pptp client
 overview
 license
 getting started
 features
 try it
 download
 links
 documentation 
 index
 debian
 fedora core 1
 fedora core 2
 fedora core 3
 fedora core 4
 fedora core 5
 fedora core 6
 gentoo
 knoppix
 mandrake 9.0
 mandrake 10.0
 mandrake 10.1
 netbsd
 red hat 9
 red hat 8.0
 red hat 7.3
 suse 10.0
 suse 9.2
 suse 9.1
 suse 8.2
 ubuntu
 diagnosis
 support faq
 diagrams
 routing
 security
team
 developers
 cvs
 contact us
 

PPTP Client


Red Hat 9 HOWTO

by James Cameron
28th February 2005

This describes how to install PPTP Client on a Red Hat 9 system.

The process involves installing MPPE, then PPTP followed by configuration.

We have documented four methods of installing:


Installation

  1. install MPPE capability:

    MPPE is Microsoft Point-To-Point Encryption, and is described in RFC3078. You will need to install it if your PPTP Server requires it, and if your kernel is before 2.6.15. Microsoft Windows VPN Server requires MPPE. If you do not require MPPE, skip this step.

    If you can upgrade to 2.6.15 or later, do so, then skip the remainder of this step.

    Our thanks to Matt Domsch of Dell for his contribution to this step using the Dynamic Kernel Module Support.

    1. install the kernel-source rpm for your current kernel, you should find it on the CDs, or wherever you got your current kernel,

      # rpm --install kernel-source-...

    2. check that your system is running the kernel corresponding to the package requested in the previous step. Use the uname command to display the version of the running kernel, for example:

      # uname -r

      If the version shown is not the version installed in the previous step, reboot into that kernel. Otherwise the dkms build below may fail, because the kernel package for the current kernel may not be installed.

    3. download the dkms rpm (mirror link) and install it:

      # rpm --install dkms-2.0.5-1.noarch.rpm

    4. download the kernel_ppp_mppe dkms rpm (mirror link) and install it:

      # rpm --install kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm

    5. test that the MPPE module loads on request:

      # modprobe ppp-compress-18 && echo success

      Note: this may fail if the ppp_generic module was already loaded when the kernel_ppp_mppe package was installed, as the original module is replaced on disk but not in memory. Check this by unloading the module, e.g. using "rmmod ppp_generic" or rebooting. Then repeat the modprobe.

    Note: if you wish to build the kernel from source, see our really complex instructions.

  2. download the ppp rpm (mirror link) and upgrade to it like this:

    # rpm --upgrade ppp-2.4.3-4.rhl9.i386.rpm

  3. download the PPTP client program pptp rpm (mirror link) and install it like this:

    # rpm --install pptp-1.6.0-1.i386.rpm

  4. download the configuration program interpreter php-pcntl rpm (mirror link) and install it like this:

    # rpm --install php-pcntl-4.3.10-1.i386.rpm

  5. download the configuration program GTK+ interface php-gtk-pcntl rpm (mirror link) and install it like this:

    # rpm --install php-gtk-pcntl-1.0.1-2.i386.rpm

  6. download the configuration program pptpconfig rpm (mirror link) and install it like this:

    # rpm --install pptpconfig-20040722-6.noarch.rpm

Configuration

  1. obtain from your PPTP Server administrator:

    • the IP address or host name of the server,
    • the authentication domain name, (e.g. WORKGROUP),
    • the username you are to use,
    • the password you are to use,
    • whether encryption is required.

  2. run pptpconfig-20040722-6.noarch.rpm as root, and a window should appear,

  3. enter the server, domain, username and password into the Server tab,

  4. if you decided in Installation step 1 above that you would need MPPE, and if your administrator says encryption is required, then on the Encryption tab, click on Require Microsoft Point-to-Point Encryption (MPPE),

  5. click on Add, and the tunnel will appear in the list,

  6. click on the tunnel to select it, click on Start, and a window will appear with the tunnel connection log and status,

  7. if the connection fails, you will need to gather more information, so on the Miscellaneous tab, click on Enable connection debugging facilities, click Update, try Start again, then look at the Diagnosis HOWTO for whatever error is displayed.

  8. if the connection succeeded, you can try the Ping test button. If the ping fails, you should try to find out why before proceeding. If the ping works, then the tunnel is active and you may now work on routing.

  9. decide whether all your network traffic should go via the tunnel or not. If so, Stop the tunnel, select it again, then on the Routing tab, click on All to Tunnel, then click Update and try Start again. Now try to access the network behind the server.

  10. on the other hand, if only some of your network traffic should go via the tunnel, you will need to obtain from the server administrator or folk lore a series of network routes to enter. Stop the tunnel, select it again, then click on either Client to LAN or LAN to LAN on the Routing tab, use the Edit Network Routes button to enter the routes one by one, and then try Start again. Now try to access the network behind the server.

    For further help with Routing, read our Routing HOWTO.

Diagnosing Problems

If you have problems with the tunnel and need to ask for help, start pppd with complete logging:

# script pptp.log
Script started, file is pptp.log
# pppd call tunnelname dump debug logfd 2 nodetach
# exit
Script done, file is pptp.log

where tunnelname is the name of the tunnel you created in the configuration program. For more detail, see enabling debug logging.

This will give you a file pptp.log that you can use to search for known solutions in the Diagnosis HOWTO or attach to an e-mail to the mailing list.

Upgrade Note

If you are upgrading from the old PPP-MPPE 2.4.0 package, change /etc/ppp/options.pptp, and any existing tunnels in /etc/ppp/peers, to adopt correct naming for pppd options relating to MPPE support:

PPP-MPPE 2.4.0
unofficial naming
PPP 2.4.2
official naming
mppe-40 require-mppe
(there is a +mppe-40 option, but it is probably not what you want)
mppe-128 require-mppe
mppe-stateless nomppe-stateful
(this is the default anyway, you'd have to use mppe-stateful to turn it off)
require-chapms-v2 refuse-pap refuse-chap refuse-mschap refuse-eap
(a client cannot require a method of authentication of itself, the "require" forms of these options are intended for use by servers, and if used on a client will force authentication of the server by the client)

The option naming used previously on the PPTP Client project was for an unofficial MPPE patch to PPP. Since then, the PPP project has derived their own naming that is consistent with other pppd options. For more information, see Why are the pppd options different?


Comments

If you have comments on this document, please send them to the author at james.cameron at hp.com. But if you need help, use the mailing list so that we can share the load.

ChangeLog

DateChange
2005-02-28
Adopt DKMS style installation, following tests by Martin Diamond and a followup from Matt Domsch.

2003-10-24 Change version to Red Hat 9 to comply with correct version naming.
2003-05-19 Add kernel-mppe package for Red Hat errata kernel 2.4.20-13.9. Remove i586 package, as it did not work.
2003-04-30 Add table of kernel mppe packages.
2003-04-24 Add possibility of unresolved symbols, reported by Paul Moore.
2003-04-20 Add kernel-mppe package for Red Hat errata kernel 2.4.20-9.
2003-04-17 Install ppp before kernel-mppe. Run depmod after kernel-mppe.
2003-04-16 Derived from Red Hat 8.0 HOWTO with testing.