############################################################# # Document: ppp-vpn-howto # Purpose : Document how I made a VPN work with Slackware # Author..: Stuart Winter # Date....: May-2004 # Version : 1.0 ############################################################# # Reference URLs # Kernel patches: http://www.polbox.com/h/hs001/ # pptpd source: http://www.poptop.org # http://poptop.sourceforge.net/dox/source-howto.html ############################################################# 1. Download & extract Linux Kernel source -------------------------------------- Do the usual thing here. 2. Download kernel patches: ------------------------ No longer required in Linux 2.6.20. 3. Set Kernel options: ------------------- # make menuconfig Network device support * PPP (point-to-point protocol) support * Microsoft PPP compression/encryption (MPPC/MPPE) ( I compiled them all as modules - compile all PPP stuff as modules too) Under root menu: Cryptographic options -> SHA1 and RC4 algorithms in CryptoAPI's configuration menu, * These are included by default when you select the MPPE PPP modules * 4. Compile & install Kernel: ------------------------- # make dep && make clean && make bzImage && make modules && make modules_install # mv -f System.map /boot # mv -f arch/i386/boot/bzImage /boot/vmlinuz # lilo # reboot 5. Download PPPd & the patch: -------------------------- If you really want to you can grab the n/ppp source directory from Slackware, add the patch line into the build script, run ppp.SlackBuild and re-build the ppp package. # ( cd /usr/src # grab slackware-current/source/n/ppp cd ppp # wget http://mppe-mppc.alphacron.de/ppp-2.4.3-mppe-mppc-1.1.patch.gz #http://bugs.lunar-linux.org/view.php?id=129 wget http://www.nikhef.nl/~janjust/ppp/ppp-2.4.4-eaptls-mppe-0.9no_ifdefs.patch patch -p1 < $CWD/ppp-2.4.4-eaptls-mppe-0.9no_ifdefs.patch ./configure && make && make install ) 6. Add module to /etc/modules.conf: -------------------------------- cat << EOF >> /etc/modprobe.conf alias char-major-108 ppp_generic alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty #alias ppp-compress-18 ppp_mppe alias ppp-compress-18 ppp_mppe_mppc alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-47 ip_gre EOF # depmod -va 7. Download & build poptop (pptpd): -------------------------------- # ( cd /usr/src/vpn wget http://puzzle.dl.sourceforge.net/sourceforge/poptop/pptpd-1.3.2.tar.gz tar zxf pptpd-1.3.2.tar.gz cd pptpd-* ./configure --prefix=/usr --sysconfdir=/etc mkdir -p /tmp/package-pptpd make -j3 && make install DESTDIR=/tmp/package-pptpd ) 8. Install config files: --------------------- # ( cd /usr/src/vpn mkdir pppconfig cd pppconfig wget http://poptop.sourceforge.net/dox/modules.conf.txt wget http://poptop.sourceforge.net/dox/pptpd.conf.txt wget http://poptop.sourceforge.net/dox/options.pptpd.txt wget http://poptop.sourceforge.net/dox/chap-secrets.txt mv -f pptpd.conf.txt /etc/pptpd.conf mv -f options.pptpd.txt /etc/ppp/options.pptpd mv -f chap-secrets.txt /etc/ppp/chap-secrets ) 9. Modify config files: -------------------- edit /etc/pptpd.conf [a] Change local IP from 192.168.0.1 to the LOCAL IP OF YOUR MACHINE (ie vpntest's IP is 10.0.50.250) [b] Change the IP range 9.1 Update options.pptpd file: -------------------------- Put in your own DNS server at the bottom of this file: cat << EOF > /etc/ppp/options.pptpd name vpn mtu 1450 mru 1450 proxyarp auth ipcp-accept-local ipcp-accept-remote lcp-echo-failure 3 lcp-echo-interval 5 mppe required,stateless ms-dns 217.10.128.130 EOF 9.2 Blank /etc/ppp/options: ----------------------- # echo > /etc/ppp/options 9.3 Create chap-secrets file: ------------------------- echo "myvpn vpn passwordfoo *" > /etc/ppp/chap-secrets 10. Make pptpd start: ---------------- # cat << EOF >> /etc/rc.d/rc.local /usr/sbin/pptpd -d EOF 11. Ensure pptp is allowed through the firewall -------------------------------------------- # Allow VPN iptables -A INPUT -p tcp --dport pptp -j ACCEPT