Table of Contents
PPTP_-_vpn
= pptpd : VPN Server = Scenario: I want to install a VPN server on a linux server which is connected to both a Private Lan, and to the Internet. I want to be able to allow Windows and Linux clients easily connect to this VPN with no hassle. We are going to use pptpd on debian, as it is on apt, and Windows clients can easily connect.
Install pptpd Server
apt-get install pptpd
Configure pptpd Server
vi /etc/pptpd.conf localip 192.168.0.1 remoteip 192.168.0.100-200,192.168.0.222
/etc/init.d/pptpd restart
Add Users
echo “username pptpd password *” » /etc/ppp/chap-secrets
To get Windows to connect to this VPN, no extra software is required :) Go into Network places, and go to “Add Network Connection” and look for a VPN option. All thats needed is the Internet IP of the VPN server, the username and password.
Logs
tail /var/log/daemon.log
More Info
Thanks very much to: http://poptop.sourceforge.net/dox/debian-howto.phtml <br>Comparison of VPN Solutions: http://mia.ece.uic.edu/~papers/volans/table.html
= CLIENT =
PPTP (Point-to-Point Tunneling Protocol) - Connecting to a Windows VPN from Linux
The following guide shows how easy it is to connect to a Windows based VPN running on Server 2003 etc. from a Debian Linux client. Its pretty easy to setup a new Network Connection in XP/Vista, however it is just as easy in Linux. This guide assumes that Debian Etch is been used as a client.
Install pptp
apt-get install pptp-linux
Method 1: pptp GUI
vi /etc/apt/sources.list
#include these three lines in the above file. # James Cameron's PPTP GUI packaging deb http://quozl.netrek.org/pptp/pptpconfig ./
apt-get update apt-get install pptpconfig
#Run the following as root (via a GUI). Not the best idea. A sudo command would be a little better. :~# pptpconfig The above shows up a nice interface which should work fine. A few tweaks, I had to carry out:
- Routing Tab - Lan to Lan (option)
- In the same Routing Tab, click “Edit Network Routes…” and add a Network (192.168.0.0/24) and a Name.
Method 2: pptp CLI
1. /etc/ppp/options.pptp should be created automatically and contain all required info.
2. vi /etc/ppp/chap-secrets username TunnelName password *
3. vi /etc/ppp/peers/TunnelName # name of tunnel, used to select lines in secrets files remotename TunnelName
# name of tunnel, used to name /var/run pid file linkname TunnelName
# name of tunnel, passed to ip-up scripts ipparam TunnelName
# data stream for pppd to use pty “pptp vpn.host.com –nolaunchpppd ”
# domain and username, used to select lines in secrets files name username
# adopt defaults from the pptp-linux package file /etc/ppp/options.pptp
4. pon TunnelName #do an ifconfig to see if the connection was correctly made and established. If not, see next line for debugging: pon TunnelName debug dump logfd 2 nodetach
5. route add -net 192.168.0.0 netmask 255.255.0.0 dev ppp0 iptables –insert OUTPUT 1 –source 0.0.0.0/0.0.0.0 –destination 192.168.0.0/16 –jump ACCEPT –out-interface ppp0 iptables –insert INPUT 1 –source 192.168.0.0/16 –destination 0.0.0.0/0.0.0.0 –jump ACCEPT –in-interface ppp0 iptables –insert FORWARD 1 –source 0.0.0.0/0.0.0.0 –destination 192.168.0.0/16 –jump ACCEPT –out-interface ppp0 iptables –insert FORWARD 1 –source 192.168.0.0/16 –destination 0.0.0.0/0.0.0.0 –jump ACCEPT iptables –table nat –append POSTROUTING –out-interface ppp0 –jump MASQUERADE iptables –append FORWARD –protocol tcp –tcp-flags SYN,RST SYN –jump TCPMSS –clamp-mss-to-pmtu
6. poff TunnelName #route automatically gets removed
7. #iptables -F (dangerous)
8. Optional Extra /etc/resolve.conf → set this to the internal DNS server
The above information was obtained from:<br> http://pptpclient.sourceforge.net/howto-debian.phtml <br> http://pptpclient.sourceforge.net/routing.phtml#lan-to-lan
Information and code was also obtained from firstly going through the GUI method.
Other Information
In case you want to mount a windows share on linux, smbmount maynot work due to SMB password security restrictions of Server 2003. Instead the following will have to be used: mount -t cifs //yoursever/yourshare /mnt/somepath -o username=validserveraccount
Reference: http://ubuntuforums.org/archive/index.php/t-8479.html
http://pptpclient.sourceforge.net/howto-debian.phtml
Note: Beware that the passwords for connecting to the VPN are stored in: /etc/ppp/chap-secrets