Create a VPN on Linux with Poptop
You are using Linux and you need to create a VPN where both Windows and Linux users will be able to use really easily. This post is done for you. In few lines we will see how to install and configure Poptop, an open source PPTP server for Linux. On top of that we'll see the options you need in the kernel as well as how to configure iptables properly if ever you use it. Then how to connect to it using pptpclient on Linux which is the client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Finally we'll see how to connect to your VPN on Windows.
The Kernel
Most of the people don't compile their own kernel, I do. So for people like me, this might be useful to them. So simply in image what you need:
iptables
If you are using iptables, you have to add some rules:
iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -F FORWARD
iptables -A FORWARD -j ACCEPT
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
That's it for iptables.
Install and configure poptop
If you are using archlinux (the package name is probably similar or the same in other distributions)
pacman -S pptpd
You now need to configure poptop by editing its configuration file:
vi /etc/ppp/pptpd-options
An example of pptpd-options:
debug
name pptpd
require-mschap-v2
+mschap-v2
require-mppe-128
lock
nobsdcomp
nodeflate
passive
auth
I am using mschap-v2 (it's Microsoft Challenge Handshake Authentication Protocol version 2) and MPPE 128-bit (Microsoft Point-to-Point Encryption). If you want to know more, you can check the documentation for this configuration file.
You need to add users that will be able to connect to your VPN by editing chap-secrets:
vi /etc/ppp/chap-secrets
Here is a sample:
# Secrets for authentication using CHAP
# client server secret IP addresses
marc pptpd "mypassword" *
That's it, we are done with the installation and configuration of poptop. You can start it with /etc/rc.d/pptpd start (for archlinux, on debian based distributions such as ubuntu it will be /etc/init.d/pptpd start). Let's see how to connect to it on Linux using pptpclient.
Configuring the client on Linux with pptpclient
First you need to install pptpclient
pacman -S pptpclient
You need to create one file (you can call it the name you want):
vi /etc/ppp/peers/inebium
The content of the file is (123.123.123.123 is the IP address of the server that hosts the VPN):
pty "pptp 123.123.123.123 --nolaunchpppd"
name marc
remotename pptpd
require-mppe-128
lock
noauth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
As you did for the server you need to edit /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
marc pptpd "mypassword" *
Done. You can now connect to the vpn like this (where what is following pon is the name of the peer file you created earlier):
pon inebium
Don't forget you need to have the proper ppp module loaded:
modprobe ppp_mppe
Configuring the client on Windows
On Windows XP, in Network Connections -> Create a new Connection -> Connect to private network (Virtual Private Network) -> Connection to Virtual Private Network -> Name of the company (you can put whatever) -> Then you are asked for the ip address of the server where you've configured poptop -> That's it, you enter the username and password you've put in the chap-secrets file and click on Connect.
Conclusion
In few basic steps, we've seen how to setup a VPN on GNU/Linux with poptop which is based on the PPTP protocol. We went through what was required in the kernel + the configuration of iptables and finally how to connect to our configured VPN using pptpclient on Linux. I hope this post will be helpful for you.
0 comments