Difference between revisions of "PPTP Client"

From ArchWiki
Jump to navigation Jump to search
(Added a sample connect daemon)
m (Aded how password are found and that PPTP is used in chap-secrets.)
Line 33: Line 33:
  
 
<pre>
 
<pre>
<DOMAIN>\\<USERNAME> pptpd <PASSWORD> *
+
<DOMAIN>\\<USERNAME> PPTP <PASSWORD> *
 
</pre>
 
</pre>
  
Line 39: Line 39:
  
 
<pre>
 
<pre>
<USERNAME> pptpd <PASSWORD> *
+
<USERNAME> PPTP <PASSWORD> *
 
</pre>
 
</pre>
  
Line 58: Line 58:
  
 
{{Note|As before, if your connection does not require a domain, omit "<DOMAIN>\\" from the file you create}}
 
{{Note|As before, if your connection does not require a domain, omit "<DOMAIN>\\" from the file you create}}
 +
 +
{{Note|remotename, PPTP is used to find <PASSWORD> in the Chap-Secrets File.}}
  
 
Where <SERVER> the remote address of the VPN server, <DOMAIN> is the domain your user belongs to, <USERNAME> is the name you will use to connect to the server, and <TUNNEL> is the name of the connection.
 
Where <SERVER> the remote address of the VPN server, <DOMAIN> is the domain your user belongs to, <USERNAME> is the name you will use to connect to the server, and <TUNNEL> is the name of the connection.

Revision as of 15:37, 14 June 2011

pptpclient is a program implementing the Microsoft PPTP protocol. As such, it can be used to connect to a Microsoft VPN network provided by a school or workplace.

Installing PPTPClient

pptpclient is provided by the pptpclient package and can be installed by running:

# pacman -S pptpclient

Configure

To configure pptpclient you will need to collect the following information from your network administrator:

  • The IP or hostname of the VPN server
  • The name you wish to use for the tunnel.
  • The authentication (Windows) domain name. This is not provided or needed for certain networks.
  • The username you will use to connect.
  • The password you will use to connect.

Edit The Options File

With your favorite text editor open /etc/ppp/options.pptp. This file enables a lot of security for your VPN connection by default. If you have trouble connecting to your network, you can relax the options down. At minimum, your options.pptp file should contain:

lock
noauth
nobsdcomp
nodeflate

Edit the Chap-Secrets File

Next, open or create the /etc/ppp/chap-secrets file. We will be storing your password in this file, so make sure that the permissions are set such that no-one besides root can read this file. The file should have the following format:

<DOMAIN>\\<USERNAME> PPTP <PASSWORD> *

Or, if your connection does not require a domain:

<USERNAME> PPTP <PASSWORD> *

Simply replace each bracketed term in the samples with the appropriate value. Note that if your password contains a special character such as "$" you should place the password in double-quotes.

Name Your Tunnel

With your favorite text editor create a /etc/ppp/peers/<TUNNEL> file, where <TUNNEL> is the name you wish to use for your VPN connection. The file should look like this:

pty "pptp <SERVER> --nolaunchpppd"
name <DOMAIN>\\<USERNAME>
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam <TUNNEL>
Note: As before, if your connection does not require a domain, omit "<DOMAIN>\\" from the file you create
Note: remotename, PPTP is used to find <PASSWORD> in the Chap-Secrets File.

Where <SERVER> the remote address of the VPN server, <DOMAIN> is the domain your user belongs to, <USERNAME> is the name you will use to connect to the server, and <TUNNEL> is the name of the connection.

Note: If you do not need MPPE support, you should remove the require-mppe-128 option from this file and from /etc/ppp/options.pptp

Making Your Connection

To make sure that everything is configured properly, as root execute:

# pon $TUNNEL debug dump logfd 2 nodetach

If everything has been configured correctly, the pon command should not terminate. Once you are satisfied that it has connected to can terminate the command.

Note: As an additional verification you can run ifconfig -a and ensure that a new device ppp0 is available

To connect to your tunnel normally, simply execute:

# pon <TUNNEL>

Where <TUNNEL> is the name of the tunnel you established earlier. Note that this command should be run as root.

Routing

Once you have connected to your VPN you should be able to interact with anything available on the VPN server. To access anything on the remote network, you need to add a new route to your routing table.

Note: Depending on your configuration you may need to re-add the routing information every time you connect to your VPN

For more information on how add routes you can read this article, which has many more examples: PPTP Routing Howto

Selective Routing

For me, packets with a destination of my VPN's network should be routed through the VPN connection. To do this you create the route:

# route add -net 192.168.10.0 netmask 255.255.255.0 dev ppp0

This will route all the traffic with the destination of 192.168.10.xxx through your VPN connection.

Route All Traffic

It may be desirable to route all traffic through your VPN connection. You can do this by running:

# route add default dev ppp0
Note: Routing all traffic through the VPN can result in slower over all connection speed

Disconnecting

To disconnect from your VPN simply execute:

# poff <TUNNEL>

Where <TUNNEL> is the name of your connection.

Making A VPN Daemon and Connecting On Boot

You can create a simple daemon for your VPN connection by creating an appropriate rc.d script:

Note: As always <TUNNEL> is the name of your tunnel. <ROUTING COMMAND> is the command you use to add the appropriate route to the route table.
#!/bin/bash

. /etc/rc.conf
. /etc/rc.d/functions

DAEMON=<TUNNEL>-vpn
ARGS=

[ -r /etc/conf.d/$DAEMON ] && . /etc/conf.d/$DAEMON


case "$1" in
 start)
   stat_busy "Starting $DAEMON"
   pon <TUNNEL> updetach persist &> /dev/null && <ROUTING COMMAND> &>/dev/null
   if [ $? = 0 ]; then
     add_daemon $DAEMON
     stat_done
   else
     stat_fail
     exit 1
   fi
   ;;
 stop)
   stat_busy "Stopping $DAEMON"
   poff MST &>/dev/null
   if [ $? = 0 ]; then
     rm_daemon $DAEMON
     stat_done
   else
     stat_fail
     exit 1
   fi
   ;;
 restart)
   $0 stop
   sleep 1
   $0 start
   ;;
 *)
   echo "usage: $0 {start|stop|restart}"  
esac


Note that we call pon in the script with two additional commands: updetach and persist. The argument updetach makes pon block until the connection has been established. The other argument persist, makes the network automatically reconnect in the event of a failure. To connect at boot add @<TUNNEL>-vpn to the end of your DAEMONS array in rc.conf.

Remarks

You can find more information about configuring pptpclient at their website: pptpclient website. The contents of this article where adapted from their Ubuntu How-To which also provides some hints on how to do things such as connecting on boot. These examples should be easy to adapt into daemons or other scripts to help automate your configuration.