These are instructions for installing PPTP Client on Debian GNU/Linux.

Contents:

• installing MPPE support in kernel
• installing the client program
• installing the configuration program
• configuring a tunnel using the configuration program
• configuring a tunnel by hand

This step can be skipped if you are running Debian GNU/Linux 4.0 Etch or later. 2007-10-22

If you are trying to connect to a Microsoft Windows VPN Server, and it is set to require encryption, then you will need MPPE support in the kernel. If you know you don't, then skip this step.

MPPE support is enabled by the CONFIG_PPP_MPPE option and the ppp_mppe kernel module.

The Debian Sarge prebuilt kernels do not provide MPPE support, because MPPE was not included in the upstream kernel until 2.6.15. The Debian Etch and later prebuilt kernels do provide MPPE support.

Choose one of the following according to your your skills and needs:

• use the Debian MPPE DKMS HOWTO to build the MPPE module for your current kernel,
• use the Debian MPPE HOWTO to patch the Debian kernel and then build a new kernel,
• upgrade to a Debian Etch kernel or later.

This step can be skipped if you are running Debian GNU/Linux 4.0 Etch or later. If you require MPPE support, then ensure the version of the ppp package is at 2.4.2 or higher. Debian Woody includes 2.4.1, which does not have MPPE support. Debian Sarge includes 2.4.3. Debian Etch includes 2.4.4. (The pptp-linux package does not depend on ppp (>= 2.4.2) because it is possible to configure a tunnel without encryption. Do not use a 2.4.1 version of ppp, even if it has been patched for MPPE support, because all the patches out there we have tested are incompatible with the MPPE support added to the kernel in the section above.) 2007-10-22

Install PPTP Client from the Debian Project:

Note: you may wish to skip the configuration program and configure the client by hand.

1. add the following lines to the sources list file, /etc/apt/sources.list :

   # James Cameron's PPTP GUI packaging deb http://quozl.netrek.org/pptp/pptpconfig ./

   Note: can use a text editor, or simply cat the lines on to the end of the file using >>, but if you make a mistake in formatting you will likely be told by the apt-get update step.

2. update the list of packages:

   apt-get update

3. install the PPTP Client GUI:

   apt-get install pptpconfig

1. obtain from your PPTP Server administrator:
   • the IP address or host name of the server,
   • the authentication domain name, (e.g. WORKGROUP),
   • the username you are to use,
   • the password you are to use,
   • whether encryption is required.

2. run pptpconfig as root, and a window should appear,

   

3. enter the server, domain, username and password into the Server tab,

4. if you decided in Installation step 1 above that you would need MPPE, and if your administrator says encryption is required, then on the Encryption tab, click on Require Microsoft Point-to-Point Encryption (MPPE),

   

5. click on Add, and the tunnel will appear in the list,

6. click on the tunnel to select it, click on Start, and a window will appear with the tunnel connection log and status,

7. if the connection fails, you will need to gather more information, so on the Miscellaneous tab, click on Enable connection debugging facilities, click Update, try Start again, then look at the Diagnosis HOWTO for whatever error is displayed.

   

8. if the connection succeeded, you can try the Ping test button. If the ping fails, you should try to find out why before proceeding. If the ping works, then the tunnel is active and you may now work on routing.

9. decide whether all your network traffic should go via the tunnel or not. If so, Stop the tunnel, select it again, then on the Routing tab, click on All to Tunnel, then click Update and try Start again. Now try to access the network behind the server.

10. on the other hand, if only some of your network traffic should go via the tunnel, you will need to obtain from the server administrator or folk lore a series of network routes to enter. Stop the tunnel, select it again, then click on either Client to LAN or LAN to LAN on the Routing tab, use the Edit Network Routes button to enter the routes one by one, and then try Start again. Now try to access the network behind the server.

    

    For further help with Routing, read our Routing HOWTO.

If you have problems with the tunnel and need to ask for help, start pppd with complete logging:

where tunnelname is the name of the tunnel you created in the configuration program. For more detail, see enabling debug logging.

This will give you a file pptp.log that you can use to search for known solutions in the Diagnosis HOWTO or attach to an e-mail to the mailing list.

1. obtain from your PPTP Server administrator:
   • the IP address or host name of the server ($SERVER),
   • the name you wish to use to refer to the tunnel ($TUNNEL),
   • the authentication domain name ($DOMAIN),
   • the username you are to use ($USERNAME),
   • the password you are to use ($PASSWORD),
   • whether encryption is required.

   In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.

2. create the /etc/ppp/options.pptp file, which sets options common to all tunnels:

   lock noauth nobsdcomp nodeflate

3. create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:

   $DOMAIN\\$USERNAME PPTP $PASSWORD *

   Note: if you are using a PPTP Server that does not require a domain name, omit the slashes as well as the domain name.

   Note: if the passwords contain any special characters, quote them. See man pppd for more details.

4. create a /etc/ppp/peers/$TUNNEL file:

   pty "pptp $SERVER --nolaunchpppd" name $DOMAIN\\$USERNAME remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam $TUNNEL

   Note: if you do not need MPPE support, then remove the require-mppe-128 option.

5. start the tunnel using the pon command:

   pon $TUNNEL

   to further diagnose a failure, add options to the command:

   pon $TUNNEL debug dump logfd 2 nodetach

   Note: we have further information on enabling debug mode, and on diagnosing problems.

6. stop the tunnel using the poff command:

   poff $TUNNEL

7. to script the tunnel connection so that something is done as soon as the tunnel is up, use either ip-up.d scripts or the updetach keyword.
   1. see the Routing HOWTO for examples of ip-up.d scripting that adds routes or iptables rules.

   2. using updetach will cause pppd to fork, detach, and exit with success once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail:

      pon provider updetach && pon $TUNNEL updetach && fetchmail

      Note: the double ampersand && means that the commands following it will only be executed if the command to the left of it was successful. If the tunnel fails to connect, the fetchmail will not happen.

8. to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.

9. to have the tunnel started on system boot:
   • for Debian Sarge and later, edit the /etc/network/interfaces file, and add this section:

     auto tunnel iface tunnel inet ppp         provider $TUNNEL

   • for Debian Woody, edit the /etc/ppp/no_ppp_on_boot file, remove the first line comment, and change the word provider to the name of your tunnel, so that it looks like this:

     #!/bin/sh ... $PPPD call $TUNNEL

     (The line ... means the other lines in the file, it doesn't mean a line with three dots.)

     Then rename the no_ppp_on_boot file and make it executable:

     # mv /etc/ppp/no_ppp_on_boot /etc/ppp/ppp_on_boot # chmod +x /etc/ppp/ppp_on_boot

   Every time your computer starts, the tunnel will be started automatically.

10. to set up routing, read our Routing HOWTO.

Comments

ChangeLog