PPTP remains one of the most popular methods of accessing a Virtual Private Network Service. This article will cover a basic setup and configuration of PPTP for most generic GNU/Linuxdistributions. The distribution(s) of choice here at Section6 happen to be
In Debian Linux we would simply install the package:
root@host# apt-get install pptp-linux
Note: make sure your apt-sources are current and the package repository is up to date.
In Gentoo Linux you would need a couple of packages:
root@host# emerge ppp root@host# emerge pptp-client
You will need to know a few variables before continuing from here:
$SERVER = the IP address of the PPTP server you will be connecting to $TUNNEL = the name you wish to refer to this tunnel as $DOMAIN = the name of the Windows Domain you are logging into; if needed $USERNAME = the username you will be logging in as $PASSWORD = the password you will be using to connect
During the rest of the course of this article, any configuration file that refers to these variables should actually contain the information supplied.
From here we need to create an options file for out PPTP connection. Simply create a file called /etc/ppp/options.pptp and populate it with the following info:
lock noauth nobsdcomp nodeflate
Now we wil need to create a file called /etc/ppp/chap-secrets, and populate it with the following info:
$DOMAIN\\$USERNAME PPTP $PASSWORD *
If we are not logging into a WIndows Domain, we can simply leave out the $DOMAIN\\ portion of the configuration and simply use:
$USERNAME PPTP $PASSWORD *
Now we need to actually create a tunnel file for the PPTP client to use. In this case we will call our tunnel "work". Create a file called /etc/ppp/peers/work file and populate it with the follwing info:
pty "pptp $SERVER --nolaunchpppd" name $DOMAIN\\$USERNAME remotename PPTP file /etc/ppp/options.pptp ipparam work
Again, if the Windows Domain is not needed.. then simply omit the $DOMAIN\\ option and only use $USERNAME
At this point we should be able to test our pptp connection. We will run the tunnel in debug mode to make sure each step is occuring as it should.
root@host# pon work debug dump logfd 2 nodetach
The pon command will turn the PPTP tunnel on. In this case we are specifying the "work" tunnel to use. We are turning debug options on and dumping the output.
Once this has complete we should be successfully connected and see a new interface device.
root@host# ifconfig ppp0 Link encap:Point-to-Point Protocol inet addr:192.168.0.242 P-t-P:192.168.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:334 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:9 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:90 (90.0 b) TX bytes:90 (90.0 b)
At this point we are connected to host 192.168.0.1. Our IP address assigned to the ppp0 device is 192.168.0.242. We should be able to ping the host we are connected to:
root@host# ping 192.168.0.1 64 bytes from 192.168.0.1: icmp_seq=1 ttl=128 time=0.306 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=128 time=0.340 ms
This is a good start, but what if we want connectivity to other machines on the 192.168.0.x network? Let us assume we need connectivity to a machine with the IP address of 192.168.0.5
root@host# ping 192.168.0.5 PING 192.168.0.4 (192.168.0.5) 56(84) bytes of data. From 192.168.0.1 icmp_seq=2 Destination Host Unreachable From 192.168.0.1 icmp_seq=3 Destination Host Unreachable
We must add additional routes to that we have connectivity to the rest of the 192.168.0.x network.
In the previous scenario, we just need to add an additional route to the interface. In this case we could simply type:
root@host# route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp0
Now we should be able to ping any accessible machine on the 192.168.0.x network.
root@host# ping 192.168.0.5 64 bytes from 192.168.0.5: icmp_seq=1 ttl=128 time=0.306 ms 64 bytes from 192.168.0.5: icmp_seq=2 ttl=128 time=0.340 ms
This is nice.. but we dont want to have to type a route add command everytime we connect. Let us disconnect the tunnel by running the follwong command:
Now we place the tunnel and route commands in a script. In the following example, we made a file called /usr/local/sbin/vpn and populated it with this info:
pon work updetach && route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp0
Now simply chmod the script +x and we should be able to execute it.
Of course there are a variety of ways in which we could script this. But the previous example was a simple demonstration of the possibilities.
From here you should be up and on your way to PPTP happiness.
Tutorial Home >