|
|
|
|
|
|
pptp client |
|
![](images/spacer.gif) |
![](images/spacer.gif) |
|
![](images/spacer.gif) |
![](images/spacer.gif) |
![](images/spacer.gif) |
documentation |
![](images/spacer.gif) |
![](images/spacer.gif) |
|
![](images/spacer.gif) |
![](images/spacer.gif) |
![](images/spacer.gif) |
team |
![](images/spacer.gif) |
![](images/spacer.gif) |
|
![](images/spacer.gif) |
![](images/spacer.gif) |
![](images/spacer.gif) |
![](images/spacer.gif) |
| |
PPTP Client
Debian HOWTO
by James Cameron 26th January 2017
These are instructions for installing PPTP Client on Debian GNU/Linux.
Contents:
Installing the Client Program
Install PPTP Client from the Debian Project:
Configuration, with Network Manager
For the KDE desktop, the Plasma Network Management widget supports PPTP, through Debian package plasma-nm.
For the GNOME or MATE desktop, install the Network Manager PPTP plugin for GNOME, through Debian package network-manager-pptp-gnome.
- in the Network widget, choose VPN Connections then Add a VPN connection..., then select Point-to-Point Tunneling Protocol (PPTP) and press Create....
- choose a name for the connection.
- set the Gateway to the IP address or host name of your server.
- set the User name and Password.
- select Save and then start the new connection.
If the connection fails, an explanation will be in /var/log/daemon.log. If "MPPE required but peer negotiation failed" is in the log, you must enable MPPE:
- select Configure VPN, locate the connection, select Edit,
- select Advanced...,
- select Use Point-to-Point encryption (MPPE),
- select Ok, Save, Close, and then start the new connection.
By default all traffic will be through the tunnel.
Configuration, by hand
- obtain from your PPTP Server administrator:
- the IP address or host name of the server ($SERVER),
- the name you wish to use to refer to the tunnel ($TUNNEL),
- the authentication domain name ($DOMAIN),
- the username you are to use ($USERNAME),
- the password you are to use ($PASSWORD),
- whether encryption is required.
In the steps below, substitute these values manually. For example,
where we write $PASSWORD we expect you to replace this with your
password.
- create or edit the /etc/ppp/options.pptp file, which sets
options common to all tunnels:
lock noauth nobsdcomp nodeflate
|
- create or add lines to the /etc/ppp/chap-secrets file,
which holds usernames and passwords:
$DOMAIN\\$USERNAME PPTP $PASSWORD *
|
Note: if you are using a PPTP Server that does not require an
authentication domain name, omit the slashes as well as the domain
name.
Note: if the passwords contain any special characters, quote them.
See man pppd for more details.
- create a /etc/ppp/peers/$TUNNEL file:
pty "pptp $SERVER --nolaunchpppd"
name $DOMAIN\\$USERNAME
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam $TUNNEL
|
Note: if you do not need MPPE support, then remove the
require-mppe-128 option from this file and
/etc/ppp/options.pptp.
- start the tunnel using the pon command:
to further diagnose a failure, add options to the command:
pon $TUNNEL debug dump logfd 2 nodetach
|
Note: we have further information on enabling debug mode, and on diagnosing problems.
- stop the tunnel using the poff command:
- to script the tunnel connection so that something is done as soon
as the tunnel is up, use either ip-up.d scripts or the
updetach keyword.
- see the Routing HOWTO
for examples of ip-up.d scripting that adds routes or
iptables rules.
- using updetach will cause pppd to fork, detach,
and exit with success once the network link is up. This example
connects a provider link, then the tunnel, then runs
fetchmail to get new e-mail:
pon provider updetach && pon $TUNNEL updetach && fetchmail
|
Note: the double ampersand && means that the commands
following it will only be executed if the command to the left of it
was successful. If the tunnel fails to connect, the fetchmail will
not happen.
- to have the tunnel automatically restarted if it fails, add the option
persist to either the command line or the
/etc/ppp/peers/$TUNNEL file.
- to have a tunnel started on system boot,
add to the file /etc/network/interfaces this iface
stanza:
iface tunnel inet ppp
provider $TUNNEL
|
and edit the iface stanza for your default network connection,
usually eth0, to connect the tunnel when possible:
auto eth0
iface eth0 inet dhcp
post-up /sbin/ifup tunnel
pre-down /sbin/ifdown tunnel
|
Note: this eliminates a race between the tunnel startup and the default network connection, which can prevent tunnel connection.
2017-01-26 | ![](images/spacer.gif) |
- to set up routing, read our Routing
HOWTO, or use Network Manager.
If you have comments on this document, please send them to the author
at quozl at laptop.org. But if you need help, use the mailing list so that we can share the
load.
Date | Change |
2017-01-26 |
Explain how to cascade interface stanzas to eliminate a race condition.
|
2017-01-24 |
Remove old Debian Sarge and Woody references, switch to using interfaces.d, and describe use of Network Manager.
|
2016-12-27 |
Reverify against current Debian package 1.8.0-1.
|
2008-05-26 |
Removed deprecated GUI configuration program to close tracker
#1971934. Once Debian takes version 1.7.2 the pptpsetup program will
be available. Debian might also take Network Manager PPTP.
|
2008-03-04 |
Wording of start on boot for Debian Etch (Sarge and later), reported by Robert Echlin.
|
2007-10-22 |
Changes for Debian Etch, thanks to Heinrich Moser.
|
2006-01-04 |
Linux 2.6.15 release updates.
|
2005-12-28 |
Added DKMS or upgrade kernel option for MPPE.
|
2005-12-06 |
Reverified with Debian Sarge using kernel 2.6.8. No effective changes.
|
2005-02-27 |
Fix the tunnel on boot instructions following feedback from the Debian
Developer for the ppp package, Marco d'Itri, who said that
ppp_on_boot is now deprecated.
|
2004-11-23 |
Removed kernelmod, as it no longer works, and no patches have been
received to fix it. Again, we need people to help use the
module-assistant package. Removed the prebuilt kernels, as
they have aged significantly.
|
2004-09-03 |
Review and call for volunteers to integrate MPPE support into
module-assistant package.
|
2004-06-22 |
Name change for configuration program.
|
2004-02-10 |
Updated status of Debian's MPPE support.
|
2004-02-10 |
Added note about the version of PPP being critical, thanks to Matt
Johnston.
|
2004-01-02 |
Spotted typo while showing the page to someone on IRC. I had omitted the word NOT in the phrase "Debian project does NOT provide working MPPE".
|
2003-12-31 |
Major rewrite, adding kernelmod method, and splitting all MPPE support
into three separate pages.
|
|