2003年05月21日

PPTPD draft notes

PPTP + MPPE on TrustedDebian draft notes

Andrew Lee alee at winklerpartners.com

PPTPD can make VPN easy for both UNIX and Windows users.

Here I just writen about how to setup pptpd on my TrustedDebian box, ABSOLUTELY NO WARRANTY, you should be able to setup the routing of vpn by yourself after you set pptpd up.

1) Install a new kerenl from kernel-source package with kernel-patch-mppe



[root]# apt-get install kernel-package kernel-patch-mppe kernel-source-2.4.20-1

[root]# cd /usr/src && tar xfj kernel-source-2.4.20.tar.bz2

[root]# cp /boot/config-2.4.20 .config

[root]# make oldconfig

Enable PPP_MPPE as a module


[root]# make-kpkg --append_to_version -mppe --bzimage --initrd   kernel-headers kernel-image

[root]# cd ..

[root]# dpkg -i kernel-headers-2.4.20-mppe_10.00.Custom_i386.deb   kernel-image-2.4.20-mppe_10.00.Custom_i386.deb

[root]# cat "alias ppp-compress-18 ppp_mppe" >> /etc/modutils/ppp

% I recommend to install grub instead lilo. %

2) Recompile a PPPD from source with mppe support

Download https://www.advancevpn.com/public/ppp-2.4.1.tar.gz
Download https://www.advancevpn.com/public/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz

If you would like have LDAP support, try this: Download ftp://kalamazoolinux.org/pub/projects/awilliam/pppd-ldap/ppp-2.4.1LDAP.tgz
and then



[root]# apt-get install libldap2-dev

Compile pppd with mppe support:


[root]# tar fxz ppp-2.4.1.tar.gz

[root]# cd ppp-2.4.1

[root]# zcat ../ppp-2.4.1-openssl-0.9.6-mppe-patch.gz | patch -p1

[root]# ./configure

Add IBM stack smashing protector & PaX address layout randomization to
pppd/Makefile:


-COPTS = -O2 -pipe -Wall -g

+COPTS = -O2 -pipe -Wall -g -fstack-protector -fPIC





[root]# make

[root]# cp /usr/sbin/pppd /usr/sbin/pppd.debian

[root]# dpkg-divert --divert /usr/sbin/pppd.debian /usr/sbin/pppd

[root]# cp pppd/pppd /usr/sbin/pppd

You might test the pppd with mppe support by


[root]# strings /usr/sbin/pppd|grep -i mppe|wc -l

3) Install and setup pptpd


[root]# apt-get install pptpd

Edit /etc/ppp/pptpd-options, change 'servername' first and then make it
looks like these:
        

auth

+chap

+chapms

+chapms-v2

mppe-128

mppe-stateless

ipcp-accept-local

ipcp-accept-remote

lcp-echo-failure 3

lcp-echo-interval 5

deflate 0

Put pdc's ip as wins ip.

Edit /etc/pptpd.conf to add localip and remoteip



localip 192.168.0.4

remoteip 192.168.0.96-99

Posted by Andrew at 2003年05月21日 14:22 | TrackBack
Comments

Hey thanks - this is just what I needed!

:)

Chris

Posted by: Chris at 2003年05月30日 06:49

i love it ! a great way to learn what has to be learned (make-kpkg espacially)
no blabla, only pure good juice
viva debian comuntiy

Posted by: stephane at 2004年04月22日 18:41
Post a comment









Remember personal info?