VPN server on Debian Linux (pptpd)

Posted by Pavlo Khmel on Sat 20 January 2007

OS: Debian 3.1 r4
We need latest stable kernel source to compile modified kernel, now it is linux-2.6.19.1

cd /usr/src
ftp ftp.kernel.org
user : anonymous
password: my@khmel.org
Using binary mode to transfer files
ftp>
cd pub/linux/kernel/v2.6/
get linux-2.6.19.1.tar.gz
ftp> quit

Configuring

tar xfvz linux-2.6.19.1.tar.gz
ln -sf linux-2.6.19.1 linux
cd linux
make menuconfig
# if you see
# make[1]: *** [scripts/kconfig/lxdialog/checklist.o] Error 1
# make: *** [menuconfig] Error 2
# install package libncurses5-dev

Configure encryption compatible with MS WINDOWS:

...
Device Driver --->
Networking device support --->
и ставим <M> PPP MPPE compression (encription) (EXPERIMENTAL) (NEW)
...
# also check <M> in:
...
Criptographic options --->
...
<M> SHA1 digest algorithm
...
<M> ARC4 cipher algorithm
...

Compile

make dep
make clean
make bzImage
make modules
make modules_install
cp System.map /boot/System.map-2.6.19.1
cp arch/i386/boot/bzImage /boot/bzImage-2.6.19.1
cd /boot
mkinitrd -o /boot/initrd-2.6.19.1 2.6.19.1

Edit file /boot/grub/menu.list

title Debian GNU/Linux, kernel 2.6.19.1
root (hd0,0)
kernel /boot/bzImage-2.6.19.1 root=/dev/hda1 ro
initrd /boot/initrd-2.6.19.1
savedefault
boot

Install pptpd

ftp ftp.de.debian.org
ftp> cd debian/pool/main/p/pptpd/
ftp> get pptpd_1.2.1-4_i386.deb
ftp> quit
dpkg -i pptpd_1.2.1-4_i386.deb

Configure internal NIC in file /etc/network/interfaces

# internal
auto eth1
iface eth1 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255

Reboot

reboot

Change /etc/pptpd.conf:

option /etc/ppp/pptpd-options
localip 10.0.0.1-10
remoteip 10.0.0.11-20

Explanation:
localip 10.0.0.1-10 — IP for server
remoteip 10.0.0.11-20 — IP for client

Logins and password /etc/ppp/chap-secrets:

# Secrets for authentication using CHAP
# client server secret IP address
khmel.org pptpd khmel.org.pass *
/etc/ppp/pptpd-options
lock
debug
name pptpd
nodefaultroute
require-mschap-v2
require-mppe-128
proxyarp

In file /etc/modules.conf add:

alias ppp-compress-18 ppp_mppe_mppc

Enable forwarding:

echo 1 >/proc/sys/net/ipv4/ip_forward