Difference between revisions of "PPTP server"

From ArchWiki
Jump to: navigation, search
m ({{stub}})
Line 3: Line 3:
 
This entry will show you on how to create a PPTP server in Arch.
 
This entry will show you on how to create a PPTP server in Arch.
  
You will need two packages, the poptop server, and the ppp package.
+
We installed pptpd with :
  
 
<pre>
 
<pre>
pacman --sync pptpd ppp
+
pacman -S pptpd  
 
</pre>
 
</pre>
  
Line 12: Line 12:
  
 
<pre>
 
<pre>
option /etc/ppp/options.pptp
+
option /etc/ppp/pptpd-options
listen 192.168.0.1 # IP Address of listening interface
+
localip 172.16.36.1
localip 192.168.0.1 # local Server IP Address
+
remoteip 172.16.36.2-254
remoteip 192.168.1.1-254 # Range of IP Addresses to be assigned to clients
 
 
</pre>
 
</pre>
  
Now, edit the file '''/etc/ppp/options.pptp'''
+
Now, edit the file '''/etc/ppp/pptpd-options'''
  
 
<pre>
 
<pre>
 +
 +
name pptpd
 +
refuse-pap
 +
refuse-chap
 +
refuse-mschap
 +
require-mschap-v2
 +
require-mppe-128
 +
proxyarp
 
lock
 
lock
name pptp
+
nobsdcomp
ms-dns <ip address> # primary DNS server ip address
+
novj
ms-dns <ip address> # secondary DNS server ip address
+
novjccomp
+pap # for pap authentication
+
nologfd
-chap # do not authenticate client using chap protocol
+
ms-dns 8.8.8.8
 +
ms-dns 8.8.4.4
 
</pre>
 
</pre>
  
There are many more options which can be added to the options.pptp file, please refer to the man pages for help
+
Now we must add my users & passwords in " /etc/ppp/chap-secrets "
 +
<pre>
 +
<username>    pptp     <password>  *
 +
</pre>
  
if pap authentication is enabled, then edit the file '''/etc/ppp/pap-secrets''' to add the credentials of your users.
+
Now, enable IP Forwarding by editing '''/etc/sysctl.conf'''
  
 
<pre>
 
<pre>
<username>    pptp    <password>
+
net.ipv4.ip_forward=1
 
</pre>
 
</pre>
  
if chap authentication is used, edit the file '''/etc/ppp/chap-secrets'''
+
Configure your iptables settings to enable access for PPTP Clients
  
 
<pre>
 
<pre>
<username>    pptp    <password>  *
+
iptables -A INPUT -i ppp+ -j ACCEPT
 +
iptables -A OUTPUT -o ppp+ -j ACCEPT
 +
 
 +
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
 +
iptables -A INPUT -p 47 -j ACCEPT
 +
iptables -A OUTPUT -p 47 -j ACCEPT
 +
 
 +
iptables -F FORWARD
 +
iptables -A FORWARD -j ACCEPT
 +
 
 +
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
 +
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
 +
 
 
</pre>
 
</pre>
  
Now, enable IP Forwarding by editing '''/etc/sysctl.conf'''
+
If you want to have iptables in erver boot you must add them in "/etc/rc.local"
  
 
<pre>
 
<pre>
net.ipv4.ip_forward=1
+
iptables -A INPUT -i ppp+ -j ACCEPT
</pre>
+
iptables -A OUTPUT -o ppp+ -j ACCEPT
 +
 
 +
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
 +
iptables -A INPUT -p 47 -j ACCEPT
 +
iptables -A OUTPUT -p 47 -j ACCEPT
 +
 
 +
iptables -F FORWARD
 +
iptables -A FORWARD -j ACCEPT
 +
 
 +
iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
 +
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
  
Configure your iptables settings to enable access for PPTP Clients
+
echo 1 > /proc/sys/net/ipv4/ip_forward
  
<pre>
 
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT # pptp connects to port 1723
 
iptables -A INPUT -p 47 -j ACCEPT # all tunneling is performed using GRE Protocol
 
iptables -A FORWARD -i ppp+ -o <outgoing interface> -j ACCEPT # To allow clients to access internet when connected to vpn
 
 
</pre>
 
</pre>
  
Once clients are successfully connected, they will show up as device names ppp0,ppp1,etc. To route the users so that they get internet activity, you can NAT them using iptables
+
Now you can start your PPTP Server by this command and enjoy
  
 
<pre>
 
<pre>
iptables -t nat -A POSTROUTING -i ppp+ -j SNAT --to-source <outgoing interface ip address>
+
/etc/rc.d/pptpd start
 
</pre>
 
</pre>
  
 
You now have a functioning PPTP Server.
 
You now have a functioning PPTP Server.

Revision as of 16:49, 1 December 2010

Tango-document-new.pngThis article is a stub.Tango-document-new.png

Notes: please use the first argument of the template to provide more detailed indications. (Discuss in Talk:PPTP server#)

This entry will show you on how to create a PPTP server in Arch.

We installed pptpd with :

pacman  -S pptpd 

Now, edit the file /etc/pptpd.conf

option /etc/ppp/pptpd-options
localip 172.16.36.1
remoteip 172.16.36.2-254

Now, edit the file /etc/ppp/pptpd-options


name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now we must add my users & passwords in " /etc/ppp/chap-secrets "

<username>     pptp     <password>   *

Now, enable IP Forwarding by editing /etc/sysctl.conf

net.ipv4.ip_forward=1

Configure your iptables settings to enable access for PPTP Clients

iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT

iptables -F FORWARD
iptables -A FORWARD -j ACCEPT

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

If you want to have iptables in erver boot you must add them in "/etc/rc.local"

iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT

iptables -F FORWARD
iptables -A FORWARD -j ACCEPT

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

echo 1 > /proc/sys/net/ipv4/ip_forward

Now you can start your PPTP Server by this command and enjoy

/etc/rc.d/pptpd start

You now have a functioning PPTP Server.