configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server LXer Syndicated Linux News 0 06-13-2007 08:46 AM
Configure Linux VPN Server for a Windows VPN Client xbaez Linux - Networking 4 04-28-2006 03:29 PM
VPN: linux VPN server behind Linksys router hamish Linux - Networking 14 08-25-2005 08:42 PM
VPN Question Win98->internet->Router->Linux VPN Server->Win2k Server patrickrea Linux - Networking 1 08-10-2004 02:09 AM
How do i connect Ciscos VPN client to Checkpoint VPN server Klas Linux - Networking 1 11-29-2003 08:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 10:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration