pptp client
 overview
 license
 getting started
 features
 try it
 download
 links
 documentation 
 index
 debian
 fedora core 1
 fedora core 2
 fedora core 3
 fedora core 4
 fedora core 5
 fedora core 6
 gentoo
 knoppix
 mandrake 9.0
 mandrake 10.0
 mandrake 10.1
 netbsd
 red hat 9
 red hat 8.0
 red hat 7.3
 suse 10.0
 suse 9.2
 suse 9.1
 suse 8.2
 ubuntu
 diagnosis
 support faq
 diagrams
 routing
 security
team
 developers
 cvs
 contact us
 

PPTP Client


SUSE 9.2 HOWTO

by Ross Beveridge, James Cameron & Andrew Davis
30th March 2005

Introduction

With the default install, PPTP Client 1.5.0 and PPP 2.4.2 are included, as packages pptp-1.5.0-2 and ppp-2.4.2-49 respectively. The kernel has MPPE support already.

  1. remove the old pptp-php-gtk package if it was installed previously:

    # rpm --erase pptp-php-gtk

  2. download the configuration program interpreter php-pcntl rpm (mirror link) and install it like this:

    # rpm --install php-pcntl-4.3.9-2.i386.rpm

  3. download the configuration program GTK+ interface php-gtk-pcntl rpm (mirror link) and install it like this:

    # rpm --install --nodeps php-gtk-pcntl-1.0.1-2.i386.rpm

    Note: after installing this package, resolve the dependencies; run YaST2, click (twice) on "ignore and risk system inconsistency" for the usermode package dependency, click on the Accept button and a list of the Automatic Changes will be shown. Install these extra packages required by php-gtk-pcntl.

  4. download the configuration program pptpconfig rpm (mirror link) and install it like this:

    # rpm --install --nodeps pptpconfig-20040722-4.noarch.rpm

    Failed Dependencies or Unresolved Requirements?
    We know [1] [2]. It is intentional. We're letting you use generic RPMs that are not SUSE specific. That's why we say above to install the RPMs using the --nodeps option. Please log a bug with SUSE to get them to package the most recent versions, or if you are a packager yourself, please join the mailing list and contribute your packages to the project. You might also like to check Paul Howarth's PPTP Packages in case this has already been solved.

  5. if you are using SuSE firewall, you may either turn it off by typing SuSEfirewall2 off, or reconfigure it as follows:

    1. open YaST,
    2. click on System which is on the left hand side,
    3. open the /etc/sysconfig Editor,
    4. click +Network then +Firewall then +SuSEfirewall2,
    5. add "1723" to FW_SERVICES_EXT_TCP,
    6. add "GRE" to FW_SERVICES_EXT_IP, FW_SERVICES_DMZ_IP, FW_SERVICES_INT_IP and FW_SERVICES_QUICK_IP (we're not sure if all four are required, it depends on where the server is in relation to your client, as far as the network interfaces are concerned),
    7. click FINISH.

    Note: the screen image above is an example, we have also selected ssh for FW_SERVICES_EXT_TCP, but ssh is not required for operation of the tunnel. The example demonstrates how to add 1723 to an already configured rule.

    2005-03-30

  6. run pptpconfig as root (e.g. using kdesu), set up IP address of VPN and so forth (see below for details), enable "all to tunnel" and hit start ...

2005-03-30

  1. SuSE 9.2 ships with a ten minute idle connection timer which affects PPTP tunnels. This is in their configuration file /etc/ppp/options, where it says idle 600. You may either change this file, or add idle 0 to the pppd options section of pptpconfig.

2005-02-25

Configuration

  1. obtain from your PPTP Server administrator:

    • the IP address or host name of the server,
    • the authentication domain name, (e.g. WORKGROUP),
    • the username you are to use,
    • the password you are to use,
    • whether encryption is required.

  2. run pptpconfig.php as root, and a window should appear,

  3. enter the server, domain, username and password into the Server tab,

  4. if you decided in Installation step 1 above that you would need MPPE, and if your administrator says encryption is required, then on the Encryption tab, click on Require Microsoft Point-to-Point Encryption (MPPE),

  5. click on Add, and the tunnel will appear in the list,

  6. click on the tunnel to select it, click on Start, and a window will appear with the tunnel connection log and status,

  7. if the connection fails, you will need to gather more information, so on the Miscellaneous tab, click on Enable connection debugging facilities, click Update, try Start again, then look at the Diagnosis HOWTO for whatever error is displayed.

  8. if the connection succeeded, you can try the Ping test button. If the ping fails, you should try to find out why before proceeding. If the ping works, then the tunnel is active and you may now work on routing.

  9. decide whether all your network traffic should go via the tunnel or not. If so, Stop the tunnel, select it again, then on the Routing tab, click on All to Tunnel, then click Update and try Start again. Now try to access the network behind the server.

  10. on the other hand, if only some of your network traffic should go via the tunnel, you will need to obtain from the server administrator or folk lore a series of network routes to enter. Stop the tunnel, select it again, then click on either Client to LAN or LAN to LAN on the Routing tab, use the Edit Network Routes button to enter the routes one by one, and then try Start again. Now try to access the network behind the server.

    For further help with Routing, read our Routing HOWTO.


Comments

If you have comments on this document, please send them to the author at quozl at laptop.org. But if you need help, use the mailing list so that we can share the load.

ChangeLog

DateChange
2005-03-30 Added note about ssh thanks to tibi.
2005-02-25 Added comment from Clinton Gormley regarding the idle 600 option set by SuSE.
2005-02-01 Add procedure for opening firewall to allow tunnel, thanks to Brock Steiner on the mailing list. Added comment that installed kernel already has MPPE support.
2005-01-12 Rework following feedback from Ross Kendall. Removed pptp-php-gtk, removed --nodeps for php-* packages, linked to hint to run as root.
2004-12-09 Fix heading. Thanks to Brock Steiner.
2004-11-16 First draft.