Penguin

So, you want to run a PPTP server? Possibly you want to do this to allow a poor lonesome Windows machine somewhere to access MetaNet via a VPN. This page will contain a hopefully relatively complete and coherant set of notes to help you get a PPTP server running using poptop, an open source pptp server for Linux (http://www.poptop.org).

Server setup

First, the installation and configuration of the server. This is a relatively simple matter. The package pptpd contains the poptop server in Debian, and the defaults are reasonable, save for adding your IP range to /etc/pptpd.conf. Also, Debian has defaults in /etc/ppp/pap-secrets which allow users with a /etc/passwd entry to authenticate with ppp. These didn't seem to work out of the box, for some reason, so you may need to manually add a user and password pair in there in the standard pap-secrets format (user * password * or something similar).

You need standard things like ppp_generic, ppp_async and slhc in your kernel. bsd_comp etc might be useful and you will need ip_gre on your server!

(you may also want the MPPE patches to enable encryption of the PPTP tunnel)

If you have a firewall, you have to pinhole port 1723 TCP and GRE to the server running pptpd.

Client setup

Assuming you have a Windows 2k/XP client, this is a simple matter. Make a regular VPN connection, entering your pptpd server's IP to connect to. Also, flick through and turn off encryption and encrypted passwords for now (you may need to dig in an advanced setting dialog or something, at least in XP. Don't let it put you off). You may want to go to TCP/IP settings and turn off the default route:

  • Right click the connection and select Properties
  • Go to the Networking tab, select TCP/IP and click Properties
  • Tick Advanced and remove the tick from the box "Use default gateway on remote network"
  • Click OK all the way out.

http://www.domain-logic.com/support/secure_tunnel.htm - Detailed HowTo with pictures to setup Windows VPN client by Randall Perry.

If your Windows machine is behind a firewall, you need to put through similar pinholes. Port 1723 TCP to the machine connecting to pptpd, and GRE to that machine too.

Then put in your username and click connect -- all should be go.

Getting MetaNet to work

You need to advertise routes for your PPTP'd machine over the MetaNet.

http://www.brienposey.com/ospf_2.htm seems to suggest how to setup OSPF under Windows, since I don't have a windows machine, you're own your own here. -- PerryLorier

Alternatively, just setup a static route, just add

ip route 10.x.y.z/a device

to zebra.conf, eg
ip route 10.42.2.0/16 ppp0

and add to the "router ospf" section of ospfd.conf

redistribute static

Done.


CategoryHowto