Tutorial Home‎ > ‎

Configuring PPTP in Linux

PPTP remains one of the most popular methods of accessing a Virtual Private Network Service. This article will cover a basic setup and configuration of PPTP for most generic GNU/Linuxdistributions. The distribution(s) of choice here at Section6 happen to be

Installing the PPTP package

In Debian Linux we would simply install the package:

 root@host# apt-get install pptp-linux

Note: make sure your apt-sources are current and the package repository is up to date.

In Gentoo Linux you would need a couple of packages:

 root@host# emerge ppp
 root@host# emerge pptp-client

Configuring PPTP connections

You will need to know a few variables before continuing from here:

$SERVER = the IP address of the PPTP server you will be connecting to $TUNNEL = the name you wish to refer to this tunnel as $DOMAIN = the name of the Windows Domain you are logging into; if needed $USERNAME = the username you will be logging in as $PASSWORD = the password you will be using to connect

During the rest of the course of this article, any configuration file that refers to these variables should actually contain the information supplied.

From here we need to create an options file for out PPTP connection. Simply create a file called /etc/ppp/options.pptp and populate it with the following info:

 lock 
 noauth 
 nobsdcomp 
 nodeflate

Now we wil need to create a file called /etc/ppp/chap-secrets, and populate it with the following info:

 $DOMAIN\\$USERNAME PPTP $PASSWORD *

If we are not logging into a WIndows Domain, we can simply leave out the $DOMAIN\\ portion of the configuration and simply use:

 $USERNAME PPTP $PASSWORD *

Now we need to actually create a tunnel file for the PPTP client to use. In this case we will call our tunnel "work". Create a file called /etc/ppp/peers/work file and populate it with the follwing info:

 pty "pptp $SERVER --nolaunchpppd"
 name $DOMAIN\\$USERNAME
 remotename PPTP
 file /etc/ppp/options.pptp
 ipparam work

Again, if the Windows Domain is not needed.. then simply omit the $DOMAIN\\ option and only use $USERNAME

Running the PPTP Client

At this point we should be able to test our pptp connection. We will run the tunnel in debug mode to make sure each step is occuring as it should.

 root@host# pon work debug dump logfd 2 nodetach

The pon command will turn the PPTP tunnel on. In this case we are specifying the "work" tunnel to use. We are turning debug options on and dumping the output.

Once this has complete we should be successfully connected and see a new interface device.

 root@host# ifconfig
 ppp0      Link encap:Point-to-Point Protocol
           inet addr:192.168.0.242  P-t-P:192.168.0.1  Mask:255.255.255.255
           UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:334  Metric:1
           RX packets:9 errors:0 dropped:0 overruns:0 frame:0
           TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:3
           RX bytes:90 (90.0 b)  TX bytes:90 (90.0 b)

At this point we are connected to host 192.168.0.1. Our IP address assigned to the ppp0 device is 192.168.0.242. We should be able to ping the host we are connected to:

 root@host# ping 192.168.0.1
 64 bytes from 192.168.0.1: icmp_seq=1 ttl=128 time=0.306 ms
 64 bytes from 192.168.0.1: icmp_seq=2 ttl=128 time=0.340 ms

This is a good start, but what if we want connectivity to other machines on the 192.168.0.x network? Let us assume we need connectivity to a machine with the IP address of 192.168.0.5

 root@host# ping 192.168.0.5
 PING 192.168.0.4 (192.168.0.5) 56(84) bytes of data.
 From 192.168.0.1 icmp_seq=2 Destination Host Unreachable
 From 192.168.0.1 icmp_seq=3 Destination Host Unreachable

We must add additional routes to that we have connectivity to the rest of the 192.168.0.x network.

Configuring Routing for additional networks

In the previous scenario, we just need to add an additional route to the interface. In this case we could simply type:

 root@host# route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp0

Now we should be able to ping any accessible machine on the 192.168.0.x network.

 root@host# ping 192.168.0.5
 64 bytes from 192.168.0.5: icmp_seq=1 ttl=128 time=0.306 ms
 64 bytes from 192.168.0.5: icmp_seq=2 ttl=128 time=0.340 ms

This is nice.. but we dont want to have to type a route add command everytime we connect. Let us disconnect the tunnel by running the follwong command:

 root@host# poff

Now we place the tunnel and route commands in a script. In the following example, we made a file called /usr/local/sbin/vpn and populated it with this info:

 pon work updetach && route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp0

Now simply chmod the script +x and we should be able to execute it.

Of course there are a variety of ways in which we could script this. But the previous example was a simple demonstration of the possibilities.

From here you should be up and on your way to PPTP happiness.