Pptp ��� ������������ linux

PPTP Client

pptpclient is a program implementing the Microsoft PPTP protocol. As such, it can be used to connect to a Microsoft VPN network (or any PPTP-based VPN) provided by a school or workplace.

Contents

Installation

Configure

To configure pptpclient you will need to collect the following information from your network administrator:

• The IP address or hostname of the VPN server.
• The username you will use to connect.
• The password you will use to connect.
• The authentication (Windows) domain name. This is not necessary for certain networks.

You must also decide what to name the tunnel.

Configure using pptpsetup

You can configure and delete tunnels by running the pptpsetup tool as root. For example:

You can #Connect after a tunnel has been configured.

Configure by hand

You can also edit all necessary configuration files by hand, rather than relying on pptpsetup.

Edit The options File

The /etc/ppp/options file sets security options for your VPN client. If you have trouble connecting to your network, you may need to relax the options. At a minimum, this file should contain the options lock , noauth , nobsdcomp and nodeflate .

Edit The chap-secrets File

The /etc/ppp/chap-secrets file contains credentials for authenticating a tunnel. Make sure no one except root can read this file, as it contains sensitive information.

Edit the file. It has the following format:

Replace each bracketed term with an appropriate value. Omit \\ if your connection does not require a domain.

Name Your Tunnel

The /etc/ppp/peers/ file contains tunnel-specific configuration options. is the name you wish to use for your VPN connection. The file should look like this:

Again, omit \\ if your connection does not require a domain. is the remote address of the VPN server, is the domain your user belongs to, is the name you will use to connect to the server, and is the name of the connection.

in the /etc/ppp/chap-secrets File.

Connect

To make sure that everything is configured properly, as root execute:

If everything has been configured correctly, the pon command should not terminate. Once you are satisfied that it has connected successfully, you can terminate the command.

To connect to your VPN normally, simply execute:

Where is the name of the tunnel you established earlier. Note that this command should be run as root.

Routing

Once you have connected to your VPN, you should be able to interact with anything available on the VPN server. To access anything on the remote network, you need to add a new route to your routing table.

For more information on how to add routes, you can read this article which has many more examples: PPTP Routing Howto

Split Tunneling

Packets with a destination of your VPN’s network should be routed through the VPN interface (usually ppp0 ). To do this, you create the route:

This will route all the traffic with a destination of 192.168.10.* through your VPN’s interface, ( ppp0 ).

Route All Traffic

It may be desirable to route all traffic through your VPN connection. You can do this by running:

Route All Traffic by /etc/ppp/ip-up.d

Make sure the script is executable.

Split Tunneling based on port by /etc/ppp/ip-up.d

Make sure the script is executable and that the vpn table is added to /etc/iproute2/rt_tables

Disconnect

Execute the following to disconnect from a VPN:

is the name of your tunnel.

Making A VPN Daemon and Connecting On Boot

This article or section is out of date.

You can create a simple daemon for your VPN connection by creating an appropriate /etc/rc.d/* script:

To resolve this issue, you can patch your /usr/bin/poff file by making the following changes on line 93:

Troubleshooting

If client connections keep timing out with «LCP: timeout sending Config-Requests», make sure that GRE is allowed through the client firewall. For iptables, the necessary command is:

Alternatively, if you only want to allow PPTP traffic that corresponds to a connection request coming from your local machine, you can use the conntrack PPTP helper:

The second line should autoload the nf_conntrack_pptp and nf_conntrack_proto_gre kernel modules, which are needed for this.

If you get “EAP: unknown authentication type 26; Naking”, open /etc/ppp/options.pptp and commented out the lines refuse-chap and refuse-mschap and add the options file entry to the tunnel file like this:

Remarks

You can find more information about configuring pptpclient at their website: pptpclient website. The contents of this article were adapted from their Ubuntu How-To which also provides some hints on how to do things such as connecting on boot. These examples should be easy to adapt into daemons or other scripts to help automate your configuration.

Источник

RussianProxy.ru

Навигация

Вход на сайт

Настройка PPTP клиента в Debian Ubuntu

Для работы Ubuntu Server в качестве PPTP-клиента необходимо установить пакет pptp-linux:

Основные настройки пакета, применяемые ко всем PPTP соедниненям по умолчанию хранятся в /etc/ppp/options.pptp, в большинстве случаев менять их нет необходимости, однако вы можете добавить какие-то свои опции, общие для всех соединений.

