Linuxathome.net - Linux news and help for home broadband internet users
 Home | Files | Case Mods | Reviews | Forum | Search | Links | RDF Feed | Contact
Sections

Installation Guide
Setting Up
Internet Sharing
Port Forwarding
Services Config
Installing Programs
Game Servers
Using IPTables
Useful Commands
Kernel Upgrading
System Recovery
Red Hat 7.2 Setup
OpenBSD Setup
BPA Login Setup
PPPoE Setup
Add New Hardware
Using PPTP VPN
VMware ESX Cmds
Our RC5 Team
Folding@Home
Help Support Us

 
Articles
Linux Security
NetStats FAQ
Linux KIS Trojan
CAT5/LAN Cables
Domain Names
Presario RH Install APC Debian DVD
 
Slashdot.org
  • Python Developer Survey: 55% Use Linux, 6% Use Python 2
  • 'Is It Ethical to Have Children in the Face of Climate Change?'
  • Tech Worker Builds Free AI-Powered Tool For Fighting US Health Insurance Denials
  • Oceanographers Mapping Underwater Mountain Find Flying Spaghetti Monster
  • Washington Post Calls Telegram 'a Haven for Free Speech - and Child Predators'
  • Inside Boeing's Factory Lapses That Led To the Alaska Air Blowout
  • Long Covid Knocked a Million Americans Off Their Career Paths
  • How Not To Hire a North Korean IT Spy
  • How a Group of Teenagers Pranked 'One Million Checkboxes'
  • Woman Mailed Herself an Apple AirTag To Help Catch Mail Thieves
  • Google Play Store Can Finally Update Multiple Apps At Once
  • Scientists Detect Invisible Electric Field Around Earth For First Time
  • US Government Opens Up 31 Million Acres of Federal Lands For Solar
  • Apple Stands By Decision To Terminate Account Belonging To WWDC Student Winner
  • Wells Fargo Worker Dies At Desk, Nobody Notices For Four Days
  •  
    Affiliates

    TweakTown.com
    ZGeek.com
    pebkac-consulting.com.au

      Configuring a PPTP VPN Client

     

    The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. Layer 2 Tunneling Protocol (L2TP) or IPSec are the standards-based replacements for PPTP. This can be handy when you need to connect to a VPN server at work that requires the use of Microsoft's CHAP or even CHAP V2 encryption.

     

       Setup Instructions

     
    Getting Started

    First of all you need to download pptpd, and if you're running a GUI (e.g. Gnome or KDE) you may also wish to download pptpd-config. They can both be downloaded directly from http://pptpclient.sourceforge.net/.

    You can also download by apt-get or rpm where available on your distribution. Alternatively the latest version is directly available from SourceForge.net in tarball format. This will need to be compiled and installed before using.

    If you need to use MS-CHAP-V2 you will need to ensure your installed/running Kernel has MPPE included or compiled as a module. If you have installed from a modern distribution such as CentOS, Fedora, Ubuntu etc with a fairly new 2.6.X kernel then ppp_mppe will most likely be available, to include the modules in readiness for pppd run the following commands:

    modprobe ppp_mppe
    modprobe ppp-compress-18

    If running setting up pppd as a server behind a NAT firewall, you will most likely also need to run modprobe ip_nat_pptp.

     

    Basic Configuration

    Now that you have the appropriate support for MPPE enabled you can start configuring your VPN client.

    Firstly you will want to edit /etc/ppp/options.pptp. This is where you can enable or disable the authentication method used by pptp. In the example below we have disabled PAP, EAP and CHAP and specified that the VPN can be connected by MS-CHAP or MS-CHAP-V2 as both are accepted by the VPN server we are connecting to.

    ###############################################################################
    # $Id: options.pptp,v 1.3 2006/03/26 23:11:05 quozl Exp $
    #
    # Sample PPTP PPP options file /etc/ppp/options.pptp
    # Options used by PPP when a connection is made by a PPTP client.
    # This file can be referred to by an /etc/ppp/peers file for the tunnel.
    # Changes are effective on the next connection. See "man pppd".
    #
    # You are expected to change this file to suit your system. As
    # packaged, it requires PPP 2.4.2 or later from http://ppp.samba.org/
    # and the kernel MPPE module available from the CVS repository also on
    # http://ppp.samba.org/, which is packaged for DKMS as kernel_ppp_mppe.
    ###############################################################################

    # Lock the port
    lock

    # Authentication
    # We don't need the tunnel server to authenticate itself
    noauth

    # We won't do PAP, EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2
    # (you may need to remove these refusals if the server is not using MPPE)
    refuse-pap
    refuse-eap
    refuse-chap
    #refuse-mschap
    #refuse-mschap-v2

    # Compression
    # Turn off compression protocols we know won't be used
    nobsdcomp
    nodeflate

    # Encryption
    # (There have been multiple versions of PPP with encryption support,
    # choose with of the following sections you will use. Note that MPPE
    # requires the use of MSCHAP-V2 during authentication)

    # http://ppp.samba.org/ the PPP project version of PPP by Paul Mackarras
    # ppp-2.4.2 or later with MPPE only, kernel module ppp_mppe.o
    # {{{
    # Require MPPE 128-bit encryption
    #require-mppe-128
    # }}}

    # http://polbox.com/h/hs001/ fork from PPP project by Jan Dubiec
    # ppp-2.4.2 or later with MPPE and MPPC, kernel module ppp_mppe_mppc.o
    # {{{
    # Require MPPE 128-bit encryption
    #mppe required,stateless
    # }}}

    The next thing you need to configure is the peers file containing information on your connect, this file is /etc/ppp/peers/VPN_NAME, where VPN_NAME is the name you wish to associate with the connection, i.e. WORK. An example config is below:

    pty "pptp VPN_SERVER --nolaunchpppd"
    name USERNAME
    remotename VPN_NAME
    require-mppe-128
    file /etc/ppp/options.pptp
    ipparam VPN_NAME

    In this configuration the following options are set:

    VPN_SERVER is either the hostname or IP address of your VPN server, e.g. vpn.yourdomain.com
    USERNAME is your assigned username for authentication purpose
    VPN_NAME is the name for the connection as selected previously

    The next step is to configure the authentication information, (i.e. USERNAME and PASSWORD) for your connection, this is done by editing the /etc/ppp/chap-secrets file.

