15 Feb 09 Linux PPTP (Poptop) VPN Setup with MPPE and MPPC
Here’s a quick guide that I write as I’m setting up PPTP/MPPE/MPPC on a Linux server. My preferred VPN technology is OpenVPN mainly because it’s so quick and easy to set up and use, however in some cases PPTP is required chiefly when the Client wants to use the inbuilt Windows VPN capabilities rather than having to deploy 3rd party software.
My server is a Debian (of course) etch machine, with 2.6.24 (from source) kernel. My client is Windows XP Pro SP3.
Firstly, patch the kernel for MPPC and rebuild. My source directory is /usr/src/linux:
For the MPPC and PPP patches, visit http://gaute.vetsj.com/?p=69
wget http://gaute.vetsj.com/arkiv/2008-03-19%20-%20arch-mppc/kernel26/linux-2.6.24-mppe-mppc-1.3.patch
patch -p1 < linux-2.6.24-mppe-mppc-1.3.patch #Ignore warnings in the case of 2.6.18 at least anyway
make #When prompted RE MPPE/MPPC select ‘m’ for Module
make modules_install
Now download and patch ppp:
wget ftp://ftp.samba.org/pub/ppp/ppp-2.4.4.tar.gz
tar -xzf ppp-2.4.4.tar.gz
cd ppp-2.4.4
wget http://gaute.vetsj.com/arkiv/2008-03-19%20-%20arch-mppc/ppp/ppp-2.4.4-mppe-mppc.1.1.patch
patch -p1 < ppp-2.4.4-mppe-mppc.1.1.patch
./configure
make
make install
Now install poptop:
wget ‘http://downloads.sourceforge.net/poptop/pptpd-1.3.4.tar.gz?modtime=1176722091&big_mirror=1′
tar -xzf pptpd-1.3.4.tar.gz
cd pptpd-1.3.4
./configure
make
make install
Create /etc/pptpd.conf:
localip 10.0.0.1
remoteip 10.0.0.2-10
Create /etc/ppp/options-pptpd:
debug debug
logfd 2
lock
mtu 1450
mru 1450
proxyarp
auth
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
deflate 0
+chap
+mschap-v2
mppe required
Assign a username and password. Edit /etc/ppp/chap-secrets Add:
Username * Password *
Set permissions:
Allow masquerading if you wish. Where eth0 is your external interface:
iptables -F; iptables -t nat -F; iptables -t mangle -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
Launch the pptp daemon:
Make sure you have relevant kernel modules loaded, specifically ppp_mppe_mppc
You should be able to configure your Windows client by following the default setup wizard, no changes should be required.
Full logging is turned on in /var/log/daemon.log
Tags: 2.6.24, debian, iptables, kernel, Linux, masquerade, mppc, mppe, patch, ppp, pppd, pptp, pptpd, VPN
Reader's Comments
Leave a Comment
You must be logged in to post a comment.
|
I'm Adam Palmer, and I'm a Freelance Embedded Linux/Embedded Hardware enthusiast and Security Consultant. I run 'APNIC Solutions Ltd' and spend most of my time managing server clusters, and doing some PHP/MySQL development, whilst what little spare time I have is dedicated to playing with gadgets. I'm always happy to consult on or manage any Linux related, Web Application or Hosting project. Please get in touch with me! |
I always thought that a firewall and a virus protection program like Norton would provide full privacy protection. VPN has added to privacy by securing the connection between my computer and destination
!
I still have
“MPPE required, but keys are not available. Possible plugin problem?”
Any ideas what went wrong?
Hi…i was just wondering,
performance wise which is better ?? PPTP or OPENVPN
by performance i mean… which would be good in a low bandwidth situation…
pls email if necessary
Trying to get this to work with kernel 2.6.26-2 but I cant get the module ppp_mppe_mppc to load. I used the patch found here: http://yablochkin.net.ru/mppc/
Any help?
Thanks for that info it has really proven to be helpful. I really enjoy reading easy articles leading straight to the point.
Thanks allot.