Difference between revisions of "PPTP server"

From ArchWiki
Jump to: navigation, search
m (<pre> -> bc)
(added ufw configuration part)
Line 40: Line 40:
 
}}
 
}}
  
Now we must add my users & passwords in "/etc/ppp/chap-secrets"
+
Now we must add my users & passwords in '''/etc/ppp/chap-secrets'''
 
{{bc|
 
{{bc|
 
<username>    pptpd    <password>  *
 
<username>    pptpd    <password>  *
 
}}
 
}}
  
Now, enable IP Forwarding by editing "/etc/sysctl.conf"
+
Now, enable IP Forwarding by editing '''/etc/sysctl.conf'''
  
 
{{bc|1=
 
{{bc|1=
Line 55: Line 55:
 
  # sysctl -p
 
  # sysctl -p
  
 +
===iptables firewall configuration===
 
Configure your iptables settings to enable access for PPTP Clients
 
Configure your iptables settings to enable access for PPTP Clients
  
Line 77: Line 78:
  
 
Read [[Iptables]] for more information.
 
Read [[Iptables]] for more information.
 +
 +
===ufw firewall configuration===
 +
Configure your ufw settings to enable access for PPTP Clients.
 +
 +
You must change default forward policy in '''/etc/default/ufw'''
 +
 +
{{bc|1=
 +
DEFAULT_FORWARD_POLICY=”ACCEPT”
 +
}}
 +
 +
Now change '''/etc/ufw/before.rules''', add following code after header and before *filter line
 +
 +
{{bc|
 +
# nat Table rules
 +
*nat
 +
:POSTROUTING ACCEPT [0:0]
 +
 +
# Allow traffic from clients to eth0
 +
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j MASQUERADE
 +
 +
# don.t delete the .COMMIT. line or these nat table rules won.t be processed
 +
COMMIT
 +
}}
 +
 +
Open pptp port 1723
 +
 +
{{bc|
 +
ufw allow 1723
 +
}}
 +
 +
Restart ufw for good measure
 +
 +
{{bc|
 +
ufw reset
 +
}}
 +
 +
==Start up==
  
 
Now you can start your PPTP Server by this command and enjoy
 
Now you can start your PPTP Server by this command and enjoy

Revision as of 17:55, 7 April 2012

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.

Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.

This entry will show you on how to create a PPTP server in Arch.

Installation

Install pptpd, available in the Official Repositories.

Configuration

Now, edit the file /etc/pptpd.conf 

option /etc/ppp/pptpd-options
localip 172.16.36.1
remoteip 172.16.36.2-254

Now, edit the file /etc/ppp/pptpd-options 


name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
lock
nobsdcomp
novj
novjccomp
nologfd
ms-dns 8.8.8.8
ms-dns 8.8.4.4

Now we must add my users & passwords in /etc/ppp/chap-secrets 

<username>     pptpd     <password>   *

Now, enable IP Forwarding by editing /etc/sysctl.conf 

net.ipv4.ip_forward=1

Now apply the changes made to sysctl.conf 

# sysctl -p

iptables firewall configuration

Configure your iptables settings to enable access for PPTP Clients 

iptables -A INPUT -i ppp+ -j ACCEPT
iptables -A OUTPUT -o ppp+ -j ACCEPT

iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT

iptables -F FORWARD
iptables -A FORWARD -j ACCEPT

iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE
iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE

Now save the new iptables rules with: 

# rc.d save iptables

Read Iptables for more information.

ufw firewall configuration

Configure your ufw settings to enable access for PPTP Clients.

You must change default forward policy in /etc/default/ufw 

DEFAULT_FORWARD_POLICY=”ACCEPT”

Now change /etc/ufw/before.rules, add following code after header and before *filter line 

# nat Table rules
*nat
:POSTROUTING ACCEPT [0:0]

# Allow traffic from clients to eth0
-A POSTROUTING -s 172.16.36.0/24 -o eth0 -j MASQUERADE

# don.t delete the .COMMIT. line or these nat table rules won.t be processed
COMMIT

Open pptp port 1723 

ufw allow 1723

Restart ufw for good measure 

ufw reset

Start up

Now you can start your PPTP Server by this command and enjoy 

# rc.d start pptpd

You can use this script to auto install pptpd server

Retrieved from "https://wiki.archlinux.org/index.php?title=PPTP_server&oldid=193172"