Search:


Main.PPTPClientSetup

Recent Changes
Printable View
Page History
Edit Page

The PPTP protocol (Point-to-Point Tunneling Protocol) is a popular one for creating VPN connections. It is a substandard mechanism with security problems, but come companies mandate it's use anyway, so here is how I configured it to connect to a corporate LAN from on a remote Slackware 13.1 system.

The PPTP specification does not describe any built-in encryption or authentication features and so relies on the Point-to-Point Protocol being tunneled to implement security functionality.

By posting this I'm probably indirectly aiding and abetting terrible information exploitation, corporate espionage and government spying, by maintaining the inertia that holds us back from adapting to better systems - but we've got to keep notes for the systems we're forced to use...

IMPORTANT: Instead of using this method and protocol for creating virtual private networks, try investigating more secure systems, particularly Free Software or open source alternatives. Lobby those in charge with your ideas and options. I have no recommendations at this time.

Nothing is "secure" any more. "Secure" is now a one word oxymoron. --PolygamousRanchKid

Instructions

I installed the PPTP slackbuild (a Slackware from-source software package) from here:

I used the usual slackbuild mechanism well documented elswhere (I'll get around to a small tutorial here sooner or later...)

Once the package was installed, you need to create and edit some config files.

in /etc/ppp/chap-secrets (create it if it does not already exist), add a line to represent your connection: 

# Secrets for authentication using CHAP
# client         server      secret       IP addresses
"USERNAME" PPTP "PASSWORD"

Note you should include the quotes, but replace the values USERNAME and PASSWORD with your own. You may need to include a domain-based username.

In the file /etc/ppp/options.pptp, make sure the values ... 

lock noauth nobsdcomp nodeflate

...are found. After this, create a tunnel file, the name of which is your "local name" of the tunnel for this VPN connection. Substitute your own text editor command in place of 'nano' here, as well as your own name for the tunnel 'TUNNEL': 

# nano /etc/ppp/peers/TUNNEL

edit the file to include the following: 

pty "pptp SERVER --nolaunchpppd"
name DOMAIN\\USERNAME
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam TUNNEL
  • Replace SERVER with the IP address of domain name of the VPN server
  • Replace DOMAIN\\USERNAME with the username you've been given. This might just be a simple name without a domain part.
  • Replace TUNNEL with the name of the tunnel file you've just made (the name of this file itself)
  • Create a script (for example, /usr/local/bin/routevpn.script) that will set up the correct routing once the connection has been made: 
    #!/bin/sh
/sbin/route add -net LOCAL_NETWORK netmask MASK dev ppp0
    . In my case LOCAL_NETWORK is '192.168.0.0' and MASK is '255.255.255.0'.
  • You may need to add entries into your resolv.conf for nameservers.

The actual connection is made by triggering the pppd daemon to start. The pppoe-start command can also be used if their are no conflicts with other connections you may have set up: 

#  pppd nodetach call TUNNEL

...where TUNNEL is the name of your tunnel file created earlier (just the name, no path information).

If this is successful, you should run the routevpn script created above: 

# /usr/local/bin/routevpn.script

The connection can be terminated like so: 

# pppoe-stop

Log messages useful for debugging can be found in /var/log/messages

...

TODO

  • investigate relationship to pppoe, especially logins in pppoe.conf
  • pppd nodetach call TUNNEL

Links

See also