Difference between revisions of "PPTP server"
m (Added how to fix a common error 619) |
Spider.007 (talk | contribs) (→Troubleshooting: Fixed CURRENT calculation too (now using 'ip link) |
||
(11 intermediate revisions by 8 users not shown) | |||
Line 1: | Line 1: | ||
[[Category:Virtual Private Network]] | [[Category:Virtual Private Network]] | ||
− | + | [[zh-CN:PPTP Server]] | |
− | |||
The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. | The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets. | ||
Line 12: | Line 11: | ||
==Configuration== | ==Configuration== | ||
− | Now, edit the file | + | Now, edit the file {{ic|/etc/pptpd.conf}} |
− | {{ | + | {{hc|/etc/pptpd.conf| |
option /etc/ppp/pptpd-options | option /etc/ppp/pptpd-options | ||
localip 172.16.36.1 | localip 172.16.36.1 | ||
Line 20: | Line 19: | ||
}} | }} | ||
− | Now, edit the file | + | Now, edit the file {{ic|/etc/ppp/pptpd-options}} |
− | |||
− | |||
+ | {{hc|/etc/ppp/pptpd-options| | ||
name pptpd | name pptpd | ||
refuse-pap | refuse-pap | ||
Line 40: | Line 38: | ||
}} | }} | ||
− | Now we must add my users & passwords in | + | Now we must add my users & passwords in {{ic|/etc/ppp/chap-secrets}} |
− | {{ | + | {{hc|/etc/ppp/chap-secrets| |
<username> pptpd <password> * | <username> pptpd <password> * | ||
}} | }} | ||
− | Now, enable IP Forwarding by editing | + | Now, enable IP Forwarding by editing {{ic|/etc/sysctl.conf}} |
− | {{ | + | {{hc|/etc/sysctl.conf|2= |
net.ipv4.ip_forward=1 | net.ipv4.ip_forward=1 | ||
}} | }} | ||
Line 76: | Line 74: | ||
# rc.d save iptables | # rc.d save iptables | ||
+ | |||
+ | For systemd users after editing the rules: | ||
+ | |||
+ | # iptables-save > /etc/iptables/iptables.rules | ||
Read [[Iptables]] for more information. | Read [[Iptables]] for more information. | ||
Line 82: | Line 84: | ||
Configure your ufw settings to enable access for PPTP Clients. | Configure your ufw settings to enable access for PPTP Clients. | ||
− | You must change default forward policy in | + | You must change default forward policy in {{ic|/etc/default/ufw}} |
− | {{ | + | {{hc|/etc/default/ufw|2= |
DEFAULT_FORWARD_POLICY=”ACCEPT” | DEFAULT_FORWARD_POLICY=”ACCEPT” | ||
}} | }} | ||
− | Now change | + | Now change {{ic|/etc/ufw/before.rules}}, add following code after header and before *filter line |
− | {{ | + | {{hc|/etc/ufw/before.rules| |
# nat Table rules | # nat Table rules | ||
*nat | *nat | ||
Line 118: | Line 120: | ||
Now you can start your PPTP Server by this command and enjoy | Now you can start your PPTP Server by this command and enjoy | ||
+ | |||
+ | ===Using initscript=== | ||
# rc.d start pptpd | # rc.d start pptpd | ||
'''You can use [http://dl.dropbox.com/u/17412056/pptpd.sh this script] to auto install pptpd server.''' | '''You can use [http://dl.dropbox.com/u/17412056/pptpd.sh this script] to auto install pptpd server.''' | ||
+ | |||
+ | ===Using systemd=== | ||
+ | |||
+ | The service unit file is now provided with the pptpd package. | ||
+ | |||
+ | Start the PPTP server. | ||
+ | |||
+ | # systemctl start pptpd.service | ||
+ | |||
+ | If you want to start your PPTP server while system startup, you could enable it in systemd. | ||
+ | |||
+ | # systemctl enable pptpd.service | ||
==Troubleshooting== | ==Troubleshooting== | ||
− | If you keep getting error 619 on the client side, search for the '''logwtmp''' option in {{ic|/etc/pptpd.conf}} and comment it out. When this is enabled, wtmp will be used to record client connections and disconnections. | + | *If you keep getting error 619 on the client side, search for the '''logwtmp''' option in {{ic|/etc/pptpd.conf}} and comment it out. When this is enabled, wtmp will be used to record client connections and disconnections. |
#logwtmp | #logwtmp | ||
+ | |||
+ | *If you keep getting '''pptpd[xxxxx]: Long config file line ignored''' when checking status by "systemctl status pptpd", you need to add a blank line at the end of /etc/pptpd.conf.[http://sourceforge.net/p/poptop/bugs/35/] | ||
+ | |||
+ | *If you keep getting '''ppp0: ppp: compressor dropped pkt''' when client connected into server, you need add the script following into '''/etc/ppp/ip-up.d/mppefixmtu.sh''' | ||
+ | #!/bin/sh | ||
+ | CURRENT_MTU="`ip link show $1 | grep -Po '(?<=mtu )([0-9]+)'`" | ||
+ | FIXED_MTU="`expr $CURRENT_MTU + 4`" | ||
+ | ip link set $1 mtu $FIXED_MTU | ||
+ | |||
+ | After finish editing , do not forgot make it executable ('''chmod 770 /etc/ppp/ip-up.d/mppefixmtu.sh'''). | ||
+ | |||
+ | For reason of this issue refer this link: [http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330973] |
Revision as of 13:41, 23 September 2013
zh-CN:PPTP Server The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
This entry will show you on how to create a PPTP server in Arch.
