Poptop (PPTP VPN Server)

Poptop (PPTP VPN Server)

Abstract:

Poptop is the PPTP server for Linux. It is an open-source software to allow remote users to securely and inexpensively access their corporate network from anywhere on the internet. It has an additional advantage over other VPN technologies of being easy to setup.

Installation and Configuration

1. Download source distribution from

#wget http://sourceforge.net/projects/poptop/files/latest/download?source=files

1. Extract and change directory to extracted dir.

# tar xfvz pptpd-1.3.4.tar.gz

# cd pptpd-1.3.4

1. Configure release, build, then install

# ./configure

# make && make install

2. Copy samples configuration files:

# cp  pptpd-1.3.4/samples/pptpd.conf /etc/

# cp  pptpd-1.3.4/samples/options.pptpd /etc/ppp/

3. Modify pptpd.conf:

# vi pptpd.conf

    uncomment lines (if commented)

option /etc/ppp/options.pptpd

debug

2. Add to end of file:

localip 172.16.0.100-200

remoteip 172.16.1.100-200

6. Add appropriate usernames and password

# vi /etc/ppp/chap-secrets

Start daemon

# pptpd -d

Verify running process

# ps aux | grep pptpd

9. Insert rule to iptables script to open port for pptpd. Make sure to place it before any rule having DROP target

10. enable ip forwarding and add in /etc/rc.local or sysctl.conf:

# echo 1 > /proc/sys/net/ipv4/ip_forward

11. Verify daemon can be accessed anywhere:

# netstat -nlptu | grep pptpd

tcp 0 0 0.0.0.0:1723 0.0.0.0:* LISTEN 3551/ pptp

Testing:

On Windows Client:

1. Click Start > Connect To > Show All Connections
2. Select New Connection Wizard > Next > Connect to the network at my workplace > Virtual Private Network connection
3. Specify Company Name > Do not dial the initial connection > Specify hostname of pptp vpn server > Finish
4. Right click create connection then select Properties > Security tab
5. Choose Advanced(custom settings) the click Settings button
6. On Data encryption dropdown box, select Maximum strength encryption
7. Choose Networking Tab
8. In Type of VPN select PPTP VPN > OK

Additional ——Actual Deployment

we had installed and configured 2 pptp vpn on cn139

——for om cs test using

(pls fill up the important information below)

1. config file:

-options.pptpd located at /etc/ppp/options.pptpd

ms-dns 221.12.33.228

ms-dns 8.8.8.8

-pptpd.conf located at /etc/pptpd.conf

option /etc/ppp/options.pptpd debug

bcrelay eth1

localip 172.16.1.1-10

remoteip 172.16.1.100-200

-chap-secrets　located at /etc/ppp/chap-secrets

1. available account Existing accounts:

2. how to add a new account

edit the chap-secrets file and follow the pattern:
username server (pptpd) secret (password) IPaddress (*)  

 VPNuser pptpd vpnpasswd *

　

-newaccount.sh & rand.sh located at /bak/bin/

functions:　《见附B》

newaccount.sh - generates accounts and email them with passwords that has random values rand.sh - generates random values

2. crontab of account changed weekly

59 23 * * 0 /bak/bin/newaccount.sh 2>&1

*removes all existing accounts and generates new value every Sunday

附A：故障排除

如果撥號時提示錯誤619，可以先輸入下列指令試試看

rm -rf /dev/ppp

mknod /dev/ppp c 108 0

重启pptpd。還是不行的話再編輯pptpd.conf

vi /etc/pptpd.conf

將logwtmp加上註解：

#logwtmp

最後在重新啟動PPTPD就應該正常了。

附B：