Installing and Running PPTP on Linux

Requirements and restrictions
Updating the RedHat 6.2 distribution
Obtaining the PPTP RPMs and configuration file
Installing the files
Setting up PPTP
Starting PPTP
Stopping PPTP
Issuing PPTP commands from the shell prompt
Getting help and contacting us

Requirements and Restrictions

RPM Requirements and Restrictions

• The RPMs for PPTP support have been tested on RedHat 6.2 with the specified updates, and work as described on that distribution.
• The RPMs may work on other Linux distributions that employ a comparable kernel -- but this has not been tested.
• The RPMs do not currently work with the Linux 2.4 kernel. However, stay tuned because work in this area is progressing.....

Network Connection Information

You should know the following information about the network into which you are connecting before you begin this procedure. You can probably get this information from the group that supports that network if you do not already know it.

• Default search domain
• DNS server IP addresses
• IP address of the PPTP server (which supports stateless mode)
• Routes to hosts beyond the PPTP server

Obtain and Install the Necessary Updates to the RedHat 6.2 Distribution

1. On your machine, cd to some temporary directory (for example, tempdir) that does not contain any RPMs.
2. Go to the following anonymous ftp site:

   [tempdir]# ftp updates.redhat.com

   Use anonymous as your username and your email address as the password.

3. cd to 6.2 and then cd to noarch to download a few updates that are not specific to a particular architecture:

   ftp> cd 6.2
   ftp> cd noarch

   Do a directory operation to verify:

   ftp> ls

   That should display a few RPM files of the correct type.

4. Enable binary mode:

   ftp> binary

5. Obtain all the noarch update RPMs:

   ftp> mget *.rpm

6. Return to the 6.2 directory:

   ftp> cd ..

7. cd to the Alpha or x86 directory, as appropriate:

   ftp> cd alpha (or i386)

   Do a directory operation to verify:

   ftp> ls

   That should display a lot of RPM files of the correct type.

8. Enable binary mode:

   ftp> binary

9. Obtain all the update RPMs:

   ftp> mget *.rpm

10. Once all the RPMs have downloaded, quit ftp and install the RPMs. Use the RPM -Fvh options to install only those updates for which you've installed modules.

    ftp> quit
    .
    .
    [tempdir]# rpm -Fvh *

    If the command displays an error that indicates a dependency problem (that package foo depends on package bar), install package bar first by using 'rpm -Uvh bar.arch.rpm' and then repeat 'rpm -Fvh *'.

11. When the RPMs have been installed, delete them to recover some space:

    [tempdir]# rm -f *.rpm

Obtain the PPTP RPMs and an Optional Site-Specific Configuration File

Although not a requirement, you can obtain an example site-specific drop-in configuration file that can be set up by you or someone in the support group for the network into which you are tunnelling. (This configuration file can then be used by anyone else who wants to tunnel into that network, significantly automating the setup process.)

If using the Netscape browser, hold the shift key down while you click on a file to transfer it rather than display it.

1. Go to this external site to get the two RPMs that are appropriate for either Alpha or x86 (the distinction will be obvious): http://merced.needsabeating.com/pptp.html
2. While at this site, you can also get the example drop-in configuration file, which, when properly completed, works correctly under both Alpha and x86. (You should get this file even if you do not intend to use it because it shows you (or the support group for your network) exactly what information you will otherwise need to supply in the setup procedure.)

Put the RPMs and the drop-in configuration file in some temporary directory (for example, tempdir) on your system.

