pptp client
 overview
 license
 getting started
 features
 try it
 download
 links
 documentation 
 index
 debian
 fedora core 1
 fedora core 2
 fedora core 3
 fedora core 4
 fedora core 5
 fedora core 6
 gentoo
 knoppix
 mandrake 9.0
 mandrake 10.0
 mandrake 10.1
 netbsd
 red hat 9
 red hat 8.0
 red hat 7.3
 suse 10.0
 suse 9.2
 suse 9.1
 suse 8.2
 ubuntu
 diagnosis
 support faq
 diagrams
 routing
 security
team
 developers
 cvs
 contact us
 

PPTP Client


Gentoo HOWTO

By James Cameron, John Ross, & Edoardo Costa
29th February 2008

These are instructions for installing PPTP Client on Gentoo Linux.

Summary:

  • use Linux kernel 2.6.15 or later,
  • use pppd 2.4.2 or later, without MPPC, without patching,

Kernel

Install a kernel 2.6.15 or above, enabling cryptographic modules and the Microsoft Point-to-Point Encryption module.

# emerge -av sys-kernel/gentoo-sources

# make menuconfig
Cryptographic options --->
[*] Cryptographic API
[*] HMAC support
[M] MD5 digest algorithm
--- SHA1 digest algorithm
[M] SHA256 digest algorithm
[M] SHA384 and SHA512 digest algorithms
[M] DES and Triple DES EDE cipher algorithms
[M] ARC4 cipher algorithm
[M] Deflate compression algorithm
Device Drivers --->
Networking support --->
[*] PPP (point-to-point protocol) support
[*] PPP filtering
[M] PPP support for async serial ports
[M] PPP support for sync tty ports
[M] PPP Deflate compression
[M] PPP BSD-Compress compression
[M] PPP MPPE compression (encryption) (NEW)


pppd

# emerge -av net-dialup/ppp


pptp

# emerge -a net-dialup/pptpclient


Diagnosing Problems

If you have problems with the tunnel and need to ask for help, start pppd with complete logging:

# script pptp.log
Script started, file is pptp.log
# pppd call tunnelname dump debug logfd 2 nodetach
# exit
Script done, file is pptp.log

where tunnelname is the name of the tunnel you created in the configuration program. For more detail, see enabling debug logging.

This will give you a file pptp.log that you can use to search for known solutions in the Diagnosis HOWTO or attach to an e-mail to the mailing list.


Configuration, by hand

  1. obtain from your PPTP Server administrator:

    • the IP address or host name of the server ($SERVER),
    • the name you wish to use to refer to the tunnel ($TUNNEL),
    • the authentication domain name ($DOMAIN),
    • the username you are to use ($USERNAME),
    • the password you are to use ($PASSWORD),
    • whether encryption is required.

    In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.

  2. create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:

    lock noauth nobsdcomp nodeflate

  3. create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:

    $DOMAIN\\$USERNAME PPTP $PASSWORD *

    Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.

    Note: if the passwords contain any special characters, quote them. See man pppd for more details.

  4. create a /etc/ppp/peers/$TUNNEL file:

    pty "pptp $SERVER --nolaunchpppd"
    name $DOMAIN\\$USERNAME
    remotename PPTP
    require-mppe-128
    file /etc/ppp/options.pptp
    ipparam $TUNNEL

    Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.

  5. start the tunnel using the pon command:

    pon $TUNNEL

    to further diagnose a failure, add options to the command:

    pon $TUNNEL debug dump logfd 2 nodetach

    Note: we have further information on enabling debug mode, and on diagnosing problems.

  6. stop the tunnel using the poff command:

    poff $TUNNEL

  7. to script the tunnel connection so that something is done as soon as the tunnel is up, use either ip-up.d scripts or the updetach keyword.

    1. see the Routing HOWTO for examples of ip-up.d scripting that adds routes or iptables rules.

    2. using updetach will cause pppd to fork, detach, and exit with success once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail:

      pon provider updetach && pon $TUNNEL updetach && fetchmail

      Note: the double ampersand && means that the commands following it will only be executed if the command to the left of it was successful. If the tunnel fails to connect, the fetchmail will not happen.

  8. to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.

  9. to set up routing, read our Routing HOWTO.


Comments

If you have comments on this document, please send them to the author at james.cameron at hp.com. But if you need help, use the mailing list so that we can share the load.

ChangeLog

DateChange
2008-02-29 Removal of pptpconfig per mailing list posting.
2006-01-27 Simplification thanks to Edoardo.
2006-01-04 Linux kernel 2.6.15 includes MPPE.
2005-02-21 Add link to forum posting referenced in mail.
2005-01-11 Simplification and standardisation by James Cameron.
2005-01-05 Update by John Ross to reflect current setup requirements for x86 Gentoo Base System version 1.4.16, kernel 2.6.9-gentoo-r13
2004-10-13 Simplification by Surakshan, new package name for pptpconfig.
2004-09-06 Simplification and update of emerge commands by Sander Rijken
2004-02-27 Clarification about PHP dependency and minor reorganisation by Surakshan
2003-12-12 Simplification by Surakshan.
2003-12-11 More contributions from Surakshan.
2003-12-08 First draft.