PPTP Client

发表于   |   分类于


pptpclient-how-to http://pptpclient.sourceforge.net/howto-ubuntu.phtml
vpn-routing http://pptpclient.sourceforge.net/routing.phtml#client-to-server


~~ my config

a. vi /etc/ppp/chap-secrets
#client server Password IP Address
#域名\用户名 服务器名 密码
vance    "pptpd.vance"    123456    *

b. vi /etc/ppp/options.pptp
lock
noauth
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
#require-mppe-128c. vi /etc/ppp/peers/vpn.lab113
# 10.214.9.113——VPN服务器地址
pty "pptp 10.214.9.113 –nolaunchpppd"
#linkname: Sets the logical name of the link. Pppd will create a
# file named ppp-pptpd.vance.lab113 in /var/run containing its PID
linkname pptpd.vance.lab113
name vance                        # 与chap-secrets中的client相对应
remotename pptpd.vance    # 与chap-secrets中的server相对应
file /etc/ppp/options.pptp      # 配置文件所在位置
usepeerdns
defaultroute                           # 将peer设置为默认网关
replacedefaultroute               # 并且替换原来的默认网关
#ipparam lab113

d. 拨号
pppd call vpn.lab113

pon vpn.lab113
poff vpn.lab113        # 断开
debug模式:
pppd call vpn.lab113 logfd 2 nodetach&

pon vpn.lab113 debug dump logfd 2 nodetach

updetach选项
      With this option, pppd will detach from its controlling terminal
      once it has successfully established the ppp connection (to the
      point where the first network control protocol, usually the IP
      control protocol, has come up).



end my config




PPTP Client

Ubuntu HOWTO

by James Cameron
29th November 2007

Community Ubuntu Documentation

Ubuntu have formed a community that documents most common tasks. As at 2007-11, the documentation for using PPTP on Ubuntu can be found at: https://help.ubuntu.com/community/VPNClient

Ubuntu Gutsy 7.10
  • install the network-manager-pptp package, using the Add/Remove, Synaptic package manager, or apt-get,
  • click network icon, choose VPN Connections then Configure VPN, then add a VPN with the wizard,
  • click network icon, then VPN Connections then the VPN you created.
If you have a problem after doing this, watch the logs to see if it worked:

To increase logging, add debug dump to the /etc/ppp/options and try again.

Reference: tests by James Cameron on 29th November 2007, during diagnosis of a mailing list thread.

Ubuntu Feisty

  • install the network-manager-pptp package, and if it was not already installed, restart the network manager applet and Network Manager:
    • right-click the network icon on your system tray and choose Remove,
    • Alt/F2, run nm-applet, and the network icon will return,
    • restart Network Manager:

  • left-click network icon, choose VPNS then configure, then add a VPN with the wizard,
  • left-click network icon, then VPNS then the VPN you created,
  • watch the logs to see if it worked:

Reference: PPTP From Ubuntu, by Stephen Thorne.
Below are instructions for installing PPTP Client on Ubuntu Linux, last tested with the 5.10 Breezy version on i386, but also is said to work for 6.06 on i386. The Ubuntu kernel has MPPE already.

Contents:

Configure Ubuntu to use Universe

Add the universe repository to your sources list. See this thread for references.

Installing the Client Program

Install PPTP Client from the Ubuntu Project:

Installing the Configuration Program

Note: you may wish to skip the configuration program and configure the client by hand.

  1. add the following lines to the sources list file, /etc/apt/sources.list :

    Note: can use a text editor, or simply cat the lines on to the end of the file using >>, but if you make a mistake in formatting you will likely be told by the apt-get update step.

  2. update the list of packages:

  3. install the PPTP Client GUI:

    Note: you may be told that the packages could not be authenticated. For the moment, tell your system to install them anyway. We’ll take patches to our release process if anyone can explain simply how to provide authentication.

 Configuration

  1. obtain from your PPTP Server administrator:

    • the IP address or host name of the server,
    • the authentication domain name, (e.g. WORKGROUP),
    • the username you are to use,
    • the password you are to use,
    • whether encryption is required.

