informatica:linux:vpn:pptp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
informatica:linux:vpn:pptp [2012/04/28 20:07] – jose | informatica:linux:vpn:pptp [2015/04/13 20:19] (current) – external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== pptp ====== | ||
+ | |||
http:// | http:// | ||
- | Server Setup | ||
- | Install the pptp server package: | ||
- | sudo aptitude install pptpd | ||
- | Edit the “/ | + | ===== Instalar y configurar el servidor ===== |
- | sudo vim /etc/pptpd.conf | + | 1. Install the pptp server package: |
- | Add to it: | + | sudo aptitude install pptpd |
- | localip 192.168.1.5 | + | 2. Edit the "/ |
- | remoteip 192.168.1.234-238, | + | sudo vim /etc/pptpd.conf |
- | Where the “localip” is the address of the server, and the remoteip are the addresses that will be handed out to the clients, | + | Add to it: |
- | Edit the “/ | + | localip 192.168.1.5 |
+ | remoteip 192.168.1.234-238, | ||
+ | debug | ||
- | sudo vim / | + | Where the " |
- | Append to the end of the file, the following directives: | + | 3. Edit the "/ |
- | ms-dns 192.168.1.1 | + | sudo vim / |
- | nobsdcomp | + | Append to the end of the file, the following directives: |
- | | + | ms-dns 192.168.1.1 |
+ | nobsdcomp | ||
+ | | ||
+ | mtu 1490 | ||
+ | mru 1490 | ||
- | mtu 1490 | + | Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network' |
- | mru 1490 | + | 4. Edit the chap secrets file: |
- | Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network’s configuration. | + | sudo vim / |
- | Edit the chap secrets file: | + | Add to it the authentication credentials for a user's connection, in the following syntax: |
- | sudo vim / | + | username <TAB> * <TAB> users-password <TAB> * |
- | Add to it the authentication credentials for a user’s | + | 5. Restart |
- | username <TAB> * <TAB> users-password <TAB> * | + | sudo / |
- | Restart the connection’s daemon for the settings to take affect: | + | If you don't want to grant yourself access to anything beyond the server, then you're done on the server side. |
- | + | ||
- | sudo / | + | |
- | + | ||
- | If you don’t want to grant yourself access to anything beyond the server, then you’re done on the server side. | + | |
Enable Forwarding (optional) | Enable Forwarding (optional) | ||
While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network. | While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network. | ||
- | By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to “jump” through the VPN server, to all other devices on the network. | + | By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to "jump" |
- | To achieve this we will be flipping the switch on the “forwarding” parameter of the system. | + | To achieve this we will be flipping the switch on the "forwarding" |
- | Edit the “sysctl” file: | + | 6. Edit the "sysctl" |
- | | + | |
- | Find the “net.ipv4.ip_forward” line and change the parameter from 0 (disabled) to 1 (enabled): | + | Find the "net.ipv4.ip_forward" |
- | | + | |
You can either restart the system or issue this command for the setting to take affect: | You can either restart the system or issue this command for the setting to take affect: | ||
- | | + | |
With forwarding enabled, all the server side settings are prepared. | With forwarding enabled, all the server side settings are prepared. | ||
- | We recommend using a “Split Tunnel” connection mode for the VPN client. | + | We recommend using a "Split Tunnel" |
- | A more in depth explanation about the recommended | + | A more in depth explanation about the recommended |
http:// | http:// | ||
For windows users, follow the guides below to create the VPN client on your system. | For windows users, follow the guides below to create the VPN client on your system. | ||
+ | |||
+ | ===== (Opcional) Configurar OpenVZ ===== | ||
+ | |||
+ | http:// | ||
+ | |||
+ | Yo solo he llegado a " | ||
+ | |||
+ | ===== (Opcional) Abrir puertos en router ===== | ||
+ | |||
+ | Escojo la opcion por defecto ' | ||
+ | |||
+ | |||
+ | |||
+ | ===== (Opcional) Comprobar que los paquetes llegan ===== | ||
+ | |||
+ | Comprobar que el servicio pptpd escucha en el puerto 1723: | ||
+ | |||
+ | sudo netstat -nlp | grep 1723 | ||
+ | tcp 0 0 0.0.0.0: | ||
+ | |||
+ | Desde el cortafuegos o el servidor pptpd: | ||
+ | |||
+ | sudo tcpdump -i any | grep " | ||
+ | |||
+ | Aparecen lineas como: | ||
+ | |||
+ | < | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | 16: | ||
+ | </ |
informatica/linux/vpn/pptp.1335643642.txt.gz · Last modified: 2015/04/13 20:19 (external edit)