    # Secrets for authentication using CHAP
    # client server secret IP addresses

    USERNAME VPN_NAME "PASSWORD" *

    Within the chap-secrets file, you need to define the following information:

    USERNAME is your assigned username as used previously in /etc/ppp/peers/VPN_NAME
    VPN_NAME is the name for the connection as selected previously, this needs to match the name used in the above steps
    PASSWORD is your assigned password

    When you have finished configuring your connection through the above steps, it is now time to try and connect to your VPN server. This can be performed by executing the following command, pppd call VPN_NAME. If successful, once connected you should noticed pppd and pptp running when you run ps aux. Alternatively you should see a ppp0 connection when running ifconfig.

    Now that you're connected, you will need to route the appropriate subnet to the connection in order to access the network or hosts at the other end of the connection. For example, if your VPN server is connected to subnet of 10.0.0.0/8 then you will want to execute the following command route add -net 10.0.0.0/8 ppp0 (see below for a method of automating this when the connection is established).

    If you wish to disconnect from the VPN, the quickest method is by executing killall pppd. You may also wish to execute ifconfig ppp0 down prior to this but it is not necessary.

     

    Automating Actions Upon Logon

    Rather than manually routing to the network on the other end of your VPN each time you connect, you can automate this task by creating the /etc/ppp/ip-up.local file. An example config is as follows:

    #!/bin/bash
    NET="10.0.0.0/8" # set me
    IFACE="ppp0" # set me
    #IFACE=$1
    route add -net ${NET} dev ${IFACE}

    Once this file has been created you will need to make it executable by running the following command chmod +x /etc/ppp/ip-up.local. Now each time you call up pppd to connect to the VPN, upon successful connection to the remote server, this script will be executed and the routing table will be updated. You can also use this script to perform additional tasks automatically once connected to your VPN.

    Another handy feature is the demand or persist option available through pppd, this can give you the ability to setup on-demand dialing or re-dialing by simply a line with demand to your /etc/ppp/peers/VPN_NAME. Alternatively you can do this via the initial command used to call your connection e.g. pppd <local_ip>:<remote_ip> demand call VPN_NAME. The persist options will prevent an exit after a connection is terminated; instead try to reopen the connection. For further details its recommended you take the time to read man pppd.

     

    Problems & Solutions

    If you're having trouble connecting, you can connect with debugging enabled. This will give onscreen error logging such that you can determine more details on any problems that may be occurring:

    pppd call VPN_NAME logfd 2 nodetach debug dump

    Alternatively you can check /var/log/messages for any output relating to the pppd connection.

    If your after the Process IP (PID) of a particular pppd session or ppp interface (i.e. ppp0 or ppp1), this can be found by the following command, cat /var/run/ppp0.pid. This can be particularly helpful if you want to end only a single interface pppd session in the case of multiple VPN tunnels, e.g. kill -9 `cat /var/run/ppp0.pid`

     

    Proudly Hosted By:
    Hosted by PEBKAC Consulting

    Please read our Legal Notice for information concerning our site and its content.
    All logos and trademarks in this site are property of their respective owner. All the rest © 2000 - 2016 by Linuxathome.net

    Reviews

    D-Link DI-704P
    VIA EPIA-M 9000
    Tux Applique
    Ricoh MP5125A
    AMD XP 2600+
    3DProphet 9000Pro
    Radeon 9700 Pro
    XTNDAccess IrDA
    Netgear FS-524s
    DSR2161 KVM
    Game TheaterXP & XPS-510 Speakers
    3D Prophet 4000XT
    AutoView 400
    Back-UPS CS 350
    Dual Neon Kit
    SwitchView KVM
    20x4 LCD Kit
    Window Kit

     
    LinuxSecurity
  • 5 Open-Source Blockchain Technologies That Linux Users Need to Know About
  • The Three Best Tools You Need to Scan Your Linux System for Malware
  • Navigating the Linux Kernel's Latest DMA Security Vulnerability
  • Staying a Step Ahead of Adversaries: Mitigating Chromium's Security Flaws on Linux
  • Slackware: 2024-244-01: libpcap Security Advisory Update
  • Fedora 40: microcode_ctl 2024-5c5c384fa7 Security Advisory Updates
  • Fedora 40: python3.11 2024-985017d277 Security Advisory Updates
  • Fedora 40: xen 2024-91ddad6c8b Security Advisory Updates
  • Fedora 39: xen 2024-ed546e3543 Security Advisory Updates
  • Debian: DSA-5762-1: webkit2gtk Security Advisory Updates
  •  
    Google Search
    Enter Keywords:

     
    Bash Jokes

    % If I had a ( for every $ Congress spent, what would I have?

    Too many ('s.

     
    Virtualization, Virtual Machine & Virtual Server Consolidation - VMware

    The Community ENTerprise Operating System

    Get Slackware Linux

    Use OpenOffice.org

    Use Asterisk