Для настройки подключения создадим в /etc/ppp/peers файл настроек с его именем:

Откроем его и внесем следующее содержимое:

Номер ppp интрефейса создает для подключения всегда один и тот же сетевой интерфейс, в нашем случае это будет ppp12.

Отдельно стоит остановиться на наборе опций для автоматического переподключения. Мы настоятельно советуем ограничить количество попыток (0 — неограничено) разумным числом и не ставить слишком маленький промежуток времени. Это позволит ограничить нагрузку на VPN-сервер в случае проблем с подключением (например нет денег на балансе или изменились учетные данные).

Теперь укажем авторизационные данные для нашего пользователя, для этого в файл /etc/ppp/chap-secrets добавим следующую строку:

которая предусматривает использование указанных учетных данных, где vpnpassword -пароль соединения, для удаленного соеднинения TEST (это имя мы указали в опции remotename).
Теперь самое время проверить наше соединение. Первый раз лучше запустить его в интерактивном режиме, тогда все сообщения об ошибках и ходе подключения вы будете видеть прямо в консоли:

В дальнейшем управлять соединением можно при помощи команд pon и poff (подключить и отключить соответственно).

Чтобы автоматически поднимать соединение при запуске системы в файл /etc/network/interfaces добавим секцию:

Для доступа в корпоративную сеть может понадобиться добавление статических маршрутов, это тоже можно делать автоматически, для этого в конец созданой секции добавим строку:

Мы привели реальный маршрут используемый в нашем случае, вы должны указать здесь свои данные, если они не известны — уточните их у системного администратора.

Перезапустим сеть и убедимся что все работает правильно:

Для получения списка маршрутов воспользуйтесь командой route, также можно пропинговать какой-нибудь внутренний хост.

При подключении к сети интернет через PPTP бывают ситуации, когда, несмотря на указанные опции, нулевой маршрут через туннель не устанавливается. В этом случае можно в конец соответсвующей секции в /etc/network/interfaces добавить:

Источник

How to configure a Linux PPTP VPN client

Configuring a VPN client connection is a simple matter of point and click in Windows OSes, but in Linux it is involves installing a package, configuring passwords, VPN server settings and finally routing the traffic destined for the VPN network via the VPN connection. The package named pptp is used on the client side for configuring a connection. To setup a VPN server read How to setup a VPN Server in Windows Server 2008. This tutorial is for both Debian Linux variants and Red Hat Linux variants.

Fedora/Red Hat/CentOS PPTP Client Installation

Install the pptp client

yum install pptp

Debian/Ubuntu PPTP Client Installation

Use the apt-get command

apt-get install pptp-linux

Configuring VPN credentials and server settings

Edit the following file and enter your VPN username and password

The syntax of the file is as follows

DOMAIN\\username PPTP vpnpassword *

For example to configure a user named jesin on example.com with pass1 as the password enter

EXAMPLE\\jesin PPTP pass1 *

If your VPN network doesn’t come under a domain replace DOMAIN with your VPNSERVER name.

Next is to configure the VPN server settings. Create and edit a new file under the peers directory

Add content according to the syntax below

pty «pptp vpn-server-hostname-or-ip-address —nolaunchpppd»
name DOMAIN\\username
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam vpnconnection1

Here “DOMAIN\\username” is the same as the one entered in the chap-secrets file. The ipparam should contain the name of the newly created file, in this case it is “vpnconnection1”

Adding a route to the routing table

All traffic for the VPN network should pass through the VPN interface so an entry has to be added to the routing table. To automatically add an entry whenever a VPN connection is established create and edit the following file

