pptp client
 overview
 license
 getting started
 features
 try it
 download
 links
 documentation 
 index
 debian
 fedora core 1
 fedora core 2
 fedora core 3
 fedora core 4
 fedora core 5
 fedora core 6
 gentoo
 knoppix
 mandrake 9.0
 mandrake 10.0
 mandrake 10.1
 netbsd
 red hat 9
 red hat 8.0
 red hat 7.3
 suse 10.0
 suse 9.2
 suse 9.1
 suse 8.2
 ubuntu
 diagnosis
 support faq
 diagrams
 routing
 security
team
 developers
 cvs
 contact us
 

PPTP Client


Mandrake 10.1 HOWTO

by James Cameron
11th April 2005

Introduction

This briefly describes how to install PPTP Client on a Mandrake 10.1 system.

Thank you to Paul Smith who sent us a Mandrake 10.1 CD set!

The Mandrake 10.1 default kernel already has the MPPE/MPPC module, the PPP package already has MPPE/MPPC support, and PPTP Client version 1.5.0 is included. You can use it as is, but it isn't as easy to use, because our configuration program pptpconfig isn't distributed by Mandrake, and as of version 20040722 pptpconfig isn't strictly compatible with the PPP package shipped. See the workaround described in step 6 below for that.

The instructions below upgrade the packages so that pptpconfig works.

Installation

  1. download the ppp mdk.i586.rpm from POPTOP project downloads and upgrade like this:

    rpm --upgrade ppp-2.4.3-4mdk10.1.i586.rpm

  2. download the pptp i386.rpm from PPTP Client downloads and upgrade like this:

    rpm --upgrade pptp-1.6.0-1.i386.rpm

  3. download the php-pcntl, php-gtk-pcntl, and pptpconfig i386.rpm's from PPTP Client project downloads and install like this:

    rpm --upgrade php-pcntl-4.3.10-1.i386.rpm
    urpmi libglade libxml
    rpm --upgrade php-gtk-pcntl-1.0.1-2.i386.rpm
    rpm --upgrade pptpconfig-20040722-6mdk.noarch.rpm

    Note: change the file names to correspond to the versions available.

  4. add ppp_mppe_mppc to /etc/modprobe.conf, by using this command:

    echo "alias ppp-compress-18 ppp_mppe_mppc" >> /etc/modprobe.conf

    (This is because Mandrake have shipped modutils with the standard alias of ppp-compress-18 translating to ppp_mppe instead of the module they ship. Please, someone, raise a bug.)

  5. change your firewall configuration by adding the following lines to /etc/shorewall/rules :

    #ACTION SOURCE DESTINATION PROTO DEST PORT(S)
    ACCEPT fw net gre
    ACCEPT net fw gre
    ACCEPT fw net tcp 1723
    ACCEPT net fw tcp 1723

    and the following line to /etc/shorewall/interfaces :

    #ZONE INTERFACE BROADCAST OPTIONS
    net ppp0 -

    (Thanks to Harry Sutton and Paul Smith on the mailing list, for more information see the Firewall and pptpclient thread.)

  6. follow the instructions on configuration below.

    Note: if you are using the Mandrake PPP package (rather than ours in step 1) do not tick the Require Microsoft Point-to-Point Encryption (MPPE) option, but instead type mppe required,stateless into the Options for pppd in the Miscellaneous section.

    (This is because Mandrake have packaged Jan Dubiec's patch to PPP which changes the MPPE option naming. Our configuration program was written for the MPPE option naming used by the main PPP project. Ideally, our program should work with both.)


Configuration

  1. obtain from your PPTP Server administrator:

    • the IP address or host name of the server,
    • the authentication domain name, (e.g. WORKGROUP),
    • the username you are to use,
    • the password you are to use,
    • whether encryption is required.

  2. run pptpconfig as root, and a window should appear,

  3. enter the server, domain, username and password into the Server tab,

  4. if you decided in Installation step 1 above that you would need MPPE, and if your administrator says encryption is required, then on the Encryption tab, click on Require Microsoft Point-to-Point Encryption (MPPE),

  5. click on Add, and the tunnel will appear in the list,

  6. click on the tunnel to select it, click on Start, and a window will appear with the tunnel connection log and status,

  7. if the connection fails, you will need to gather more information, so on the Miscellaneous tab, click on Enable connection debugging facilities, click Update, try Start again, then look at the Diagnosis HOWTO for whatever error is displayed.

  8. if the connection succeeded, you can try the Ping test button. If the ping fails, you should try to find out why before proceeding. If the ping works, then the tunnel is active and you may now work on routing.

  9. decide whether all your network traffic should go via the tunnel or not. If so, Stop the tunnel, select it again, then on the Routing tab, click on All to Tunnel, then click Update and try Start again. Now try to access the network behind the server.

  10. on the other hand, if only some of your network traffic should go via the tunnel, you will need to obtain from the server administrator or folk lore a series of network routes to enter. Stop the tunnel, select it again, then click on either Client to LAN or LAN to LAN on the Routing tab, use the Edit Network Routes button to enter the routes one by one, and then try Start again. Now try to access the network behind the server.

    For further help with Routing, read our Routing HOWTO.


Comments

If you have comments on this document, please send them to the author at james.cameron at hp.com. But if you need help, use the mailing list so that we can share the load.

ChangeLog

DateChange
2005-04-11 Resort to updating everything, since the current pptpconfig mdk package depends on pptp, which isn't provided by Mandrake's pptp-linux package.
2005-03-04 Updated package versions.
2005-03-02 Fix module alias entry, thanks to Michael on the mailing list.
2005-01-17 Add contributed firewall rules.
2005-01-15 First draft.