Contents
Installation
Install pptpd, available in the Official Repositories.
Configuration
Now, edit the file /etc/pptpd.conf
/etc/pptpd.conf
option /etc/ppp/pptpd-options localip 172.16.36.1 remoteip 172.16.36.2-254
Now, edit the file /etc/ppp/pptpd-options
/etc/ppp/pptpd-options
name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 proxyarp lock nobsdcomp novj novjccomp nologfd ms-dns 8.8.8.8 ms-dns 8.8.4.4
Now we must add my users & passwords in /etc/ppp/chap-secrets
/etc/ppp/chap-secrets
<username> pptpd <password> *
Now, enable IP Forwarding by editing /etc/sysctl.conf
/etc/sysctl.conf
net.ipv4.ip_forward=1
Now apply the changes made to sysctl.conf
# sysctl -p
iptables firewall configuration
Configure your iptables settings to enable access for PPTP Clients
iptables -A INPUT -i ppp+ -j ACCEPT iptables -A OUTPUT -o ppp+ -j ACCEPT iptables -A INPUT -p tcp --dport 1723 -j ACCEPT iptables -A INPUT -p 47 -j ACCEPT iptables -A OUTPUT -p 47 -j ACCEPT iptables -F FORWARD iptables -A FORWARD -j ACCEPT iptables -A POSTROUTING -t nat -o eth0 -j MASQUERADE iptables -A POSTROUTING -t nat -o ppp+ -j MASQUERADE
Now save the new iptables rules with:
# rc.d save iptables
For systemd users after editing the rules:
# iptables-save > /etc/iptables/iptables.rules
Read Iptables for more information.
ufw firewall configuration
Configure your ufw settings to enable access for PPTP Clients.
You must change default forward policy in /etc/default/ufw
/etc/default/ufw
DEFAULT_FORWARD_POLICY=”ACCEPT”
Now change /etc/ufw/before.rules
, add following code after header and before *filter line
/etc/ufw/before.rules
# nat Table rules *nat :POSTROUTING ACCEPT [0:0] # Allow traffic from clients to eth0 -A POSTROUTING -s 172.16.36.0/24 -o eth0 -j MASQUERADE # don.t delete the .COMMIT. line or these nat table rules won.t be processed COMMIT
Open pptp port 1723
ufw allow 1723
Restart ufw for good measure
ufw disable ufw enable
Start up
Now you can start your PPTP Server by this command and enjoy
Using initscript
# rc.d start pptpd
You can use this script to auto install pptpd server.
Using systemd
The service unit file is now provided with the pptpd package.
Start the PPTP server.
# systemctl start pptpd.service
If you want to start your PPTP server while system startup, you could enable it in systemd.
# systemctl enable pptpd.service
Troubleshooting
- If you keep getting error 619 on the client side, search for the logwtmp option in
/etc/pptpd.conf
and comment it out. When this is enabled, wtmp will be used to record client connections and disconnections.
#logwtmp
- If you keep getting pptpd[xxxxx]: Long config file line ignored when checking status by "systemctl status pptpd", you need to add a blank line at the end of /etc/pptpd.conf.[1]
- If you keep getting ppp0: ppp: compressor dropped pkt when client connected into server, you need add the script following into /etc/ppp/ip-up.d/mppefixmtu.sh
#!/bin/sh CURRENT_MTU="`ip link show $1 | grep -Po '(?<=mtu )([0-9]+)'`" FIXED_MTU="`expr $CURRENT_MTU + 4`" ip link set $1 mtu $FIXED_MTU
After finish editing , do not forgot make it executable (chmod 770 /etc/ppp/ip-up.d/mppefixmtu.sh).
For reason of this issue refer this link: [2]