Install the Files

1. cd to the directory into which you downloaded the RPMs (for example, tempdir).
2. Change to root:

   [tempdir]# su root

3. Install the RPMs. Allow RPM to determine the installation order:

   [tempdir]# rpm -Uvh pp*.alpha.rpm

4. If you complete the drop-in configuration file (renamed to config_file in this procedure), install it by copying it to its directory:

   [tempdir]# cp config_file /etc/pptp.d/

Set Up PPTP with the Command Script

• Set up necessary internal communications files
• Choose tunnels
• Connect to tunnels
• Disconnect from tunnels
• Restore your various communications files (like resolv.conf) to their default state
• Choose a default tunnel
• Issue pptp commands from the shell prompt

1. Run the pptp script:

   [yoursys pptp]# pptp-command

   The script runs and displays the following list. Choose item 3:

   1.) start
   2.) stop
   3.) setup
   4.) quit
   What task would you like to do?: 3
   

2. The setup portion of the script runs and displays the following list. Choose item 2:

   1.) List CHAP secrets
   2.) Add a New CHAP secret
   3.) Delete a CHAP secret
   4.) List PPTP Tunnels
   5.) Add a NEW PPTP Tunnel
   6.) Delete a PPTP Tunnel
   7.) Configure resolv.conf
   8.) Select a default tunnel
   9.) Quit
   ?: 2
   

3. The script displays your choice, together with information about specifying a local name:

   Add a NEW CHAP secret.
   
   NOTE: Any backslashes (\) must be doubled (\\).
   
   Local Name:
   
   This is the 'local' identifier for CHAP authentication.
    
   NOTE: If the server is a Windows NT machine, the local name
             should be your Windows NT username including domain.
             For example:
   
                     domain\\username
    
   Local Name: your_domain\\your_username
   

4. The script prompts you for the remote name; take the default:

   Remote Name:
   
   This is the 'remote' identifier for CHAP authentication.
   In most cases, this can be left as the default. If must be
   set if you have multiple CHAP secrets with the same local name
   and different passwords. Just press ENTER to keep the default.
   
   Remote Name [PPTP]:
   

5. The script prompts you for your password, which is the password you normally use to log into your system at work (the system to which you are tunnelling -- the remote system).

   Password:
   
   This is the password or CHAP secret for the account specified. The
   password will not be echoed.
   
   Password: your_password
   Adding secret your_domain\\your_username PPTP *****
   

6. The script again displays the list for input. Choose 5:

   1.) List CHAP secrets
   2.) Add a New CHAP secret
   3.) Delete a CHAP secret
   4.) List PPTP Tunnels
   5.) Add a NEW PPTP Tunnel
   6.) Delete a PPTP Tunnel
   7.) Configure resolv.conf
   8.) Select a default tunnel
   9.) Quit
   ?: 5
   

7. The script displays your choice and any list of tunnels that were defined in the drop-in configuration file.

   If the drop-in configuration file was not completed and installed, the only tunnel displayed is "Other" and you must choose 1. If the configuration file was previously completed and installed, the script displays the list of tunnels specified in that file. This step assumes no configuration file; otherwise, select the tunnel you want and go to step 8.

   Note that the rest of this step shows example values that are for illustration only. Do not specify these example values; instead use those that are correct for your network connection.

   Add a NEW PPTP Tunnel.
   
   1.) Other
   Which configuration would you like to use?: 1
   Tunnel Name: my_work_tunnel
   Server IP: 192.168.0.1
   What route(s) would you like to add when the tunnel comes up?
   This is usually a route to your internal network behind the PPTP server.
   You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file
   TUNNEL_DEV is replaced by the device of the tunnel interface.
   DEF_GW is replaced by the existing default gateway.
   The syntax to use is the same as the route(8) command.
   Enter a blank line to stop.
   route: add -host 16.47.207.244 gw DEF_GW
   route: add -net 16.0.0.0/8 TUNNEL_DEV
   route: 
   

8. The script displays information about your choice and redisplays the list. From the list, choose 7 to configure resolv.conf:

   Local Name and Remote Name should match a configured CHAP secret.
   Local Name is probably your NT domain\username.
   NOTE: Any backslashes (\) must be doubled (\\).
   
