PPTP daemon on SuSE 9.2
has anyone got experience on how to enable pptpd on suse 9.2, ive tried to use the defaults but appearently im doing something wrong so im out here asking whether anyone has epxerience and is willing to share config files, regards Matice
matice@nic.fi wrote:
has anyone got experience on how to enable pptpd on suse 9.2, ive tried to use the defaults but appearently im doing something wrong so im out here asking whether anyone has epxerience and is willing to share config files,
You have to change a lot to get it going, and there are some pitfalls. The first one is that you probably shouldn't try to do this on your firewall. I've learned from experience that this can be tricky. The problem that I seem to run into is that (and this is on 9.2), when the VPN connection is made, SuSEfirewall has to run so that the routes can be setup correctly. In the time it takes for SuSEfirewall to work its magic, the VPN connection times out waiting for LCP packets. Now, I tried getting SuSEfirewall to wait, like, 15 seconds before kicking off, but I guess I never really found the right place to make this happen. (I was trying `sleep 15 && ...' on line 116 of /etc/ppp/ip-up if anyone has any thoughts. If I commented out the line entirely, SuSEfirewall wouldn't run, the VPN connection would establish, but, of course, packets would actually flow through the VPN until I ran SuSEfirewall manually. I must not be understanding something about the way shell scripting works.) Anyway, after fighting this for a long time, I finally got the bright idea of just running pptpd on an internal server. If you have only one SuSE box, just setup a Windows box internally to do it. It makes like LOTS easier. (And I thought later that it might be possible to try some more things with the LCP packets, but I had had enough.) Here's my /etc/pptpd.conf file: ------------ option /etc/ppp/options.pptp debug localip 172.16.0.8 # <- a valid reserved ip works well... remoteip 172.16.0.200-210 # <- don't let other machines have these... pidfile /var/run/pptpd.pid stimeout 30 Here's /etc/ppp/options.pptp file: ------------- debug name <hostname> # <- This is important to set! auth require-mschap-v2 require-mppe-128 proxyarp Then you'll have to enter a line in your /etc/ppp/chap-secrets file of the form: -------------- <username> <hostname> <password> * Where <hostname> above must match <hostname> in options.pptp, and that asterisk is literal. Note the addresses above. If you're running a DHCP server somewhere, exempt the addresses that pptpd is handing out. On your firewall, simply forward all tcp packets to port 1723 to the internal VPN server (whether Linux or Windows). If you're using a SuSEfirewall2 setup, this would probably go like this in /etc/sysconfig/SuSEfirewall2: FW_FORWARD_MASQ="0/0,<ip addy of your VPN server>,tcp,1723" Regards, dk
participants (2)
-
David Krider
-
matice@nic.fi