HOWTO PPTP VPN client

From Gentoo Linux Wiki

Jump to: navigation, search


Please format this article according to the guidelines and Wikification suggestions, then remove this notice {{Wikify}} from the article


Contents

[edit] Introduction

We will assume the vpn is on network 10.10.0.0/24 and the client is on network 10.0.0.0/24. If Microsoft Encryption is not needed, ignore sections referncing MPPE

[edit] Useflag

First, add the use flag mppe-mppc for ppp.

Code: 
# echo 'net-dialup/ppp mppe-mppc' >> /etc/portage/package.use


Note: Recent kernel versions no longer require this use flag, and will prompt the following warning when emerging:
 * The mppe-mppc flag overwrites the pppd native MPPE support with MPPE-MPPC
 * patch developed by Jan Dubiec.
 * The resulted pppd will work only with patched kernels with version <= 2.6.14.
 * You could obtain the kernel patch from MPPE-MPPC homepage:
 *    http://mppe-mppc.alphacron.de/
Note: I had to use eap-tls flag in order to actually use MPPE.

We'll probably want to use the newest versions of ppp and pptpclient.

Code: 
# echo 'net-dialup/ppp ~x86' >> /etc/portage/package.keywords
# echo 'net-dialup/pptpclient ~x86' >> /etc/portage/package.keywords

[edit] Install pptpclient

Code: 
# emerge -v net-dialup/pptpclient

[edit] Patch and configure the kernel

If you have an old kernel, you will have to patch it with mppe support. You can get the patches from here http://www.polbox.com/h/hs001/. You need to use the patch that matches your kernel. We might as well get a current kernel.

Code: 
# emerge -v gentoo-dev-sources
# cd /usr/src
# rm linux
# ln -s linux-2.6.10-gentoo-r6 linux
# cd linux

# wget http://www.polbox.com/h/hs001/linux-2.6.10-mppe-mppc-1.2.patch.gz
# gzip -d linux-2.6.10-mppe-mppc-1.2.patch.gz
# patch -p1 < linux-2.6.10-mppe-mppc-1.2.patch

Be sure to copy your old .config over to your new kernel.

Now we need to configure our kernel.

Linux Kernel Configuration: 
Cryptographic options --->
[*] Cryptographic API
[*] HMAC support

<M> MD5 digest algorithm
--- SHA1 digest algorithm
<M> SHA256 digest algorithm
<M> SHA384 and SHA512 digest algorithms
<M> DES and Triple DES EDE cipher algorithms

<M> ARC4 cipher algorithm
<M> Deflate compression algorithm

Device Drivers --->
Networking support --->

<*> PPP (point-to-point protocol) support
[ ] PPP multilink support (EXPERIMENTAL)
[*] PPP filtering

<M> PPP support for async serial ports
<M> PPP support for sync tty ports
<M> PPP Deflate compression
<M> PPP BSD-Compress compression
<M> Microsoft PPP compression/encryption (MPPC/MPPE)

Compile and install.

Code: 
# make && make modules_install

# mount /boot
# cp arch/i386/boot/bzImage /boot

# mv /boot/bzImage /boot/gentoo-dev-sources-2.6.10-r6

Add this kernel in your grub/lilo config file.

[edit] Configuring

Add this to /etc/modprobe.d/ppp:

File: /etc/modprobe.d/ppp 
ppp-compress-18
ppp_mppe

Afterwards run update-modules.

Now we need to configure pptpclient and pppd.

File: /etc/ppp/chap-secrets 
<domain>\\<user> PPTP <pass> *

PPTP <domain>\\<user> <pass> *

File: /etc/ppp/options.pptp 
lock
noauth
nobsdcomp
nodeflate

File: /etc/ppp/peers/my_peer 
pty "pptp <vpn ip addr> --nolaunchpppd"
name <domain>\\<user>
remotename PPTP

#require-mppe-128
file /etc/ppp/options.pptp
ipparam my_peer

You don't need "require-mppe-128". If you have it, ppp will complain. It's already been built in.

This should be all we need for it to run. We start/stop is with pon/poff respectively.

Code: 
# pon my_peer

You should be able to see if you're connected now.

Code: 
# ifconfig
ppp0      Link encap:Point-to-Point Protocol
          inet addr:10.10.0.86  P-t-P:10.10.0.74  Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:3250 errors:6 dropped:0 overruns:0 frame:0

          TX packets:3048 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3

          RX bytes:3484232 (3.3 Mb)  TX bytes:242834 (237.1 Kb)

You should also be able to ping both the inet addr, and the P-t-P.

Now we need to make routes.

Code: 
# route add -net 10.10.0.0/24 dev ppp0

Add this to ip-up also.

Code: 
# echo 'route add -net 10.10.0.0/24 dev ppp0' >> /etc/ppp/ip-up

If you have iptables running, we'll need to add statements for that.

Code: 
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
iptables -A FORWARD -i eth1 -o ppp0 -s 10.0.0.0/24 -m state --state NEW -j ACCEPT

If you can't ping the other side, you can start pppd with logging to see what's going on.

Code: 
pppd call my_peer logfd 2 nodetach debug dump

[edit] Integration with gentoo

To integrate pptp-vpn with gentoo you should modify your /etc/conf.d/net and create a symlink with the pptp network interface. You will find the information in these articles:

Retrieved from "http://www.gentoo-wiki.com/HOWTO_PPTP_VPN_client"
Personal tools