   Local Name: your_domain\\your_username
   Remote Name [PPTP]: 
   Adding my_work_tunnel - 192.168.0.1 - your_domain\\your_username - PPTP
   Added tunnel my_work_tunnel
   1.) List CHAP secrets
   2.) Add a New CHAP secret
   3.) Delete a CHAP secret
   4.) List PPTP Tunnels
   5.) Add a NEW PPTP Tunnel
   6.) Delete a PPTP Tunnel
   7.) Configure resolv.conf
   8.) Select a default tunnel
   9.) Quit
   ?: 7
   

9. The script asks about resolv.conf; take the default.

   If you have used a configuration file, choose the option that is not "Other" (that option is displayed by the configuration file) and go to Step 10.

   If you have not used a configuration file, choose "Other", which prompts for more information (do not use the examples shown here):

   Use a PPTP-specific resolv.conf during tunnel connections? [Y/n]: 
   1.) Other
   Which configuration do you want to use?: 1
   What domain names do you want to search for partially
   specified names?
   Enter all of them on one line, seperated by spaces.
   Domain Names: hlo.foo.bar
   Enter the IP addresses of your nameservers
   Enter a blank IP address to stop.
   Nameserver IP Address: 192.168.0.2
   Nameserver IP Address: 192.168.0.3
   Nameserver IP Address: 
   

10. The script displays information about resolv.conf and redisplays its list. Select a default tunnel by choosing 8 and then choose 9 to quit the procedure:

    Copying /etc/resolv.conf to /etc/resolv.conf.real...
    Creating link from /etc/resolv.conf.real to /etc/resolv.conf
    1.) List CHAP secrets
    2.) Add a New CHAP secret
    3.) Delete a CHAP secret
    4.) List PPTP Tunnels
    5.) Add a NEW PPTP Tunnel
    6.) Delete a PPTP Tunnel
    7.) Configure resolv.conf
    8.) Select a default tunnel
    9.) Quit
    ?: 8
    1.) my_work_tunnel
    2.) cancel
    Which tunnel do you want to be the default?: 1
    1.) List CHAP secrets
    2.) Add a New CHAP secret
    3.) Delete a CHAP secret
    4.) List PPTP Tunnels
    5.) Add a NEW PPTP Tunnel
    6.) Delete a PPTP Tunnel
    7.) Configure resolv.conf
    8.) Select a default tunnel
    9.) Quit
    ?: 9
    

11. You are returned to your system prompt.

Start PPTP with pptp-command

You start PPTP with pptp-command by running the script and choosing 1:

[your_sys pptp]# pptp-command
1.) start
2.) stop
3.) setup
4.) quit
What task would you like to do?: 1
1.) my_work_tunnel
Start a tunnel to which server?: 1
Tunnel my_work_tunnel is active on ppp0.  IP Address: 173.17.217.32
Route:         add -net 16.0.0.0/8 ppp0 added
All routes added.
Installed /etc/resolv.conf.pptp as /etc/resolv.conf

Back to top

Stop PPTP with pptp-command

[your_sys pptp]# pptp-command stop

Back to top

Issuing PPTP Commands from the Shell Prompt

• start
• stop
• setup
• quit

For example, the following command stops PPTP when you are done with the tunnel:

[your_sys pptp]# pptp-command stop

Back to top

Need Help?

Contact Us!

After you get PPTP working, please log into the support site and post what kind of system you are using, and so forth. This information is very valuable to us and others who are using PPTP and everyone appreciates it.

Acknowledgements

     Vasudevan Arasanipalai
     Brian Fisk
     Doug Larrick
     Robert Muth
     Jack Perveiler
     Kenneth Schalk
     Alan Sherlock
     Peter Soderquist
     Scott Venier
     Jeff Wiedemeier

Written by Charlie Greenman

Back to top

---

I know I've mentioned a few trademarks, they're owned by their owners.
This page copyright © 2000-2001 by Scott Venier. Concider it licensed under the GPL.