Add the following content

#!/bin/bash
route add -net 10.0.0.0/8 dev ppp0

Make the file executable

chmod +x /etc/ppp/ip-up.d/vpn1-route

Testing the connection

To connect using the newly created VPN connection use the following command

pppd call vpnconnection1

Take a peek into the messages log file using the following command

tail -f /var/log/messages

you should see something similar to this

Nov 27 13:46:20 server1 kernel: [ 800.071028] PPP generic driver version 2.4.2
Nov 27 13:46:20 server1 pppd[1083]: pppd 2.4.5 started by root, uid 0
Nov 27 13:46:20 server1 pppd[1083]: Using interface ppp0
Nov 27 13:46:20 server1 pppd[1083]: Connect: ppp0 /dev/pts/0
Nov 27 13:46:25 server1 pppd[1083]: CHAP authentication succeeded
Nov 27 13:46:25 server1 kernel: [ 804.683790] padlock: VIA PadLock Hash Engine not detected.
Nov 27 13:46:25 server1 kernel: [ 804.687408] PPP MPPE Compression module registered
Nov 27 13:46:25 server1 pppd[1083]: MPPE 128-bit stateless compression enabled
Nov 27 13:46:26 server1 pppd[1083]: local IP address 10.0.0.11
Nov 27 13:46:26 server1 pppd[1083]: remote IP address 10.0.0.12

Try pinging a system in the VPN network and you should get proper replies.

Disconnecting the connection

To disconnect the PPTP VPN connection use the killall command

Источник

Linux configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server

With this tip you will be able to work from home using VPN and that too from Linux / FreeBSD system for the proprietary Microsoft Point-to-Point vpn server.

Different organization uses different VPN connection options such as SSL, PPTP or IPSEC. When you need to access corporate network and its services, you need to login using VPN.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. It works on Data link layer (#2 layer) on TCP/IP model. Personally I prefer IPSEC. PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN) as used by employers and some cable and ADSL internet service providers.

But many originations use PPTP because it is easy to use and works with Windows, Mac OS X, Linux/*BSD and other handled devices.

Compatibility note

I’ve tested instructions and pptp on:
[a] CentOS / RHEL / Fedora Core Linux running 2.6.15+ kernel
[b] Ubuntu and Debian Linux running 2.6.15+ kernel
[c] FreeBSD etc

• No ads and tracking
• In-depth guides for developers and sysadmins at Opensourceflare✨
• Join my Patreon to support independent content creators and start reading latest guides:
  • How to set up Redis sentinel cluster on Ubuntu or Debian Linux
  • How To Set Up SSH Keys With YubiKey as two-factor authentication (U2F/FIDO2)
  • How to set up Mariadb Galera cluster on Ubuntu or Debian Linux
  • A podman tutorial for beginners – part I (run Linux containers without Docker and in daemonless mode)
  • How to protect Linux against rogue USB devices using USBGuard

Join Patreon ➔

I’ve found that pptp client is 100% compatible with the following servers/products:
[a] Microsoft Windows VPN Server
[b] Linux PPTP Server
[c] Cisco PIX etc

How do I install PPTP client under Linux?

By default most distro installs PPTP client called PPTP-linux which is the client for the proprietary Microsoft Point-to-Point Tunneling. Use apt-get or yum command to install pptp client:
$ sudo apt-get install pptp-linux network-manager-pptp
Fedora Core user can install client using rpm command:
# rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
# yum —enablerepo=pptp-stable install pptpconfig

[a] network-manager-pptp or pptpconfig – A gui network management framework (PPTP plugin) for network-admin tool (frontend)
[b] pptp-linux – Point-to-Point Tunneling Protocol (PPTP) command line client

How do I configure client using command line (cli)?

You need to edit / create following configuration files

• /etc/ppp/chap-secrets – Add your login name / password for authentication using CHAP. Pppd stores secrets for use in authentication in secrets files.
• /etc/ppp/peers/myvpn-name – A dialup connection authenticated with PAP / CHAP configuration file. You need to add your dialup server name and other information in this file.

Sample configuration data

1. PPTP server name: pptp.vpn.nixcraft.com
2. VPN User Name : vivek
3. VPN Password: VpnPassword
4. Connection name: delhi-idc-01

Open /etc/ppp/chap-secrets file:
# vi /etc/ppp/chap-secrets
OR
$ sudo vi /etc/ppp/chap-secrets
Append line as follows:
vivek PPTP VpnPassword *

Save and close the file.

