Alper Akcan : ~/documents/pptp vpn client on linux

News

Projects

Documents

Contact

RSS Feed

Donations (SF)

 
Setting Up PPTP VPN Connection on Linux
2007-08-20 11:00

Here is a quick reference for PPTP VPN connection on linux, with this document anyone should be able to setup, and run pptp client.

1. PPP and MPEE support must be enabled in kernel.

Check options mentioned below, and enable if they are not enabled already.


CONFIG_PPP=y
# CONFIG_PPP_MULTILINK is not set
# CONFIG_PPP_FILTER is not set
CONFIG_PPP_ASYNC=y
CONFIG_PPP_SYNC_TTY=y
CONFIG_PPP_DEFLATE=y
CONFIG_PPP_BSDCOMP=y
CONFIG_PPP_MPPE=y
CONFIG_PPPOE=y

2. Check if your PPPD version supports MPEE


# if [ $(strings `which pppd` | grep mppe | wc -l) -gt 0 ]; then echo "MPPE Supported"; else echo "MPPE NOT supported"; fi

3. Download and install pptpclient

You can either download from pptpclient project page http://pptpclient.sf.net, or use a direct link


# tar -zxvf pptp-1.7.1.tar.gz
# cd pptp-1.7.1
# ./configure
# make
# make install
# ldconfig

4. Create configuration files

Replace $DOMAIN, $SERVER, $USER, and $PASSWORD as necessary.

/etc/ppp/chap-secrets


# Secrets for authentication using CHAP
# client        server     secret        IP addresses
$DOMAIN\\$USER  $DOMAIN    $PASSWORD     *


/etc/ppp/peers/$DOMAIN

pty "pptp $SERVER --nolaunchpppd"
name $DOMAIN\\$USER
remotename $DOMAIN
# Lock the port
lock
# We don't need the tunnel server to authenticate itself
noauth
# We won't do EAP, CHAP, or MSCHAP, but we will accept MSCHAP-V2 and MPPE
refuse-eap
refuse-chap
refuse-mschap
require-mppe-128
# Turn off compression protocols we know won't be used
nobsdcomp
nodeflate
ipparam $DOMAIN
linkname $DOMAIN
#persist


/etc/ppp/ip-up

#!/bin/bash
dest="$(echo ${IPLOCAL} | cut -d . -f -3).0";
mask="255.255.255.0";
/sbin/route add -net ${dest} netmask ${mask} dev ${IFNAME};

5. Create VPN Tunnel

Start the connection via pppd, you may watch the log via "tail -f /var/log/messages"


# pppd call $DOMAIN


You should see some logs at /var/log/messages which looks like below;

pppd[7749]: pppd 2.4.4 started by root, uid 0
pppd[7749]: Using interface ppp0
pppd[7749]: Connect: ppp0 <--> /dev/pts/4
pptp[7750]: anon log[main:pptp.c:276]: The synchronous pptp option is NOT activated
pptp[7754]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
pptp[7754]: anon log[ctrlp_disp:pptp_ctrl.c:738]: Received Start Control Connection Reply
pptp[7754]: anon log[ctrlp_disp:pptp_ctrl.c:772]: Client connection established.
pptp[7754]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
pptp[7754]: anon log[ctrlp_disp:pptp_ctrl.c:857]: Received Outgoing Call Reply.
pptp[7754]: anon log[ctrlp_disp:pptp_ctrl.c:896]: Outgoing call established (call ID 0, peer's call ID 47889).
pptp[7754]: anon log[ctrlp_disp:pptp_ctrl.c:949]: PPTP_SET_LINK_INFO received from peer_callid 51974
pptp[7754]: anon log[ctrlp_disp:pptp_ctrl.c:952]:   send_accm is 00000000, recv_accm is FFFFFFFF
pppd[7749]: CHAP authentication succeeded
pppd[7749]: MPPE 128-bit stateless compression enabled
pppd[7749]: local  IP address 10.11.11.62
pppd[7749]: remote IP address 10.11.11.63



(CL) alper akcan
http://www.valgrind.org   hacker emblem   Valid HTML 4.01!   Viewable With Any Browser   [Valid Rss]   Open Source