Debian HOWTO
23rd August 2002
Installing the PPTP Client on Debian is described here as a seven stage process; the kernel patch for MPPE, pppd with MPPE, PPTP command, configuration, activation, monitoring and shutdown.
kernel patch for MPPE
Problem: pppd for PPTP needs MPPE for my tunnel. Your PPTP Server may not need this. It is needed if you are connecting to a Microsoft Windows VPN Server.
Solution: fetch the source and the patch, apply the patch, build a new kernel package, install it.
# apt-get install kernel-package kernel-source-2.2.19 gcc bin86 kernel-patch-mppe
# cd /usr/src && tar xfj kernel-source-2.2.19.tar.bz2
# cd kernel-source-2.2.19 && make-kpkg clean
# cp /boot/config-2.2.19 ./.config
# /usr/src/kernel-patches/all/apply/mppe
# make-kpkg binary
# dpkg -i ../kernel-image-2.2.19_Custom.1.00_i386.deb
The procedure for other kernel version is identical, thanks to Debian's excellent kernel packaging package.
Ensure that the configuration builds PPP support as modules. We've found that static compilation results in pppd being unable to load MPPE. Set CONFIG_PPP=m in .config.
As of August 2002, kernel-patch-mppe is in testing and unstable, not in stable. It was dropped from stable due to installation bugs. Refer to the package page to find it if your system doesn't know about it.
Debian Bug 143616 contains a patch to kernel-patch-mppe that fixes compilation on kernel 2.4.19.
pppd with MPPE
Problem: PPTP needs MPPE for my tunnel. Your PPTP Server may not need this.
Solution: fetch the ppp-mppe source package, build and install it.
# cd /usr/src;wget \
http://prdownloads.sourceforge.net/pptpclient/\
/ppp-mppe-2.4.0-4.tar.gz
# tar xfz ppp-mppe-2.4.0-4.tar.gz
# cd ppp-mppe-2.4.0-4;. unpack.sh
# cd ppp-2.4.0;./configure
# make
# mv /usr/sbin/pppd /usr/sbin/pppd.orig
# cp pppd/pppd /usr/sbin/pppd
PPTP
Problem: need the PPTP command and the IP/GRE encapsulator
Solution: already a Debian package, so just install it.
# apt-get install pptp-linux
configuration
Problem: manual configuration of the PPTP link.
Solution: the Red Hat specific pptp-command script does this, however it is wisely not shipped with the Debian package. Various settings were copied from the pptp-command script defaults to form this working configuration.
cd /etc/ppp
cat << EOF > options.pptp
lock noauth nobsdcomp nodeflate mppe-40
mppe-128 mppe-stateless mtu 1000 mru 1000
EOF
cat << EOF >> chap-secrets
domain\\\\username PPTP password
PPTP domain\\\\username password
EOF
cat << EOF > peers/tunnel
pty "pptp 10.0.0.5 --nolaunchpppd"
name domain\\\\username
remotename PPTP
require-chapms-v2
file /etc/ppp/options.pptp
ipparam tunnel
EOF
Change domain and username to the domain name and username supplied by the administrator of the Microsoft Windows VPN Server. If you are using another PPTP Server, you may need to change domain\\\\username to just username.
activation
# pon tunnel A remarkably useful alternate technique is to use the updetach keyword, which pppd uses to detach once the network link is up. This example connects a provider link, then the tunnel, then runs fetchmail to get new e-mail::
# pon provider updetach && pon tunnel updetach && fetchmail
monitoring
Problem: need to know what is going on.
Solution: various options.
Output of pppd showing call management:
# plog -f Graphical display of bandwidth utilisation between ppp0 and ppp1 (my configuration uses a 56k modem as the primary network link on ppp0):
# apt-get install gkrellm
# gkrellmPacket tracing:
# tcpdump -i ppp0 -n
shutdown
Problem: how to shutdown the pptp link gracefully.
Solution: kill the pppd process using the conventional poff:
# poff tunnel