RedHat8PptpServer

Note: You are viewing an old revision of this page. View the current version.

work in progress - not sure if this is all right yet...

  • install kernel-source rpm
  • install ppp-2.4.1-7 rpm

This is a weird one. I think you really need a ppp with the microsoft stuff built in. Use this one: ppp-2.4.2 rpm or this one: ppp 2.4.1-mppe. I used the latter.

ppp version 2.4.2 and later includes the microsoft auth/encryption parts by default.

The failure if you forget to install a good ppp is something like this in your syslog:

pptpd[2418]: GRE: read(fd=5,buffer=804d720,len=8196) from PTY failed: status = -1 error = Input/output error
pptpd[2418]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)

key troubleshooting tip: start pptpd with the -f switch to keep it in the foreground, then try making your vpn connection. You will see messages from pppd like "unknown protocol chapms-v2". That seems to be the only way to catch this screwup.

  • install pptp-1.1.3-4 rpm from www.poptop.org
  • download kernelmod-0.6.tar.gz from http://www.poptop.org
  • run kernelmod to build a patched ppp module w/ ms encryption stuff:
# kernelmod.sh -k /usr/src/linux-2.4
  • modprobe new ppp_generic, ppp_async, and ppp_mppe modules to test them, they should load w/o errors.
  • Add the following to /etc/modules:
alias ppp ppp_generic
alias char-major-108 ppp_generic
alias tty-ldisc-3 ppp_async
alias tty-ldisc-14 ppp_synctty
alias ppp-compress-18 ppp_mppe
alias ppp-compress-21 bsd_comp
alias ppp-compress-24 ppp_deflate
alias ppp-compress-26 ppp_deflate
alias net-pf-47 ip_gre

troubleshooting tip: I found that one VPN I set up worked fine when the modules were loaded by hand. However, it failed if you rebooted the system and it tried to load them automatically. The problem was that somehow /etc/modules.conf had an extra entry in it:

alias char-major-108 off

at the bottom. This actually prevented ppp from loading. The log error messages were the same as for the case of having an incorrect version of ppp installed - GRE read from PTY failed. That message generally just means that pppd failed to load. Running pptpd with the -f switch will quickly pinpoint these sorts of problems.

  • edit /etc/pptpd.conf:
option /etc/ppp/options.pptpd
debug
localip 192.168.14.100
remoteip 192.168.14.101-120
  • edit /etc/ppp/options.pppd:
lock
debug
nobsdcomp
proxyarp
chapms-strip-domain patch
chapms-strip-domain
-chap
-chapms
+chapms-v2
mppe-40
mppe-128
mppe-stateless
  • edit /etc/ppp/chap-secrets:
# client        server  secret                  IP addresses
user1           *       password                192.168.14.101
user2           *       password                192.168.14.102
  • Add firewall rules to allow gre and pptp control traffic for the vpn:
iptables -t filter -P FORWARD DROP
iptables -A OUTPUT -p 47 -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
iptables -A FORWARD -s 192.168.14.0/24 -d 192.168.14.0/24 -j ACCECPT
iptables -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT

I had to add the following, not sure if it's just due to my specific setup:

iptables -A INPUT -s 192.168.14.0/24 -d 192.168.14.0/24 -j ACCEPT
  • Save firewall rules (not sure if this is right)
# /sbin/iptables-save >/etc/sysconfig/iptables
  • Start pptp server
# service pptpd start

I think you have to disable NetBEUI on the Windows client machine, otherwise it will report "error 733". TCP/IP still works fine, this is just a cosmetic issue. You also need to go into the advanced properties for the vpn on the client and change the TCP/IP settings - go to the WINS tab and put the server address in for WINS server (in this case 192.168.14.100). This allows you to reference remote systems by name instead of IP address.

  • This link looks like a great RedHat 8.0 pptpd howto doc.
Our Founder
ToolboxClick to hide/show