informatica:linux:vpn:pptp
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
informatica:linux:vpn:pptp [2012/04/28 20:06] – creado jose | informatica:linux:vpn:pptp [2015/04/13 20:19] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== pptp ====== | ||
+ | |||
http:// | http:// | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Instalar y configurar el servidor ===== | ||
+ | |||
+ | 1. Install the pptp server package: | ||
+ | |||
+ | sudo aptitude install pptpd | ||
+ | |||
+ | 2. Edit the "/ | ||
+ | |||
+ | sudo vim / | ||
+ | |||
+ | Add to it: | ||
+ | |||
+ | localip 192.168.1.5 | ||
+ | remoteip 192.168.1.234-238, | ||
+ | debug | ||
+ | |||
+ | Where the " | ||
+ | |||
+ | 3. Edit the "/ | ||
+ | |||
+ | sudo vim / | ||
+ | |||
+ | Append to the end of the file, the following directives: | ||
+ | |||
+ | ms-dns 192.168.1.1 | ||
+ | nobsdcomp | ||
+ | noipx | ||
+ | mtu 1490 | ||
+ | mru 1490 | ||
+ | |||
+ | Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network' | ||
+ | |||
+ | 4. Edit the chap secrets file: | ||
+ | |||
+ | sudo vim / | ||
+ | |||
+ | Add to it the authentication credentials for a user's connection, in the following syntax: | ||
+ | |||
+ | username <TAB> * <TAB> users-password <TAB> * | ||
+ | |||
+ | 5. Restart the connection' | ||
+ | |||
+ | sudo / | ||
+ | |||
+ | If you don't want to grant yourself access to anything beyond the server, then you're done on the server side. | ||
+ | Enable Forwarding (optional) | ||
+ | |||
+ | While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network. | ||
+ | |||
+ | By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to " | ||
+ | |||
+ | To achieve this we will be flipping the switch on the " | ||
+ | |||
+ | 6. Edit the " | ||
+ | |||
+ | sudo vim / | ||
+ | |||
+ | Find the " | ||
+ | |||
+ | net.ipv4.ip_forward=1 | ||
+ | |||
+ | You can either restart the system or issue this command for the setting to take affect: | ||
+ | |||
+ | sudo sysctl -p | ||
+ | |||
+ | With forwarding enabled, all the server side settings are prepared. | ||
+ | |||
+ | We recommend using a "Split Tunnel" | ||
+ | |||
+ | A more in depth explanation about the recommended "Split Tunnel" | ||
+ | |||
+ | http:// | ||
+ | |||
+ | For windows users, follow the guides below to create the VPN client on your system. | ||
+ | |||
+ | ===== (Opcional) Configurar OpenVZ ===== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Yo solo he llegado a " | ||
+ | |||
+ | ===== (Opcional) Abrir puertos en router ===== | ||
+ | |||
+ | Escojo la opcion por defecto ' | ||
+ | |||
+ | |||
+ | |||
+ | ===== (Opcional) Comprobar que los paquetes llegan ===== | ||
+ | |||
+ | Comprobar que el servicio pptpd escucha en el puerto 1723: | ||
+ | |||
+ | sudo netstat -nlp | grep 1723 | ||
+ | tcp 0 0 0.0.0.0: | ||
+ | |||
+ | Desde el cortafuegos o el servidor pptpd: | ||
+ | |||
+ | sudo tcpdump -i any | grep " | ||
+ | |||
+ | Aparecen lineas como: | ||
+ | |||
+ | < | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | </ |
informatica/linux/vpn/pptp.1335643578.txt.gz · Last modified: 2015/04/13 20:19 (external edit)