Create a connection file called /etc/ppp/peers/delhi-idc-01 (replace delhi-idc-01 with your connection name such as office or vpn):
# vi /etc/ppp/peers/delhi-idc-01
Append configuration data as follows:
pty «pptp pptp.vpn.nixcraft.com —nolaunchpppd»
name vivek
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam delhi-idc-01

Close and save the file. Where,

• pty “pptp pptp.vpn.nixcraft.com –nolaunchpppd”: Specifies that the command script is to be used to communicate rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master/slave pair and use the slave as its terminal device. The script will be run in a child process with the pseudo-tty master as its standard input and output. An explicit device name may not be given if this option is used. (Note: if the record option is used in conjunction with the pty option, the child process will have pipes on its standard input and output.). In this case we are using pptp client to establishes the client side of a Virtual Private Network (VPN) using the Point-to-Point Tunneling Protocol (PPTP). pptp.vpn.nixcraft.com is my host name (or IP address) for the PPTP server. –nolaunchpppd option means do not launch pppd but use stdin as the network connection. Use this flag when including pptp as a pppd connection process using the pty option.
• name vivek: VPN username
• remotename PPTP: Set the assumed name of the remote system for authentication purposes to name. If you don’t know name ask to network administrator
• require-mppe-128: Require the use of MPPE, with 128-bit encryption. You must encrypt traffic using encryption.
• file /etc/ppp/options.pptp: Read and apply all pppd options from options.pptp file. Options used by PPP when a connection is made by a PPTP client.
• ipparam delhi-idc-01 : Provides an extra parameter to the ip-up, ip-pre-up and ip-down scripts (optional).

Route traffic via ppp0

To route traffic via PPP0 interface add following route command to /etc/ppp/ip-up.d/route-traffic
# vi /etc/ppp/ip-up.d/route-traffic
Append following sample code (modify NET an IFACE as per your requirments):
#!/bin/bash
NET=»10.0.0.0/8″ # set me
IFACE=»ppp0″ # set me
#IFACE=$1
route add -net $ dev $
Save and close the file:
# chmod +x /etc/ppp/ip-up.d/route-traffic

Task: connect to PPTP server

Now you need to dial out to your office VPN server. This is the most common use of pppd. This can be done with a command such as:
# pppd call delhi-idc-01
If everything is went correctly you should be online and ppp0 should be up. Remote server will assign IP address and other routing information. Here is the message from my /var/log/messages file:
# tail -f /var/log/messages
Output:

Task: Disconnect PPTP server vpn connection

Simply kill pppd service, enter:
# killall pppd
OR
# kill

How do I configure PPTP client using GUI tools?

If you are using Debian / Ubuntu, just click on Network configuration Icon on taskbar > VPN Connection > Configure VPN > Add:

Save and close the dialog box. To connect via VPN click on Network Icon > Select VPN Connection > Connection name (Mumbai VSNL IDC) > Enter your VPN username and password and click on Ok

If you are using Fedora core Linux, run pptpconfig as root and just follow on screen instructions:
# pptconfig &

Troubleshooting hints

If the connection fails, you might need to gather more information and try out following troubleshooting tips.

Q. I’m authenticated successfully but cannot route traffic..

A. Use route command to add route manually:
# ip route add dev ppp0
# ip route add 10.0.0.0/8 dev ppp0
Or use route command:
# route add -net 10.0.0.0 netmask 255.0.0.0 dev ppp0

Q. I’m authenticated successfully, I can ping to remote gateway but cannot access host by name…

A. Setup correct DNS server names in /etc/resolv.conf file:
# cat /etc/resolv.conf
Output:
search nixcraft.com
nameserver 10.0.6.1
nameserver 10.0.6.2
nameserver 208.67.222.222

Q. How do I open my local network (laptop, desktop and other system) to talk with any computer behind VPN server via this local Linux ppp0 interface (i.e. act this computer as router)…?

A. Append following two rules in your existing iptables rules to turn on routing (adjust IP address range as per your setup):
iptables —table nat —append POSTROUTING —out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables —append FORWARD —in-interface eth0 -j ACCEPT

Q. Point-to-Point Encryption is not working and I’m not able to connect to remote PPTP server…

A. Make sure you are using 2.6.15 or above kernel. If you are using old kernel version upgrade to latest version and compile support for ppp_mppe kernel module. If you are using latest version, load driver using modprobe:
# modprobe ppp_mppe
# pppd call myoffice

Note: You can always get more information by reading pptp diagnosis howto here.

A note to readers

As I said earlier I prefer to use open source solution such as OpenVPN or IPsec as they are more secure. The PPTP is not secure enough for some information security policies. Next time I will write about OpenVPN and IPsec.

Источник