https://wiki.archlinux.org/api.php?action=feedcontributions&user=Tonyseek&feedformat=atom
ArchWiki - User contributions [en]
2024-03-29T14:48:50Z
User contributions
MediaWiki 1.41.0
https://wiki.archlinux.org/index.php?title=PPTP_server&diff=221319
PPTP server
2012-09-03T17:21:57Z
<p>Tonyseek: /* Using systemd */ Fixed wrong script</p>
<hr />
<div>[[Category:Virtual Private Network]]<br />
[[zh-CN:PPTP Server]]<br />
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.<br />
<br />
This entry will show you on how to create a PPTP server in Arch.<br />
<br />
==Installation==<br />
<br />
[[pacman|Install]] {{Pkg|pptpd}}, available in the [[Official Repositories]].<br />
<br />
==Configuration==<br />
<br />
Now, edit the file '''/etc/pptpd.conf'''<br />
<br />
{{bc|<br />
option /etc/ppp/pptpd-options<br />
localip 172.16.36.1<br />
remoteip 172.16.36.2-254<br />
}}<br />
<br />
Now, edit the file '''/etc/ppp/pptpd-options'''<br />
<br />
{{bc|<br />
<br />
name pptpd<br />
refuse-pap<br />
refuse-chap<br />
refuse-mschap<br />
require-mschap-v2<br />
require-mppe-128<br />
proxyarp<br />
lock<br />
nobsdcomp<br />
novj<br />
novjccomp<br />
nologfd<br />
ms-dns 8.8.8.8<br />
ms-dns 8.8.4.4<br />
}}<br />
<br />
Now we must add my users & passwords in '''/etc/ppp/chap-secrets'''<br />
{{bc|<br />
<username> pptpd <password> *<br />
}}<br />
<br />
Now, enable IP Forwarding by editing '''/etc/sysctl.conf'''<br />
<br />
{{bc|1=<br />
net.ipv4.ip_forward=1<br />
}}<br />
<br />
Now apply the changes made to sysctl.conf<br />
<br />
# sysctl -p<br />
<br />
===iptables firewall configuration===<br />
Configure your iptables settings to enable access for PPTP Clients<br />
<br />
{{bc|<br />
iptables -A INPUT -i ppp+ -j ACCEPT<br />
iptables -A OUTPUT -o ppp+ -j ACCEPT<br />
<br />
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT<br />
iptables -A INPUT -p 47 -j ACCEPT<br />
iptables -A OUTPUT -p 47 -j ACCEPT<br />
<br />
iptables -F FORWARD<br />
iptables -A FORWARD -j ACCEPT<br />
<br />
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE<br />
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE<br />
}}<br />
<br />
Now save the new iptables rules with:<br />
<br />
# rc.d save iptables<br />
<br />
Read [[Iptables]] for more information.<br />
<br />
===ufw firewall configuration===<br />
Configure your ufw settings to enable access for PPTP Clients.<br />
<br />
You must change default forward policy in '''/etc/default/ufw'''<br />
<br />
{{bc|1=<br />
DEFAULT_FORWARD_POLICY=”ACCEPT”<br />
}}<br />
<br />
Now change '''/etc/ufw/before.rules''', add following code after header and before *filter line<br />
<br />
{{bc|<br />
# nat Table rules<br />
*nat<br />
:POSTROUTING ACCEPT [0:0]<br />
<br />
# Allow traffic from clients to eth0<br />
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j MASQUERADE<br />
<br />
# don.t delete the .COMMIT. line or these nat table rules won.t be processed<br />
COMMIT<br />
}}<br />
<br />
Open pptp port 1723<br />
<br />
{{bc|<br />
ufw allow 1723<br />
}}<br />
<br />
Restart ufw for good measure<br />
<br />
{{bc|<br />
ufw disable<br />
ufw enable<br />
}}<br />
<br />
==Start up==<br />
<br />
Now you can start your PPTP Server by this command and enjoy<br />
<br />
===Using initscript===<br />
<br />
# rc.d start pptpd<br />
<br />
'''You can use [http://dl.dropbox.com/u/17412056/pptpd.sh this script] to auto install pptpd server.'''<br />
<br />
===Using systemd===<br />
<br />
Add a service unit file.<br />
<br />
# touch /usr/lib/systemd/system/pptpd.service<br />
# vim /usr/lib/systemd/system/pptpd.service<br />
<br />
{{bc|1=<br />
[Unit]<br />
Description=PPTP Server<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/usr/sbin/pptpd -c /etc/pptpd.conf -p /var/run/pptpd.pid -f<br />
StandardOutput=null<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Reload the systemd and start PPTP server.<br />
<br />
# systemctl daemon-reload<br />
# systemctl start pptpd.service<br />
<br />
If you want to start your PPTP server while system startup, you could enable it in systemd.<br />
<br />
# systemctl enable pptpd.service<br />
<br />
==Troubleshooting==<br />
If you keep getting error 619 on the client side, search for the '''logwtmp''' option in {{ic|/etc/pptpd.conf}} and comment it out. When this is enabled, wtmp will be used to record client connections and disconnections.<br />
