|
|
|
|
|
 |
project |
|
 |
|
|
|
|
|
| documentation |
|
|
|
|
|
|
| team |
|
|
|
|
|
|
|
 |
|
 |
| |
PPTP Client
SUSE 10.0 HOWTO
by James Cameron
14th March 2006
Introduction
With the default install, PPTP Client 1.7.0 and PPP 2.4.3 are
included, as packages pptp-1.7.0-2 and ppp-2.4.3-15 respectively. The
kernel on CD (2.6.13) has MPPE support already patched in, as module
ppp_mppe size 15872 bytes.
It is possible to setup a tunnel using the provided SUSE programs, or
you can use our method below. The way to try it as-is is to (a) in
YaST2 select Network Devices then DSL, (b) add a custom
provider with an Authorization User Name that matches your PPTP
server account, (c) add a DSL device with PPP Mode set to
Point to Point Tunneling Protocol and Modem IP set to
your PPTP server IP address, (d) try the connection using
Kinternet, and if it fails with an MPPE required warning
edit the /etc/ppp/peers/pptp file and add
require-mppe.
On the other hand, our method below provides a program that is the
same as the program we provide for other Linux distributions, and
people you will seek help from on our mailing list are familiar with
it.
- if you upgraded SUSE Linux from a previous version, and the old
pptp-php-gtk package is installed, remove it:
| # rpm --erase pptp-php-gtk
|
- download the configuration program interpreter php-pcntl rpm
(mirror link)
and install it like this:
| # rpm --install php-pcntl-4.4.0-1.i386.rpm |
- download the configuration program GTK+ interface php-gtk-pcntl rpm
(mirror link)
and install it like this:
| # rpm --install --nodeps php-gtk-pcntl-1.0.2-1.i386.rpm |
- resolve the dependencies, run YaST2 sw_single, then click
on the Accept button. A list of Automatic Changes
needed will be displayed, listing packages such as db1,
gdk-pixbuf, gnome-libs, libglade, libxml,
and orbit. Click on Continue and supply CDs #1 and #2
as prompted. When asked if you want to install more packages, click
Finish.
- download the configuration program pptpconfig rpm
(mirror link)
and install it like this:
| # rpm --install pptpconfig-20060821-1suse.noarch.rpm |
- if you are using SUSE firewall, you may either turn it off
by typing SuSEfirewall2 off, or reconfigure it as follows:
- open YaST,
- click on System which is on the left hand side,
- open the /etc/sysconfig Editor,
- click +Network then +Firewall then +SuSEfirewall2,
- add "1723" to FW_SERVICES_EXT_TCP,
- add "GRE" to FW_SERVICES_EXT_IP, FW_SERVICES_DMZ_IP,
FW_SERVICES_INT_IP and FW_SERVICES_QUICK_IP (we're not sure if all
four are required, it depends on where the server is in relation to
your client, as far as the network interfaces are concerned),
- click FINISH.
| Note: the screen image above is an example from SUSE 9.2, we have also
selected ssh for FW_SERVICES_EXT_TCP, but ssh is not
required for operation of the tunnel. The example demonstrates how to
add 1723 to an already configured rule.
2005-10-17 | |
- run pptpconfig as
root (e.g. using kdesu), set up IP address of VPN and so forth
(see below for details), enable "all to tunnel" and hit start ...
- SUSE 10.0 ships with a ten minute idle connection timer
which affects PPTP tunnels. This is in their configuration file
/etc/ppp/options, where it says idle 600. You may either
change this file, or add idle 0 to the pppd options
section of pptpconfig.
- a known problem is the warning message "pptpconfig: usepeerdns was
set, but /{var/run,etc}/ppp/resolv.conf was not readable", suggestions
on how to fix this are welcome; please write to the mailing list.
2005-10-17 | |
Configuration
- obtain from your PPTP Server administrator:
- the IP address or host name of the server,
- the authentication domain name, (e.g. WORKGROUP),
- the username you are to use,
- the password you are to use,
- whether encryption is required.
- run pptpconfig.php as root, and a window should appear,
- enter the server, domain, username and password into the Server tab,
- if you decided in Installation step 1 above that you would need
MPPE, and if your administrator says encryption is required, then on
the Encryption tab, click on Require Microsoft
Point-to-Point Encryption (MPPE),
- click on Add, and the tunnel will appear in the list,
- click on the tunnel to select it, click on Start, and a
window will appear with the tunnel connection log and status,
- if the connection fails, you will need to gather more information,
so on the Miscellaneous tab, click on Enable connection
debugging facilities, click Update, try Start again,
then look at the Diagnosis HOWTO for
whatever error is displayed.
- if the connection succeeded, you can try the Ping test
button. If the ping fails, you should try to find out why before
proceeding. If the ping works, then the tunnel is active and you may
now work on routing.
- decide whether all your network traffic should go via the tunnel
or not. If so, Stop the tunnel, select it again, then on the
Routing tab, click on All to Tunnel, then click
Update and try Start again. Now try to access the
network behind the server.
- on the other hand, if only some of your network traffic should go
via the tunnel, you will need to obtain from the server administrator
or folk lore a series of network routes to enter. Stop the
tunnel, select it again, then click on either Client to LAN or
LAN to LAN on the Routing tab, use the Edit Network
Routes button to enter the routes one by one, and then try
Start again. Now try to access the network behind the
server.
For further help with Routing, read our Routing
HOWTO.
If you have comments on this document, please send them to the author
at james.cameron at hp.com. But if you need help, use the mailing list so that we can share the
load.
| Date | Change |
|---|
| 2007-02-06 |
Upgrade pptpconfig version following confirmation from Randy Williams.
|
| 2006-03-14 |
Upgrade pptpconfig version and adopt SUSE-specific package.
|
| 2005-10-17 |
Based on SUSE 9.2 HOWTO, and changed based on tests on newly installed
SUSE 10.0 system in lab.
|
|
