Difference between revisions of "PPTP server"
(New page: Setting up a PPTP Server. The pptp server is the right tool to use for outside access to your internal network. While not the most secure VPN solution, PPTP is the most simple to install,...) |
m (Updated Versioninfo) |
||
(6 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:Networking]] | ||
+ | [[Category:Tutorials]] | ||
+ | {{versioninfo|810Status=Works|810UpdatedDate=5 October 2010|810UpdatedBy=pw44|1004Status=Works|1004UpdatedDate=1 November 2011|1004UpdatedBy=[[User:OnTarget|OnTarget]]}} | ||
+ | |||
Setting up a PPTP Server. | Setting up a PPTP Server. | ||
Line 25: | Line 29: | ||
where the localip is the address of the server, and the remoteip are the addresses that will be assigned to clients. | where the localip is the address of the server, and the remoteip are the addresses that will be assigned to clients. | ||
− | + | ||
edit the /etc/ppp/pptpd-options file: | edit the /etc/ppp/pptpd-options file: | ||
Line 40: | Line 44: | ||
Mine looks like: | Mine looks like: | ||
− | name | + | name dcerouter |
refuse-pap | refuse-pap | ||
refuse-chap | refuse-chap | ||
Line 59: | Line 63: | ||
Add to it the user name + password in the following syntax: | Add to it the user name + password in the following syntax: | ||
− | usernmae <TAB> | + | usernmae <TAB> dcerouter <TAB> users-password <TAB> * |
Restart the server for the settings to take affect: | Restart the server for the settings to take affect: |
Latest revision as of 13:12, 1 November 2011
Version | Status | Date Updated | Updated By |
---|---|---|---|
710 | Unknown | N/A | N/A |
810 | Works | 5 October 2010 | pw44 |
1004 | Works | 1 November 2011 | OnTarget |
1204 | Unknown | N/A | N/A |
1404 | Unknown | N/A | N/A |
Usage Information |
Setting up a PPTP Server.
The pptp server is the right tool to use for outside access to your internal network. While not the most secure VPN solution, PPTP is the most simple to install, configure and connect from windows, and mobile devices.
Reasons for doing it:
- Having your mobile as an extension of your asterisk server (Iphone, for example, can do it, Nokia can do it via an add on), even from public wifi spots.
- Being able to remotely access files or anything in your server from anywhere, even from wifi spots.
- Others, as you wish.
Lets make it simple:
Server Setup - install the pptp server package:
sudo apt-get install pptpd
edit the /etc/pptpd.conf file:
sudo vi /etc/pptpd.conf
and add:
localip 192.168.80.245,192.168.0.245 remoteip 192.168.80.246-250,192.168.0.246-250
where the localip is the address of the server, and the remoteip are the addresses that will be assigned to clients.
edit the /etc/ppp/pptpd-options file:
sudo vi /etc/ppp/pptpd-options
append the following directives:
ms-dns 192.168.80.1 nobsdcomp noipx mtu 1490 mru 1490
Mine looks like:
name dcerouter refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 192.168.80.1 proxyarp nodefaultroute debug lock nobsdcomp
Add the user credentials for authentication to you chap secrets file:
sudo vi /etc/ppp/chap-secrets
Add to it the user name + password in the following syntax:
usernmae <TAB> dcerouter <TAB> users-password <TAB> *
Restart the server for the settings to take affect:
sudo /etc/init.d/pptpd restart
Firewall rules:
Webadmin -> advanced -> Network -> Firewall Rules: core input for port 1723
You need to append the following lines to /usr/pluto/bin/Network_Firewall.sh, in order to permit GRE protocol flow (needed by PPTP):
iptables --append INPUT --protocol 47 --jump ACCEPT iptables --append OUTPUT --protocol 47 --jump ACCEPT
If you also have a router running Tomato or DD-WRT, the following iptables rules shall be applied (these are the ones in my Tomato router): My LinuxMCE has the eth0 setted to 192.168.0.160, defined by static address in my Tomato.
# init pptp + gre pass thru iptables -t nat -I PREROUTING -p tcp --dport 1723 -j DNAT --to 192.168.0.160:1723 iptables -I FORWARD -p tcp -d 192.168.0.160 --dport 1723 -j ACCEPT iptables -t nat -I PREROUTING -p 47 -j DNAT --to 192.168.0.160 iptables -I FORWARD -p 47 -d 192.168.0.160 -j ACCEPT iptables -t nat -A PREROUTING -i ppp0 -p tcp -d 0/0 --dport 1723 -j DNAT --to-destination 192.168.0.160 iptables -t nat -A PREROUTING -i ppp0 -p gre -d 0/0 -j DNAT --to-destination 192.168.0.160 iptables -A FORWARD -i ppp0 -o br0 -p tcp --dport 1723 -d 192.168.0.160 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i br0 -o ppp0 -p tcp -s 192.168.0.160 --sport 1723 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i ppp0 -o br0 -p gre -d 192.168.0.160 -m state --state NEW,ESTABLISHED,RELATED-j ACCEPT iptables -A FORWARD -i br0 -o ppp0 -p gre -s 192.168.0.160 -m state --state ESTABLISHED,RELATED -j ACCEPT # end pptp + gre pass thru
Once done, reload DCERouter, in order that the /usr/pluto/bin/Network_Firewall.sh is reloaded,and if you have Tomato or DD-WRT, reboot it.
Configure your client to use PPTP and test (beyond this wiki).