Tag Archive for 'vpn'

Debian pptpd HOWTO

Published
by
Ianculov Vucomir
on June 13, 2008
in Ubuntu / Debian
. Comments

Installing MPPE Support Most people want their tunnels encrypted. Check the version of your kernel; if it is below 2.6.15-rc1 then you do not have MPPE support. To check further, test like this:

# modprobe ppp-compress-18 && echo success

If this fails, follow the Debian MPPE HOWTO, then return here.
Installing the Server ProgramInstall the pptpd package from the Debian Project:

# apt-get install pptpd


Configure IP Address RangeEdit the file /etc/pptpd.conf for the IP address range, for example:

localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

Note: see pptpd.conf(5) for more details on the other options.Note: you will need to restart pptpd to make changes to /etc/pptpd.conf effective:

# /etc/init.d/pptpd restart


Adding UsersConfigure /etc/ppp/chap-secrets for the accounts, for example:

# echo “username pptpd password *” >> /etc/ppp/chap-secrets

Note: this method has all the usernames in one file. There are other ways, including authentication using Radius, or using Samba. Check the mailing list (subscribe, archives).Note: you do not need to restart pptpd, a change to chap-secrets is effective for the next connection.
TestingAttempt a connection from a client. On successful connection, a new interface should be created (e.g. ppp0), and the remote IP address of the interface should be pingable. If so, the rest of your problems are likely to be routing.Note: if you need to set up a Debian test client, see the PPTP Client Debian HOWTO. The test client cannot be on the same host, it doesn’t work.To diagnose faults, enable the options debug dump in /etc/ppp/pptpd-options. The change is effective on the next connection. The debug output goes to /var/log/debug, and the dump output and usual output to /var/log/messages.

PatchingIf you need to adopt a source code change made in CVS after the version you are running, see our Applying patches to Debian pptpd page.
Performance NotesOn a Debian system there may be scripts run by pppd when a network interface is brought up. These scripts are in the /etc/ppp/ip-up.d directory.Some of these scripts may run with incorrect assumptions … in particular the Debian Sarge exim4 package includes a script /etc/ppp/ip-up.d/exim4 that restarts exim4 or runs the queue. The assumption in this script is that the system has just connected to the internet through the PPP link.You may wish to customise this script. If your server has a default route via an ethernet interface, then either remove the script or add an exit command near the top.

Comments

If you have comments on this document, please send them to the author at james.cameron at hp.com. But if you need help, use the mailing list (subscribe, archives) so that we can share the load.

Sursa