Difference between revisions of "PPTP server"

From ArchWiki
Jump to: navigation, search
(Configuring a PPTP Server in Arch Linux)
Line 7: Line 7:
 
</pre>
 
</pre>
  
Now, edit the file '''/etc/pptpd.conf''' to add
+
Now, edit the file '''/etc/pptpd.conf'''
  
 
<pre>
 
<pre>
Line 16: Line 16:
 
</pre>
 
</pre>
  
Now, edit the file '''/etc/ppp/options.pptp''' and add
+
Now, edit the file '''/etc/ppp/options.pptp'''
  
 
<pre>
 
<pre>
Line 41: Line 41:
 
</pre>
 
</pre>
  
Now, enable IP Forwarding by editing '''/etc/sysctl.conf''' and adding the line
+
Now, enable IP Forwarding by editing '''/etc/sysctl.conf'''
  
 
<pre>
 
<pre>

Revision as of 21:14, 8 May 2010

This entry will show you on how to create a PPTP server in Arch.

You will need two packages, the poptop server, and the ppp package.

pacman --sync pptpd ppp

Now, edit the file /etc/pptpd.conf

option /etc/ppp/options.pptp
listen 192.168.0.1 # IP Address of listening interface
localip 192.168.0.1 # local Server IP Address
remoteip 192.168.1.1-254 # Range of IP Addresses to be assigned to clients

Now, edit the file /etc/ppp/options.pptp

lock
name pptp
ms-dns <ip address> # primary DNS server ip address
ms-dns <ip address> # secondary DNS server ip address
+pap # for pap authentication
-chap # do not authenticate client using chap protocol

There are many more options which can be added to the options.pptp file, please refer to the man pages for help

if pap authentication is enabled, then edit the file /etc/ppp/pap-secrets to add the credentials of your users.

<username>     pptp     <password>

if chap authentication is used, edit the file /etc/ppp/chap-secrets

<username>     pptp     <password>   *

Now, enable IP Forwarding by editing /etc/sysctl.conf

net.ipv4.ip_forward=1

Configure your iptables settings to enable access for PPTP Clients

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT # pptp connects to port 1723
iptables -A INPUT -p 47 -j ACCEPT # all tunneling is performed using GRE Protocol

Once clients are successfully connected, they will show up as device names ppp0,ppp1,etc. To route the users so that they get internet activity, you can NAT them using iptables

iptables -t nat -A POSTROUTING -i ppp+ -j SNAT --to-source <outgoing interface ip address>

You now have a functioning PPTP Server.