A quickie on how to set up a Linux to MS VPN
Author: Tom Newsom
Published: January 17, 2007
There are many reasons why you, as a Linux user, would want or need to connect your Linux workstation to an MS VPN server. In this short document I will show you how simple this process is.
What we need to make this work is PPPD and its associated kernel modules and PPTP from http://pptpclient.sourceforge.net/. Download, extract, build and install pptp. The pptp archive does not have a configure in it. Instead we can simply make and sudo make install (or perhaps checkinstall if you use that program). More advanced users may want to strip the pptp binary by doing "strip --strip-unneeded pptp" and "gzip pptp.8" before installing pptp. It is not difficult to create ones own slackpak for pptp but that is beyond the scope of this mini how to. The steps outlined above are enough to get a working pptp.
However, if you are like me and roll your own kernels then you may need to redo it and select the relevant modules. To give you a hand in selecting the options we must have see below. Load up your favorite kernel configuration tool (xconfig, menuconfig etc) and follow the path indicated below.
(Be aware that the 2.4.x series of kernels do not have a mppe option by default but you can download the MPPE module separately from http://mppe-mppc.alphacron.de/ and patch various kernels or patch pppd and rebuild it with MPPE support. Examples of how to accomplish this are given on the site).
If you use a 2.6.x kernel then the steps below will give you MPPE support.
Device Drivers --->
Network device support --->
<M> PPP (point-to-point protocol) support
[*] PPP multilink support (EXPERIMENTAL)
[*] PPP filtering
<M> PPP support for async serial ports
<M> PPP support for sync tty ports
<M> PPP Deflate compression
<M> PPP BSD-Compress compression
<M> PPP MPPE compression (encryption) (EXPERIMENTAL)
The more astute amongst you will notice I have <M> PPP Deflate compression and <M> PPP BSD-Compress compression as part of my kernel build but do not use them when calling pppd. This is because there are times when those options for pppd will be needed so by building them at the start they are there for use when we need them.
Once your kernel is ready we need to configure PPP. For pppd we need to edit or create 3 files. These are namely /etc/ppp/options.pptp, /etc/ppp/peers/$TUNNEL and /etc/ppp/chap-secrets. So, let's start by editing or creating /etc/ppp/options.pptp. Use your preferred editor and open /etc/ppp/options.pptp (we use option.pptp here as a way to differentiate it from the normal options file. That way if you use pppd to connect to your ISP then the normal options file is there to use and when we need to tunnel to our VPN server we have the options.pptp available). The options.pptp file should contain the following
lock noauth nobsdcomp nodeflate
Now we need to open or create a /etc/ppp/peers/$TUNNEL file. $TUNNEL can be any name you wish to remember which MS VPN server you are connecting to. I usually call my $TUNNEL file the same name as who I am connecting to so, in this example I use wrights. So open or create /etc/ppp/peers/$TUNNEL. This file contains the following.
pty "pptp $IP --nolaunchpppd" name $LOGINNAME remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam $TUNNEL
Save this file as /etc/ppp/peers/wrights.
The $IP above should be set to whatever the MS VPN server IP/domainname is and $LOGINNAME set to whatever the login username is to login to the MS VPN server. The ipparam is set to whatever you called the peers file. In this example that was wrights. It can be named anything. So let us create that file now.
Open, or create /etc/ppp/peers/wrights.
Finally, we need to set up the chap-secrets file. So using your preferred editor open or create /etc/ppp/chap-secrets.
This file holds the account details thus:
# client server secret ip addresses
Ben PPTP millychip *
The above is a standard PPP peers file but for completion I will explain what is what within that file. Ben is the username which you should of been given by the MS VPN administrator. PPTP the protocol type (it should always be PPTP). millychip the user password, again this should of been given to you by the MS VPN administrator and the * at the end signifies take whatever IP the VPN server says to use.
Once these three files are in place run this:
sh /usr/doc/ppp-2.4.4/scripts/pon wrights debug dump logfd 2 nodetach
'man pppd' will tell you what the options after 'wrights' do but basically they keep pppd in the foreground so we can see what is going on.
The script file 'pon' and its companion 'poff' are two scripts that come with pppd. They are useful when you do not keep pppd in the foreground. As you can see above I call the file from its location but you can move 'pon' and 'poff' to somewhere in your $PATH for ease of use.
This should then connect to the MS VPN server and bring up ppp0 with an IP assigned by the MS VPN server. You can check that ppp0 is up and working with /sbin/ifconfig.
When you know everything is working fine you can drop the debug dump logfd 2 and nodetach.
There is also a pptpconfig application which aids in setting up pptp but I could not get that to work AT ALL. However, doing it manually is not difficult and it worked first time.