RedHat8PptpServer

Note: You are viewing an old revision of this page. View the current version.

work in progress - not sure if this is all right yet...

  • install kernel-source rpm
  • install ppp-2.4.1-7 rpm

This is a weird one. I think you really need a ppp with the microsoft stuff built in. Use this one: ppp-2.4.2 rpm or this one: ppp 2.4.1-mppe. I used the latter.

ppp version 2.4.2 and later includes the microsoft auth/encryption parts by default.

The failure if you forget to install a good ppp is something like this in your syslog:

pptpd[2418]: GRE: read(fd=5,buffer=804d720,len=8196) from PTY failed: status = -1 error = Input/output error
pptpd[2418]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)

key troubleshooting tip: start pptpd with the -f switch to keep it in the foreground, then try making your vpn connection. You will see messages from pppd like "unknown protocol chapms-v2". That seems to be the only way to catch this screwup.

  • install pptp-1.1.3-4 rpm from www.poptop.org
  • download kernelmod-0.6.tar.gz from http://www.poptop.org
  • run kernelmod to build a patched ppp module w/ ms encryption stuff:
# kernelmod.sh -k /usr/src/linux-2.4
  • modprobe new ppp_generic, ppp_async, and ppp_mppe modules to test them, they should load w/o errors.
  • Add the following to /etc/modules:
alias ppp ppp_generic
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias net-pf-47 ip_gre
  • edit /etc/pptpd.conf:
option /etc/ppp/options.pptpd
debug
localip 192.168.14.100
remoteip 192.168.14.101-120
  • edit /etc/ppp/options.pppd:
lock
debug
nobsdcomp
proxyarp
chapms-strip-domain patch
chapms-strip-domain
-chap
-chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
  • edit /etc/ppp/chap-secrets:
# client        server  secret                  IP addresses
user1           *       password                192.168.14.101
user2           *       password                192.168.14.102
  • Add firewall rules to allow gre and pptp control traffic for the vpn:
iptables -t filter -P FORWARD DROP
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -d 192.168.14.0/24 -j ACCECPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT

I had to add the following, not sure if it's just due to my specific setup:

iptables -A INPUT -s 192.168.14.0/24 -d 192.168.14.0/24 -j ACCEPT
  • Save firewall rules (not sure if this is right)
# /sbin/iptables-save >/etc/sysconfig/iptables
  • Start pptp server
# service pptpd start

I think you have to disable NetBEUI on the Windows client machine, otherwise it will report "error 733". TCP/IP still works fine, this is just a cosmetic issue.

  • This link looks like a great RedHat 8.0 pptpd howto doc.

Issues

I don't have WINS working right on the client end, so I have to specify server machines by IP address instead of windows networking names, i.e. urns like
192.168.14.100\tmp.

Our Founder
ToolboxClick to hide/show