PPTP VPN Server Howto in Ubuntu/Debian (Connect road-warrior to Central Office-HQ)
What is this howto...
This how to will help to configure Ubuntu/Debian as PPTP VPN Server, Linux (Ubuntu/Debian) and Windows (XP) as PPTP VPN Client.
Suppose...
You have a linux-box, which hostname is vpn-server; it has two network interface card as
netwrok interface 1: eth0 : IP: 123.49.42.180 and is connected to internet (WAN)
netwrok interface 2: eth1 : IP: 192.168.100.254 and is connected to local network (LAN)
Now this vpn server will have one type of client:
(a) Any pc (A road warrior) on travel will access the local network behind this vpn server.
Requirements...
> vpn-server linux-box
> internet connection ; for packages installation
> pptpd, pptp-linux
> windows client pc
> linux client pc
Special Note ...
While configuration of Ubuntu/Debian Servers/PC I always use the root shell; if you use Desktop/GUI editon of Linux, you have to open the terminal and apply "sudo su" ; otherwise you have to always put a sudo before all shell command.
So, lets start, I hope you have already installed Ubuntu/Debian.
| Login as root to your vpn-server; |
| Install the packages for PPTP vpn-server (pptpd) |
|
# apt-get update # apt-get -q -y install pptpd # cp /etc/pptpd.conf /etc/pptpd.conf.original # echo "" > /etc/pptpd.conf |
Add (copy/past) the following lines in /etc/pptpd.conf |
| # vim /etc/pptpd.conf |
|
option /etc/ppp/pptpd-options logwtmp localip 192.168.100.254 remoteip 192.168.100.130-199 |
| Save + Exit |
| Configure the option file /etc/ppp/options |
|
# cp /etc/ppp/options /etc/ppp/options.original # echo "" > /etc/ppp/options # vim /etc/ppp/options |
Add (copy/past) the following lines (please use your own dns server address in 'ms-dns') ... |
|
ms-dns 192.168.100.254 ms-dns 192.168.100.253 asyncmap 0 noauth crtscts lock hide-password modem proxyarp lcp-echo-interval 30 lcp-echo-failure 4 noipx |
| Save + Exit |
| Add the user/ip for vpn-cleint/user in chap-secret file /etc/ppp/chap-secrets |
| # vim /etc/ppp/chap-secrets |
|
# Secrets for authentication using CHAP # client server secret IP addresses user1 pptpd pwuser1 192.168.100.130 user2 pptpd pwuser2 192.168.100.131 |
| Save + Exit |
| Fnally start/restart the pptdp service/daemon |
| # /etc/init.d/pptpd start # /etc/init.d/pptpd restart |
In your firewall you have to allow the following lines ... |
|
iptables -A INPUT -p gre -j ACCEPT iptables -A OUTPUT -p gre -j ACCEPT iptables -A INPUT -p tcp --sport 1723 -s 123.49.42.180 -j ACCEPT iptables -A OUTPUT -p tcp --dport 1723 -d 123.49.42.180 -j ACCEPT |
So, your PPTP Vpn Server is now ready for action |
STEP-02: Linux as pptp vpn client (Ubuntu/Debian ) as Road-Warrior
| Login as root to your Linux Client; and install the pptp client package |
| # apt-get -q -y install pptp-linux network-manager-pptp |
Set the username/password in /etc/ppp/chap-secrets |
| # vim /etc/ppp/chap-secrets |
|
# Secrets for authentication using CHAP # client server secret IP addresses user1 PPTP pwuser1 * |
| Save + Exit |
| Make the vpn-dialar (add config lines in /etc/ppp/peers/conntovpns.sh)... |
| # vim /etc/ppp/peers/conntovpns.sh |
|
pty "pptp 123.49.42.180 --nolaunchpppd" name user1 remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam conntovpns.sh |
| Save + Exit |
| Configure vpn connection options |
|
# cp /etc/ppp/options /etc/ppp/options.original # echo "" > /etc/ppp/options.pptp # vim /etc/ppp/options.pptp |
Add (copy/past) the following lines |
|
lock noauth refuse-pap refuse-eap refuse-chap refuse-mschap nobsdcomp nodeflate |
| Save + Exit |
| Routing the vpn traffic; make the route script as /etc/ppp/ip-up.d/route-traffic.sh |
| # vim /etc/ppp/ip-up.d/route-traffic.sh |
Add the following lines |
|
#!/bin/bash NET="192.168.100.0/24" IFACE="ppp0" route add -net ${NET} dev ${IFACE} |
| Save + Exit |
Change the file permissin and Now make the connection establish to vpn server |
|
# chmod +x /etc/ppp/ip-up.d/route-traffic.sh # pptpd call conntovpns.sh |
Now vpn connection should established and you will be able to reach the local network behind the vpn server |
To disconnect from vpn, apply the following command. |
| # killall pptpd |
There is a alternate method to dial the vpn; is as follows ... |
|
# pon conntovpns.sh ; to dial the vpn # poff conntovpns.sh ; to disconnect from vpn |
For GUI Mode pptp-vpn client configuration you can follow the link: http://www.cyberciti.biz/tips/howto-configure-ubuntu-fedora-linux-pptp-client.html |
STEP-03: Windows as pptp vpn client (XP) as Road-Warrior
| As it is much easier to make a pptp vpn dialer in windows then I am just providing a reference link only
You can try it yourself |
| # Reference link: http://doc.m0n0.ch/handbook/pptp-windows.html |