Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF | Contact | Uptime | Server Info | Tracker
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • Walt Mossberg's Last Column Calls For Privacy and Security Laws
  • Leaked 'Standing Rock' Documents Reveal Invasive Counterterrorism Measures
  • Seven Science Journals Have A Dog On Their Editorial Board
  • Malicious Apps Brought Ad-Clicking 'Judy' Malware To Millions Of Android Phones
  • New Privacy Vulnerability In IOT Devices: Traffic Rate Metadata
  • Silicon Valley Continues To Explore Universal Basic Incomes
  • Researchers Found Perfect Contraceptives In Traditional Chinese Medicine
  • Is Amazon's AWS Hiring 'Demolishing The Cult Of Youth'?
  • New Details On Sergey Brin's Plan For The World's Largest Aircraft
  • Even For Businesses, Chrome Is The Top Browser
  • Working Theory In Jet Crash: IPhone In Cockpit Is To Blame
  • Google Go-Playing A.I. Retires To Focus On Energy Conservation And Medicine
  • Creative Commons Staff Members Release New Free eBook
  • Security Analyst Concludes Windows 10 Enterprise 'Tracks Too Much'
  • Ask Slashdot: Is There A Screen-Less, Keyboard-Less, Battery-Powered Computer?
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

     
    Webmail
      E-mail Address:

    Password:


     

      Configuring a PPTP VPN Client

     

    The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Layer 2 Tunneling Protocol (L2TP) or IPSec are the standards-based replacements for PPTP. This can be handy when you need to connect to a VPN server at work that requires the use of Microsoft's CHAP or even CHAP V2 encryption.

     

       Setup Instructions

     
    Getting Started

    First of all you need to download pptpd, and if you're running a GUI (e.g. Gnome or KDE) you may also wish to download pptpd-config. They can both be downloaded directly from http://pptpclient.sourceforge.net/.

    You can also download by apt-get or rpm where available on your distribution. Alternatively the latest version is directly available from SourceForge.net in tarball format. This will need to be compiled and installed before using.

    If you need to use MS-CHAP-V2 you will need to ensure your installed/running Kernel has MPPE included or compiled as a module. If you have installed from a modern distribution such as CentOS, Fedora, Ubuntu etc with a fairly new 2.6.X kernel then ppp_mppe will most likely be available, to include the modules in readiness for pppd run the following commands:

    modprobe ppp_mppe
    modprobe ppp-compress-18

    If running setting up pppd as a server behind a NAT firewall, you will most likely also need to run modprobe ip_nat_pptp.

     

    Basic Configuration

    Now that you have the appropriate support for MPPE enabled you can start configuring your VPN client.

    Firstly you will want to edit /etc/ppp/options.pptp. This is where you can enable or disable the authentication method used by pptp. In the example below we have disabled PAP, EAP and CHAP and specified that the VPN can be connected by MS-CHAP or MS-CHAP-V2 as both are accepted by the VPN server we are connecting to.

    ###############################################################################
    # $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $
    #
    # Sample PPTP PPP options file /etc/ppp/options.pptp
    # Options used by PPP when a connection is made by a PPTP client.
    # This file can be referred to by an /etc/ppp/peers file for the tunnel.
    # Changes are effective on the next connection. See "man pppd".
    #
    # You are expected to change this file to suit your system. As
    # packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/
    # and the kernel MPPE module available from the CVS repository also on
    # http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.
    ###############################################################################

    # Lock the port
    lock

    # Authentication
    # We don't need the tunnel server to authenticate itself
    noauth

    # We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
    # (you may need to remove these refusals if the server is not using MPPE)
    refuse-pap
    refuse-eap
    refuse-chap
    #refuse-mschap
    #refuse-mschap-v2

    # Compression
    # Turn off compression protocols we know won't be used
    nobsdcomp
    nodeflate

    # Encryption
    # (There have been multiple versions of PPP with encryption support,
    # choose with of the following sections you will use. Note that MPPE
    # requires the use of MSCHAP-V2 during authentication)

    # http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
    # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
    # {{{
    # Require MPPE 128-bit encryption
    #require-mppe-128
    # }}}

