https://wiki.archlinux.org/api.php?action=feedcontributions&user=David+HK&feedformat=atomArchWiki - User contributions [en]2024-03-29T10:05:59ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=PPTP_server&diff=270060PPTP server2013-08-06T04:28:40Z<p>David HK: /* Troubleshooting */</p>
<hr />
<div>[[Category:Virtual Private Network]]<br />
[[zh-CN:PPTP Server]]<br />
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.<br />
<br />
This entry will show you on how to create a PPTP server in Arch.<br />
<br />
==Installation==<br />
<br />
[[pacman|Install]] {{Pkg|pptpd}}, available in the [[Official Repositories]].<br />
<br />
==Configuration==<br />
<br />
Now, edit the file {{ic|/etc/pptpd.conf}}<br />
<br />
{{hc|/etc/pptpd.conf|<br />
option /etc/ppp/pptpd-options<br />
localip 172.16.36.1<br />
remoteip 172.16.36.2-254<br />
}}<br />
<br />
Now, edit the file {{ic|/etc/ppp/pptpd-options}}<br />
<br />
{{hc|/etc/ppp/pptpd-options|<br />
name pptpd<br />
refuse-pap<br />
refuse-chap<br />
refuse-mschap<br />
require-mschap-v2<br />
require-mppe-128<br />
proxyarp<br />
lock<br />
nobsdcomp<br />
novj<br />
novjccomp<br />
nologfd<br />
ms-dns 8.8.8.8<br />
ms-dns 8.8.4.4<br />
}}<br />
<br />
Now we must add my users & passwords in {{ic|/etc/ppp/chap-secrets}}<br />
{{hc|/etc/ppp/chap-secrets|<br />
<username> pptpd <password> *<br />
}}<br />
<br />
Now, enable IP Forwarding by editing {{ic|/etc/sysctl.conf}}<br />
<br />
{{hc|/etc/sysctl.conf|2=<br />
net.ipv4.ip_forward=1<br />
}}<br />
<br />
Now apply the changes made to sysctl.conf<br />
<br />
# sysctl -p<br />
<br />
===iptables firewall configuration===<br />
Configure your iptables settings to enable access for PPTP Clients<br />
<br />
{{bc|<br />
iptables -A INPUT -i ppp+ -j ACCEPT<br />
iptables -A OUTPUT -o ppp+ -j ACCEPT<br />
<br />
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT<br />
iptables -A INPUT -p 47 -j ACCEPT<br />
iptables -A OUTPUT -p 47 -j ACCEPT<br />
<br />
iptables -F FORWARD<br />
iptables -A FORWARD -j ACCEPT<br />
<br />
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE<br />
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE<br />
}}<br />
<br />
Now save the new iptables rules with:<br />
<br />
# rc.d save iptables<br />
<br />
For systemd users after editing the rules:<br />
<br />
# iptables-save > /etc/iptables/iptables.rules<br />
<br />
Read [[Iptables]] for more information.<br />
<br />
===ufw firewall configuration===<br />
Configure your ufw settings to enable access for PPTP Clients.<br />
<br />
You must change default forward policy in {{ic|/etc/default/ufw}}<br />
<br />
{{hc|/etc/default/ufw|2=<br />
DEFAULT_FORWARD_POLICY=”ACCEPT”<br />
}}<br />
<br />
Now change {{ic|/etc/ufw/before.rules}}, add following code after header and before *filter line<br />
<br />
{{hc|/etc/ufw/before.rules|<br />
# nat Table rules<br />
*nat<br />
:POSTROUTING ACCEPT [0:0]<br />
<br />
# Allow traffic from clients to eth0<br />
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j MASQUERADE<br />
<br />
# don.t delete the .COMMIT. line or these nat table rules won.t be processed<br />
COMMIT<br />
}}<br />
<br />
Open pptp port 1723<br />
<br />
{{bc|<br />
ufw allow 1723<br />
}}<br />
<br />
Restart ufw for good measure<br />
<br />
{{bc|<br />
ufw disable<br />
ufw enable<br />
}}<br />
<br />
==Start up==<br />
<br />
Now you can start your PPTP Server by this command and enjoy<br />
<br />
===Using initscript===<br />
<br />
# rc.d start pptpd<br />
<br />
'''You can use [http://dl.dropbox.com/u/17412056/pptpd.sh this script] to auto install pptpd server.'''<br />
<br />
===Using systemd===<br />
<br />
The service unit file is now provided with the pptpd package.<br />
<br />
Start the PPTP server.<br />
<br />
# systemctl start pptpd.service<br />
<br />
If you want to start your PPTP server while system startup, you could enable it in systemd.<br />
<br />
# systemctl enable pptpd.service<br />
<br />
==Troubleshooting==<br />
*If you keep getting error 619 on the client side, search for the '''logwtmp''' option in {{ic|/etc/pptpd.conf}} and comment it out. When this is enabled, wtmp will be used to record client connections and disconnections.<br />
#logwtmp<br />
<br />
*If you keep getting '''pptpd[xxxxx]: Long config file line ignored''' when checking status by "systemctl status pptpd", you need to add a blank line at the end of /etc/pptpd.conf.[http://sourceforge.net/p/poptop/bugs/35/]<br />
<br />
*If you keep getting '''ppp0: ppp: compressor dropped pkt''' when client connected into server, you need add the script following into '''/etc/ppp/ip-up.d/mppefixmtu.sh'''<br />
#!/bin/sh<br />
CURRENT_MTU="`ifconfig $1 | grep -Po '(?<=mtu )([0-9]+)'`"<br />
FIXED_MTU="`expr $CURRENT_MTU + 4`"<br />
ifconfig $1 mtu $FIXED_MTU<br />
After finish editing , do not forgot make it executable ('''chmod 770 /etc/ppp/ip-up.d/mppefixmtu.sh''').<br />
<br />
For reason of this issue refer this link: [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330973]</div>David HK