Legido Wiki

User Tools

Site Tools

Trace: comandes
informatica:linux:vpn:pptp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
informatica:linux:vpn:pptp [2012/04/28 20:06] – creado joseinformatica:linux:vpn:pptp [2015/04/13 20:19] (current) – external edit 127.0.0.1
Line 1: Line 1:
 +====== pptp ======
 +
 http://www.howtogeek.com/51237/setting-up-a-vpn-pptp-server-on-debian/ http://www.howtogeek.com/51237/setting-up-a-vpn-pptp-server-on-debian/
 +
 +
 +
 +
 +===== Instalar y configurar el servidor =====
 +
 +1. Install the pptp server package:
 +
 +  sudo aptitude install pptpd
 +
 +2. Edit the "/etc/pptpd.conf" configuration file:
 +
 +  sudo vim /etc/pptpd.conf
 +
 +Add to it:
 +
 +  localip 192.168.1.5
 +  remoteip 192.168.1.234-238,192.168.1.245
 +  debug
 +
 +Where the "localip" is the address of the server, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network's requirements.
 +
 +3. Edit the "/etc/ppp/pptpd-options" configuration file:
 +
 +  sudo vim /etc/ppp/pptpd-options
 +
 +Append to the end of the file, the following directives:
 +
 +  ms-dns 192.168.1.1
 +  nobsdcomp
 +  noipx
 +  mtu 1490
 +  mru 1490 
 +
 +Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network's configuration.
 +
 +4. Edit the chap secrets file:
 +
 +  sudo vim /etc/ppp/chap-secrets
 +
 +Add to it the authentication credentials for a user's connection, in the following syntax:
 +
 +  username <TAB> * <TAB> users-password <TAB> *
 +
 +5. Restart the connection's daemon for the settings to take affect:
 +
 +  sudo /etc/init.d/pptpd restart
 +
 +If you don't want to grant yourself access to anything beyond the server, then you're done on the server side.
 +Enable Forwarding (optional)
 +
 +While this step is optional and could be viewed as a security risk for the extremely paranoid, it is my opinion that not doing it defeats the purpose of even having a VPN connection into your network.
 +
 +By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to "jump" through the VPN server, to all other devices on the network.
 +
 +To achieve this we will be flipping the switch on the "forwarding" parameter of the system.
 +
 +6. Edit the "sysctl" file:
 +
 +  sudo vim /etc/sysctl.conf
 +
 +Find the "net.ipv4.ip_forward" line and change the parameter from 0 (disabled) to 1 (enabled):
 +
 +  net.ipv4.ip_forward=1
 +
 +You can either restart the system or issue this command for the setting to take affect:
 +
 +  sudo sysctl -p
 +
 +With forwarding enabled, all the server side settings are prepared.
 +
 +We recommend using a "Split Tunnel" connection mode for the VPN client.
 +
 +A more in depth explanation about the recommended "Split Tunnel" mode, as well as instructions for Ubuntu Linux users can be found in the "Setting up a "Split Tunnel" VPN (PPTP) Client on Ubuntu 10.04" guide.
 +
 +http://sysadmingeek.com/articles/setting-up-a-split-tunnel-vpn-pptp-client-on-ubuntu-10-04/
 +
 +For windows users, follow the guides below to create the VPN client on your system.
 +
 +===== (Opcional) Configurar OpenVZ =====
 +
 +http://wiki.openvz.org/VPN_via_the_TUN/TAP_device
 +
 +Yo solo he llegado a "Granting container an access to TUN/TAP"
 +
 +===== (Opcional) Abrir puertos en router =====
 +
 +Escojo la opcion por defecto 'PPTP'. Parece ser que abre el puerto TCP 1723
 +
 +
 +
 +===== (Opcional) Comprobar que los paquetes llegan =====
 +
 +Comprobar que el servicio pptpd escucha en el puerto 1723:
 +
 +  sudo netstat -nlp | grep 1723
 +  tcp        0      0 0.0.0.0:1723            0.0.0.0:              LISTEN      1080/pptpd 
 +
 +Desde el cortafuegos o el servidor pptpd:
 +
 +  sudo tcpdump -i any | grep "1723"
 +
 +Aparecen lineas como:
 +
 +<code>
 +16:31:02.973466 IP IP_PUBLICA_CLIENTE_VPN.42024 > jj.com.1723: Flags [S], seq 326501788, win 64512, options [mss 1260,nop,nop,sackOK], length 0
 +16:31:02.973466 IP IP_PUBLICA_CLIENTE_VPN.42024 > jj.com.1723: Flags [S], seq 326501788, win 64512, options [mss 1260,nop,nop,sackOK], length 0
 +16:31:02.973498 IP jj.com.1723 > IP_PUBLICA_CLIENTE_VPN.42024: Flags [R.], seq 0, ack 326501789, win 0, length 0
 +16:31:02.973503 IP jj.com.1723 > IP_PUBLICA_CLIENTE_VPN.42024: Flags [R.], seq 0, ack 1, win 0, length 0
 +16:31:03.506774 IP IP_PUBLICA_CLIENTE_VPN.42024 > jj.com.1723: Flags [S], seq 374497046, win 64512, options [mss 1260,nop,nop,sackOK], length 0
 +16:31:03.506774 IP IP_PUBLICA_CLIENTE_VPN.42024 > jj.com.1723: Flags [S], seq 374497046, win 64512, options [mss 1260,nop,nop,sackOK], length 0
 +16:31:03.506789 IP jj.com.1723 > IP_PUBLICA_CLIENTE_VPN.42024: Flags [R.], seq 0, ack 47995259, win 0, length 0
 +16:31:03.506792 IP jj.com.1723 > IP_PUBLICA_CLIENTE_VPN.42024: Flags [R.], seq 0, ack 47995259, win 0, length 0
 +16:31:04.006784 IP IP_PUBLICA_CLIENTE_VPN.42024 > jj.com.1723: Flags [S], seq 33327246, win 64512, options [mss 1260,nop,nop,sackOK], length 0
 +16:31:04.006784 IP IP_PUBLICA_CLIENTE_VPN.42024 > jj.com.1723: Flags [S], seq 33327246, win 64512, options [mss 1260,nop,nop,sackOK], length 0
 +16:31:04.006800 IP jj.com.1723 > IP_PUBLICA_CLIENTE_VPN.42024: Flags [R.], seq 0, ack 4001792755, win 0, length 0
 +16:31:04.006802 IP jj.com.1723 > IP_PUBLICA_CLIENTE_VPN.42024: Flags [R.], seq 0, ack 4001792755, win 0, length 0
 +</code>
informatica/linux/vpn/pptp.1335643578.txt.gz · Last modified: (external edit)