#logwtmp</div>
Tonyseek
https://wiki.archlinux.org/index.php?title=PPTP_server&diff=221240
PPTP server
2012-09-03T04:30:47Z
<p>Tonyseek: Add a guide for systemd users</p>
<hr />
<div>[[Category:Virtual Private Network]]<br />
[[zh-CN:PPTP Server]]<br />
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.<br />
<br />
This entry will show you on how to create a PPTP server in Arch.<br />
<br />
==Installation==<br />
<br />
[[pacman|Install]] {{Pkg|pptpd}}, available in the [[Official Repositories]].<br />
<br />
==Configuration==<br />
<br />
Now, edit the file '''/etc/pptpd.conf'''<br />
<br />
{{bc|<br />
option /etc/ppp/pptpd-options<br />
localip 172.16.36.1<br />
remoteip 172.16.36.2-254<br />
}}<br />
<br />
Now, edit the file '''/etc/ppp/pptpd-options'''<br />
<br />
{{bc|<br />
<br />
name pptpd<br />
refuse-pap<br />
refuse-chap<br />
refuse-mschap<br />
require-mschap-v2<br />
require-mppe-128<br />
proxyarp<br />
lock<br />
nobsdcomp<br />
novj<br />
novjccomp<br />
nologfd<br />
ms-dns 8.8.8.8<br />
ms-dns 8.8.4.4<br />
}}<br />
<br />
Now we must add my users & passwords in '''/etc/ppp/chap-secrets'''<br />
{{bc|<br />
<username> pptpd <password> *<br />
}}<br />
<br />
Now, enable IP Forwarding by editing '''/etc/sysctl.conf'''<br />
<br />
{{bc|1=<br />
net.ipv4.ip_forward=1<br />
}}<br />
<br />
Now apply the changes made to sysctl.conf<br />
<br />
# sysctl -p<br />
<br />
===iptables firewall configuration===<br />
Configure your iptables settings to enable access for PPTP Clients<br />
<br />
{{bc|<br />
iptables -A INPUT -i ppp+ -j ACCEPT<br />
iptables -A OUTPUT -o ppp+ -j ACCEPT<br />
<br />
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT<br />
iptables -A INPUT -p 47 -j ACCEPT<br />
iptables -A OUTPUT -p 47 -j ACCEPT<br />
<br />
iptables -F FORWARD<br />
iptables -A FORWARD -j ACCEPT<br />
<br />
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE<br />
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE<br />
}}<br />
<br />
Now save the new iptables rules with:<br />
<br />
# rc.d save iptables<br />
<br />
Read [[Iptables]] for more information.<br />
<br />
===ufw firewall configuration===<br />
Configure your ufw settings to enable access for PPTP Clients.<br />
<br />
You must change default forward policy in '''/etc/default/ufw'''<br />
<br />
{{bc|1=<br />
DEFAULT_FORWARD_POLICY=”ACCEPT”<br />
}}<br />
<br />
Now change '''/etc/ufw/before.rules''', add following code after header and before *filter line<br />
<br />
{{bc|<br />
# nat Table rules<br />
*nat<br />
:POSTROUTING ACCEPT [0:0]<br />
<br />
# Allow traffic from clients to eth0<br />
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j MASQUERADE<br />
<br />
# don.t delete the .COMMIT. line or these nat table rules won.t be processed<br />
COMMIT<br />
}}<br />
<br />
Open pptp port 1723<br />
<br />
{{bc|<br />
ufw allow 1723<br />
}}<br />
<br />
Restart ufw for good measure<br />
<br />
{{bc|<br />
ufw disable<br />
ufw enable<br />
}}<br />
<br />
==Start up==<br />
<br />
Now you can start your PPTP Server by this command and enjoy<br />
<br />
===Using initscript===<br />
<br />
# rc.d start pptpd<br />
<br />
'''You can use [http://dl.dropbox.com/u/17412056/pptpd.sh this script] to auto install pptpd server.'''<br />
<br />
===Using systemd===<br />
<br />
Add a service unit file.<br />
<br />
# touch /usr/lib/systemd/system/pptpd.service<br />
# vim /usr/lib/systemd/system/pptpd.service<br />
<br />
{{bc|1=<br />
[Unit]<br />
Description=PPTP Server<br />
After=network.target<br />
<br />
[Service]<br />
ExecStart=/usr/sbin/pptpd -c /etc/pptpd.conf -p /var/run/pptpd.pid<br />
StandardOutput=null<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
}}<br />
<br />
Reload the systemd and start PPTP server.<br />
<br />
# systemctl daemon-reload<br />
# systemctl start pptpd.service<br />
<br />
If you want to start your PPTP server while system startup, you could enable it in systemd.<br />
<br />
# systemctl enable pptpd.service<br />
<br />
==Troubleshooting==<br />
If you keep getting error 619 on the client side, search for the '''logwtmp''' option in {{ic|/etc/pptpd.conf}} and comment it out. When this is enabled, wtmp will be used to record client connections and disconnections.<br />
#logwtmp</div>
Tonyseek