  2. run pptpconfig as root, and a window should appear,

  3. enter the server, domain, username and password into the Server tab,

  4. if you decided in Installation step 1 above that you would need MPPE, and if your administrator says encryption is required, then on the Encryption tab, click on Require Microsoft Point-to-Point Encryption (MPPE),

  5. click on Add, and the tunnel will appear in the list,

  6. click on the tunnel to select it, click on Start, and a window will appear with the tunnel connection log and status,

  7. if the connection fails, you will need to gather more information, so on the Miscellaneous tab, click on Enable connection debugging facilities, click Update, try Start again, then look at the Diagnosis HOWTO for whatever error is displayed.

  8. if the connection succeeded, you can try the Ping test button. If the ping fails, you should try to find out why before proceeding. If the ping works, then the tunnel is active and you may now work on routing.

  9. decide whether all your network traffic should go via the tunnel or not. If so, Stop the tunnel, select it again, then on the Routing tab, click on All to Tunnel, then click Update and try Start again. Now try to access the network behind the server.

  10. on the other hand, if only some of your network traffic should go via the tunnel, you will need to obtain from the server administrator or folk lore a series of network routes to enter. Stop the tunnel, select it again, then click on either Client to LAN or LAN to LAN on the Routing tab, use the Edit Network Routes button to enter the routes one by one, and then try Start again. Now try to access the network behind the server.

    For further help with Routing, read our Routing HOWTO.

Diagnosing Problems

If you have problems with the tunnel and need to ask for help, start pppd with complete logging:

where tunnelname is the name of the tunnel you created in the configuration program. For more detail, see enabling debug logging.

This will give you a file pptp.log that you can use to search for known solutions in the Diagnosis HOWTO or attach to an e-mail to the mailing list.

Configuration, by hand

  • obtain from your PPTP Server administrator:

    • the IP address or host name of the server ($SERVER),
    • the name you wish to use to refer to the tunnel ($TUNNEL),
    • the authentication domain name ($DOMAIN),
    • the username you are to use ($USERNAME),
    • the password you are to use ($PASSWORD),
    • whether encryption is required.

    In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.

  • create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:

  • create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:

    Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.

    Note: if the passwords contain any special characters, quote them. See man pppd for more details.

  • create a /etc/ppp/peers/$TUNNEL file:

    Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.

  • start the tunnel using the pon command:

    to further diagnose a failure, add options to the command:

    Note: we have further information on enabling debug mode, and on diagnosing problems.

  • stop the tunnel using the poff command:

  • to script the tunnel connection so that something is done as soon as the tunnel is up, use either ip-up.d scripts or the updetach keyword.

    1. see the Routing HOWTO for examples of ip-up.d scripting that adds routes or iptables rules.

    2. using updetach will cause pppd to fork, detach, and exit with success once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail:

      Note: the double ampersand && means that the commands following it will only be executed if the command to the left of it was successful. If the tunnel fails to connect, the fetchmail will not happen.

  • to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.

  • to have the tunnel started on system boot:

    • for Debian Sarge and later, edit the /etc/network/interfaces file, and add this section:

    • for Debian Woody, edit the /etc/ppp/no_ppp_on_boot file, remove the first line comment, and change the word provider to the name of your tunnel, so that it looks like this:

      (The line … means the other lines in the file, it doesn’t mean a line with three dots.)

      Then rename the no_ppp_on_boot file and make it executable:

    Every time your computer starts, the tunnel will be started automatically.

  • to set up routing, read our Routing HOWTO.

    • #!/bin/sh
    # modified by jfo, 2008-9-2
    # pppd ip-up script for all-to-tunnel routing
    # you can place it in /etc/ppp/ip-up.d/

    # name of primary network interface (before tunnel)
    #PRIMARY=eth0
    PRIMARY=$(ip route | grep default | cut -d" " -f 3)
    PRIMARY_DEV=$(ip route | grep default | cut -d" " -f 5)

    # address of tunnel server
    SERVER=tunnel.example.com

    # provided by pppd: string to identify connection aka ipparam option
    CONNECTION=$6
    if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi

    # provided by pppd: interface name
    TUNNEL=$1
    if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi

    # if we are being called as part of the tunnel startup
    if [ "${CONNECTION}" = "tunnel" ] ; then

       # direct tunnelled packets to the tunnel server
       # route add -host ${SERVER} dev ${PRIMARY}
       route add -host ${SERVER} gw ${PRIMARY}

       # direct all other packets into the tunnel
       route del default ${PRIMARY_DEV}
       route add default dev ${TUNNEL}

    fi








    ~~end