First, if you don't have the pptp client you have to install it or configure the PPP connection by hand or by other means, in Debian Squeeze you could install the pptp-linux package.
Next, this is the easy way to configure your VPN PPTP connection:
pptpsetup --create MYVPN --server myvpnserver --username myvpnuser --password mypassword
You have to substitute myvpnserver, myvpnuser and mypassword with the VPN server, the user and password respectively; MYVPN is the name of the PPP configuration you will create and is chosen by you.
After this you will have a new configuration file in /etc/ppp/peers and also an extra line in /etc/ppp/chap-secrets:
olimpo:~# cat /etc/ppp/peers/MYVPN
# written by pptpsetup
pty "pptp myvpnserver --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name myvpnuser
remotename MYVPN
ipparam MYVPN
olimpo:~# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
# added by pptpsetup for MYVPN
myvpnuser MYVPN "mypassword" *
If you want to configure the pppd daemon by hand, you just have to create a file in /etc/ppp/peers and add the authentication information in /etc/ppp/chap-secrets and it must be the same.
At this time you can open the PPP connection launching the pppd daemon:
olimpo:~# pppd call MYVPN updetach
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
CHAP authentication succeeded
local IP address 10.5.15.222
remote IP address 10.5.15.127
olimpo:~# tail --lines=16 /var/log/syslog
Jan 25 13:04:12 olimpo pppd[29036]: pppd 2.4.5 started by root, uid 0
Jan 25 13:04:12 olimpo pppd[29036]: Using interface ppp0
Jan 25 13:04:12 olimpo pppd[29036]: Connect: ppp0 <--> /dev/pts/3
Jan 25 13:04:13 olimpo pptp[29037]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Jan 25 13:04:13 olimpo pptp[29041]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Jan 25 13:04:13 olimpo pptp[29041]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Jan 25 13:04:13 olimpo pptp[29041]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Jan 25 13:04:14 olimpo NetworkManager[1919]: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jan 25 13:04:14 olimpo NetworkManager[1919]: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Jan 25 13:04:14 olimpo pptp[29041]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Jan 25 13:04:14 olimpo pptp[29041]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Jan 25 13:04:14 olimpo pptp[29041]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 8918).
Jan 25 13:04:14 olimpo modem-manager: (net/ppp0): could not get port's parent device
Jan 25 13:04:17 olimpo pppd[29036]: CHAP authentication succeeded
Jan 25 13:04:17 olimpo pppd[29036]: local IP address 10.5.15.222
Jan 25 13:04:17 olimpo pppd[29036]: remote IP address 10.5.15.127
olimpo:~# ifconfig ppp0
ppp0 Link encap:Point-to-Point Protocol
inet addr:10.5.15.222 P-t-P:10.5.15.127 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:99 (99.0 B) TX bytes:93 (93.0 B)
olimpo:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.5.15.127 * 255.255.255.255 UH 0 0 0 ppp0
static.customer 10.123.46.1 255.255.255.255 UGH 0 0 0 br0
10.123.46.0 * 255.255.255.0 U 0 0 0 br0
default 10.123.46.1 0.0.0.0 UG 0 0 0 br0
That's it, you have a VPN connection open to you VPN server! Or it's almost done, because we have a routing problem.
olimpo:~# ping 10.5.15.123
PING 10.5.15.123 (10.5.15.123) 56(84) bytes of data.
^C
--- 10.5.15.123 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6047ms
olimpo:~# traceroute 10.5.15.123
traceroute to 10.5.15.123 (10.5.15.123), 30 hops max, 60 byte packets
1 10.123.81.4 (10.123.81.4) 0.407 ms 0.429 ms 0.492 ms
2 10.123.148.1 (10.123.148.1) 0.313 ms 0.352 ms 0.345 ms
3 * * *
4 * * *
5 * * *
6 *^C
As you might notice in the route information, there is no route to the VPN network from your Linux computer. You could append defaultroute to the pppd command, but this way you will have connectivity ONLY to the VPN network; to put it simple: is like if you were attached directly to the other network. If you had internet access and there is no way to access internet in the VPN network then you'll have no internet access, or if you had access to other networks after using pppd with defaultroute you will no longer have access to them.
And in fact that's the way a VPN is supposed to work. For example, if you got a trojan in your computer and that program is tailored specifically for your organization, and you connect your computer to the VPN network and still have access to the internet, then that trojan might steal information and send it to someone else easily. Or you might thing that leaving your VPN connection open and your computer accessible from the internet would be handy to share your VPN connection; this way you're creating a security hole in the VPN network so be careful and do it if you really need to.
Therefore, if you need to keep connectivity to other networks and don't want to append defaultroute to the pppd command, you have to create the route by hand. In this case, we want to access the VPN network 10.5.15.0/24, therefore we will issue this route command:
olimpo:~# route add -net 10.5.15.0 netmask 255.255.255.0 dev ppp0
As you can see in the route and traceroute information, this time you can reach the example server (10.5.15.123) through your PPP gateway (10.5.15.127):
olimpo:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.5.15.127 * 255.255.255.255 UH 0 0 0 ppp0
static.customer 10.123.46.1 255.255.255.255 UGH 0 0 0 br0
10.123.46.0 * 255.255.255.0 U 0 0 0 br0
10.5.15.0 * 255.255.255.0 U 0 0 0 ppp0
default 10.123.46.1 0.0.0.0 UG 0 0 0 br0
olimpo:~# traceroute 10.5.15.123
traceroute to 10.5.15.123 (10.5.15.123), 30 hops max, 60 byte packets
1 10.5.15.127 (10.5.15.127) 163.061 ms 163.027 ms 163.010 ms
2 10.5.15.123 (10.5.15.123) 174.981 ms 174.967 ms 174.954 ms
Finally, in order to end your PPP connection you have to end the pppd daemon (gracefully); you might do this getting the pppd daemon PID and issuing a kill command:
olimpo:~# ps ax|grep pppd
10094 pts/1 S+ 0:00 grep pppd
29037 pts/1 S 0:00 pptp myvpnserver --nolaunchpppd
29041 pts/1 S 0:00 pptp myvpnserver --nolaunchpppd
29044 pts/1 S 0:00 pppd call MYVPN updetach
olimpo:~# cat /var/run/ppp0.pid
29044
olimpo:~/bin# kill -TERM 29044
olimpo:~/bin# tail --lines=11 /var/log/syslog
Jan 25 15:06:43 olimpo pppd[29044]: Terminating on signal 15
Jan 25 15:06:43 olimpo pppd[29044]: Modem hangup
Jan 25 15:06:43 olimpo pppd[29044]: Connect time 122.5 minutes.
Jan 25 15:06:43 olimpo pppd[29044]: Sent 1140 bytes, received 1056 bytes.
Jan 25 15:06:43 olimpo pptp[29041]: anon log[callmgr_main:pptp_callmgr.c:258]: Closing connection (shutdown)
Jan 25 15:06:43 olimpo pptp[29041]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 'Call-Clear-Request'
Jan 25 15:06:43 olimpo pptp[29041]: anon log[call_callback:pptp_callmgr.c:79]: Closing connection (call state)
Jan 25 15:06:44 olimpo pppd[29044]: Connection terminated.
Jan 25 15:06:44 olimpo avahi-daemon[1488]: Withdrawing workstation service for ppp0.
Jan 25 15:06:44 olimpo NetworkManager[1919]: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Jan 25 15:06:49 olimpo pppd[29044]: Exit.
olimpo:~# ps ax|grep pppd
11587 pts/1 S+ 0:00 grep pppd
More information:
The Point-to-Point Protocol
No comments:
Post a Comment