    # http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
    # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
    # {{{
    # Require MPPE 128-bit encryption
    #mppe required,stateless
    # }}}

    The next thing you need to configure is the peers file containing information on your connect, this file is /etc/ppp/peers/VPN_NAME, where VPN_NAME is the name you wish to associate with the connection, i.e. WORK. An example config is below:

    pty "pptp VPN_SERVER --nolaunchpppd"
    name USERNAME
    remotename VPN_NAME
    require-mppe-128
    file /etc/ppp/options.pptp
    ipparam VPN_NAME

    In this configuration the following options are set:

    VPN_SERVER is either the hostname or IP address of your VPN server, e.g. vpn.yourdomain.com
    USERNAME is your assigned username for authentication purpose
    VPN_NAME is the name for the connection as selected previously

    The next step is to configure the authentication information, (i.e. USERNAME and PASSWORD) for your connection, this is done by editing the /etc/ppp/chap-secrets file.

    # Secrets for authentication using CHAP
    # client server secret IP addresses

    USERNAME VPN_NAME "PASSWORD" *

    Within the chap-secrets file, you need to define the following information:

    USERNAME is your assigned username as used previously in /etc/ppp/peers/VPN_NAME
    VPN_NAME is the name for the connection as selected previously, this needs to match the name used in the above steps
    PASSWORD is your assigned password

    When you have finished configuring your connection through the above steps, it is now time to try and connect to your VPN server. This can be performed by executing the following command, pppd call VPN_NAME. If successful, once connected you should noticed pppd and pptp running when you run ps aux. Alternatively you should see a ppp0 connection when running ifconfig.

    Now that you're connected, you will need to route the appropriate subnet to the connection in order to access the network or hosts at the other end of the connection. For example, if your VPN server is connected to subnet of 10.0.0.0/8 then you will want to execute the following command route add -net 10.0.0.0/8 ppp0 (see below for a method of automating this when the connection is established).

    If you wish to disconnect from the VPN, the quickest method is by executing killall pppd. You may also wish to execute ifconfig ppp0 down prior to this but it is not necessary.

     

    Automating Actions Upon Logon

    Rather than manually routing to the network on the other end of your VPN each time you connect, you can automate this task by creating the /etc/ppp/ip-up.local file. An example config is as follows:

    #!/bin/bash
    NET="10.0.0.0/8" # set me
    IFACE="ppp0" # set me
    #IFACE=$1
    route add -net ${NET} dev ${IFACE}

    Once this file has been created you will need to make it executable by running the following command chmod +x /etc/ppp/ip-up.local. Now each time you call up pppd to connect to the VPN, upon successful connection to the remote server, this script will be executed and the routing table will be updated. You can also use this script to perform additional tasks automatically once connected to your VPN.

    Another handy feature is the demand or persist option available through pppd, this can give you the ability to setup on-demand dialing or re-dialing by simply a line with demand to your /etc/ppp/peers/VPN_NAME. Alternatively you can do this via the initial command used to call your connection e.g. pppd <local_ip>:<remote_ip> demand call VPN_NAME. The persist options will prevent an exit after a connection is terminated; instead try to reopen the connection. For further details its recommended you take the time to read man pppd.

     

    Problems & Solutions

    If you're having trouble connecting, you can connect with debugging enabled. This will give onscreen error logging such that you can determine more details on any problems that may be occurring:

    pppd call VPN_NAME logfd 2 nodetach debug dump

    Alternatively you can check /var/log/messages for any output relating to the pppd connection.

    If your after the Process IP (PID) of a particular pppd session or ppp interface (i.e. ppp0 or ppp1), this can be found by the following command, cat /var/run/ppp0.pid. This can be particularly helpful if you want to end only a single interface pppd session in the case of multiple VPN tunnels, e.g. kill -9 `cat /var/run/ppp0.pid`

     

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    Kuro5hin.org
    XML error: Mismatched tag at line 26.
     
    Google (Linux)
    Enter Keywords:

     
    Bash Jokes

    % rm Quayle-brains

    rm: Quayle-brains nonexistent

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk