bit-tech.net

Go Back   bit-tech.net Forums > Technology > Software

Reply
 
Thread Tools
Old 10th Apr 2007, 11:38   #1
RTT
#parp
 
RTT's Avatar
 
Join Date: Mar 2001
Location: London
Posts: 14,025
RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.RTT is the Cheesecake. Relix smiles down upon them.
VPN Server on Ubuntu Tutorial

We use Ubuntu here on our internal development servers (apt-get love ) and this morning I needed to setup a VPN server so that I can access some tools that run here from home. I came across a bunch of hurdles and thought i'd document them here for anyone who needs to do the same.

This will allow MS clients and probably Apple too.

Firstly install pptpd

Code:
sudo apt-get install pptpd
Now edit pptpd's config (/etc/pptpd.conf). At the bottom you'll find settings for localip and remoteip. Here's what mine looks like:

Code:
localip 172.198.1.4
remoteip 172.198.2.50-51
localip is the IP of an adapter in the server (yours might be 192.168.0.10 for example)
remoteip: the IPs that clients are allowed to use (i allowed mine to use 172.198.2.50 through 172.198.2.51)

Now we'll set up some users, so edit the chap-config config file(/etc/ppp/chap-secrets). I want to allow two users, so my chap-secrets file looks like this:

Code:
# client        server  secret                  IP addresses
rich             pptpd   apassword                80.40.0.0/13
geoff             pptpd   apassword                212.219.0.0/14
... which allows users rich and geoff, with the passwords 'apassword' to be accepted from those IP subnets. * can be used to allow all IPs. see pppd/chap-secrets man page for more info

You may be good to go at this point. Restart pptpd (sudo /etc/init.d/pptpd restart) and attempt to connect. If it doesn't work, check /var/log/messages for a notice that looks a bit like this:

Code:
Apr 10 09:49:42 beryllium pppd[9619]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4
If you see that, then we need to change pptpd-logwtmp's version number.

This info kindly lifted from CyberAngel at the Ubuntuforums.

We now need a few more things:

Code:
sudo apt-get install libwrap0-dev debhelper
sudo apt-get source pptpd
cd pptpd-1.3.0/plugins
sudo vim patchlevel.h
Change:
Code:
#define VERSION         "2.4.3"
To:
Code:
#define VERSION         "2.4.4"
Save the file and now do:

Code:
cd ../..
sudo apt-get -b source pptpd
sudo dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
sudo dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb
Done! Now restart pptpd:

Code:
sudo /etc/init.d/pptpd restart
And you should be good to go!

All you need to do now is add a VPN network connection and connect with the username/password that you set up. Don't forget to hit the IPv4 TCP/IP settings on your client machines for the VPN connection and to untick "Use default gateway on remote network" if you need to (you probably will).

You will also need to change some security settings (image):

VPN Connection > Properties > [Security Tab] -> Advanced

Allow these protocols: (tick) Microsoft CHAP Version2
__________________
This post is non-negotiable. All terms and conditions apply.
Free UK Motorcycle classifieds - Buy a Motorbike
RTT is offline   Reply With Quote
Old 30th Jan 2008, 16:37   #2
Millusdk
Multimodder
 
Join Date: Jan 2008
Location: Denmark
Posts: 140
Millusdk has yet to learn the way of the Dremel
Hi RTT.
I like your guide on how to make a PPTP network. I followed your guide, and had no problems in setting up everything, however when i connect to my VPN server i get limited connection, and i am not able to access the website on my server if i call its remote address. Could you please help me? I am using Windows Vista by the way.
Millusdk is offline   Reply With Quote
Old 3rd May 2008, 15:52   #3
SpaceAge
What's a Dremel?
 
Join Date: May 2008
Posts: 1
SpaceAge has yet to learn the way of the Dremel
Hangs at Starting PPTP Daemon:

I've been trying to follow this, but am getting close towards the beginning...

When trying to install the pptpd package, it just sits at "Starting PPTP Daemon: ", and doesn't go beyond that unless I interupt it. Any idea why it's stopping here?

Thanks
SpaceAge is offline   Reply With Quote
Old 27th Jul 2008, 12:41   #4
msilfver
What's a Dremel?
 
Join Date: Jul 2008
Posts: 1
msilfver has yet to learn the way of the Dremel
Hangs at Starting PPTP Daemon:

Make sure the config files has a line feed at the end.
If that doesn't work, try the debug option in pptpd.conf.

Last edited by msilfver; 27th Jul 2008 at 12:53.
msilfver is offline   Reply With Quote
Old 30th Dec 2008, 18:24   #5
HVJoel
What's a Dremel?
 
Join Date: Dec 2008
Posts: 1
HVJoel has yet to learn the way of the Dremel
Port

Hi,

I've completed the tutorial. I remain with one problem though: the default pptpd port 1723 is already in use. Is there a way to change this port?

Thx in advance
HVJoel is offline   Reply With Quote
Old 30th Dec 2008, 18:44   #6
knuck
Hate your face
 
knuck's Avatar
 
Join Date: Jan 2002
Location: Montreal, Canada
Posts: 7,655
knuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on youknuck - may the hammer of Bindi be bestowed on you
four first posts in a row ! Damn , your howTo gets you love RTT !
__________________
| Intel i7 4770K | 12GB DDR3 2000 | Asus Maximus VI Hero | 2xGTX 570 | Samsung 840 Pro 256GB | 10.5TB total | Seasonic X-1250 | Auzentech Bravura X-Fi | Fractal Design Define R3 XL | Corsair H50 | BenQ XL2420T 120Hz |
knuck is offline   Reply With Quote
Old 1st Dec 2009, 02:08   #7
GahocIT
What's a Dremel?
 
Join Date: Dec 2009
Posts: 1
GahocIT has yet to learn the way of the Dremel
Thank for TUT
And now I have a question
Save the file and now do:

Code:

Quote:
cd ../..
sudo apt-get -b source pptpd
sudo dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
sudo dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb
it is error

Could you tell me why error in line ?
Build command 'cd pptpd-1.3.4 && dpkg-buildpackage -b -uc' failed.
E: Child process failed

Last edited by GahocIT; 1st Dec 2009 at 05:01.
GahocIT is offline   Reply With Quote
Old 10th Jun 2010, 08:39   #8
songzila
Minimodder
 
Join Date: Jun 2010
Posts: 38
songzila has yet to learn the way of the Dremel
thanks alot RTT for the great tutorial. peace
songzila is offline   Reply With Quote
Old 28th May 2011, 17:17   #9
robertcohang
What's a Dremel?
 
Join Date: May 2011
Location: USA
Posts: 1
robertcohang has yet to learn the way of the Dremel
Followed your guide and everything worked perfectly
robertcohang is offline   Reply With Quote
Old 14th Jun 2011, 17:08   #10
markbolden
What's a Dremel?
 
Join Date: Jun 2011
Location: Lakewood Ranch, FL
Posts: 1
markbolden has yet to learn the way of the Dremel
Hi RTT! Cool.. You're the first person that has posted a simple and direct How-To! Its funny because we IT folks tend to follow the most complex path and your How-To reminded me of how to get something up and running quickly (in under a minute) for a client of mine without resorting to a full on solution that requires special client software. Great Stuff!!
markbolden is offline   Reply With Quote
Old 1st Aug 2011, 13:09   #11
saeed144
What's a Dremel?
 
Join Date: Aug 2011
Posts: 3
saeed144 has yet to learn the way of the Dremel
I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?
saeed144 is offline   Reply With Quote
Old 3rd Aug 2011, 02:22   #12
saeed144
What's a Dremel?
 
Join Date: Aug 2011
Posts: 3
saeed144 has yet to learn the way of the Dremel
I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?
saeed144 is offline   Reply With Quote
Old 1st Sep 2011, 11:08   #13
philtec
What's a Dremel?
 
Join Date: Sep 2011
Location: Essex UK
Posts: 1
philtec has yet to learn the way of the Dremel
Quote:
Originally Posted by saeed144 View Post
I have set up PPTP VPN server on ubuntu.
But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
i need to limit that to one user at the time.
anybody knows how it can be done?
I too would be interested in how to limit one account to one connection and if at all possible add a expire date to that account? Maybe some sh code would work as the user accounts are only in a txt file.... if you know how to resolve the above can you paste the result to phil.meakins@yahoo.co.uk so i can pick it up asap. many thanks.
philtec is offline   Reply With Quote
Old 14th Sep 2011, 20:31   #14
foodie202
What's a Dremel?
 
Join Date: Sep 2011
Posts: 1
foodie202 has yet to learn the way of the Dremel
Quote:
Originally Posted by RTT View Post
We use Ubuntu here on our internal development servers (apt-get love ) and this morning I needed to setup a VPN server so that I can access some tools that run here from home. I came across a bunch of hurdles and thought i'd document them here for anyone who needs to do the same.

This will allow MS clients and probably Apple too.

Firstly install pptpd

Code:
sudo apt-get install pptpd
Now edit pptpd's config (/etc/pptpd.conf). At the bottom you'll find settings for localip and remoteip. Here's what mine looks like:

Code:
localip 172.198.1.4
remoteip 172.198.2.50-51
localip is the IP of an adapter in the server (yours might be 192.168.0.10 for example)
remoteip: the IPs that clients are allowed to use (i allowed mine to use 172.198.2.50 through 172.198.2.51)

Now we'll set up some users, so edit the chap-config config file(/etc/ppp/chap-secrets). I want to allow two users, so my chap-secrets file looks like this:

Code:
# client        server  secret                  IP addresses
rich             pptpd   apassword                80.40.0.0/13
geoff             pptpd   apassword                212.219.0.0/14
... which allows users rich and geoff, with the passwords 'apassword' to be accepted from those IP subnets. * can be used to allow all IPs. see pppd/chap-secrets man page for more info

You may be good to go at this point. Restart pptpd (sudo /etc/init.d/pptpd restart) and attempt to connect. If it doesn't work, check /var/log/messages for a notice that looks a bit like this:

Code:
Apr 10 09:49:42 beryllium pppd[9619]: Plugin /usr/lib/pptpd/pptpd-logwtmp.so is for pppd version 2.4.3, this is 2.4.4
If you see that, then we need to change pptpd-logwtmp's version number.

This info kindly lifted from CyberAngel at the Ubuntuforums.

We now need a few more things:

Code:
sudo apt-get install libwrap0-dev debhelper
sudo apt-get source pptpd
cd pptpd-1.3.0/plugins
sudo vim patchlevel.h
Change:
Code:
#define VERSION         "2.4.3"
To:
Code:
#define VERSION         "2.4.4"
Save the file and now do:

Code:
cd ../..
sudo apt-get -b source pptpd
sudo dpkg -i pptpd_1.3.0-1ubuntu1_i386.deb
sudo dpkg -i bcrelay_1.3.0-1ubuntu1_i386.deb
Done! Now restart pptpd:

Code:
sudo /etc/init.d/pptpd restart
And you should be good to go!

All you need to do now is add a VPN network connection and connect with the username/password that you set up. Don't forget to hit the IPv4 TCP/IP settings on your client machines for the VPN connection and to untick "Use default gateway on remote network" if you need to (you probably will).

You will also need to change some security settings (image):

VPN Connection > Properties > [Security Tab] -> Advanced

Allow these protocols: (tick) Microsoft CHAP Version2
It all sounded so simple, maybe I'm missing something? It looks like it's all up and running on the VPN server's side. Is there any setup I need to enable the outside world to connect? I forwarded port 1723 on my router to the server host's IP address (both TCP and UDP), but clients can't connect.
foodie202 is offline   Reply With Quote
Old 4th Dec 2011, 18:33   #15
saeed144
What's a Dremel?
 
Join Date: Aug 2011
Posts: 3
saeed144 has yet to learn the way of the Dremel
Quote:
Originally Posted by philtec View Post
I too would be interested in how to limit one account to one connection and if at all possible add a expire date to that account? Maybe some sh code would work as the user accounts are only in a txt file.... if you know how to resolve the above can you paste the result to phil.meakins@yahoo.co.uk so i can pick it up asap. many thanks.
hey..i am still looking for an answer.. have you found a way to do that?
If you do please let me know. my email: sa_toussi@yahoo.com
thanks..
saeed144 is offline   Reply With Quote
Old 2nd Jan 2012, 12:27   #16
swanside
What's a Dremel?
 
Join Date: Jan 2012
Posts: 1
swanside has yet to learn the way of the Dremel
Hi,
Thanks for the info on how to set this up.
I did it and it worked great on my iPad while in the house.
I put the default port of 1723 in my router and sent it to my ubuntu server at 192.168.0.99
When I try to login using my dyndns account, it will not allow it. It shows VPN Connecting... and after about 30 seconds I get
Quote:
VPN Connection. A connection could not be established to the PPP server. Try reconnection. If the problem continues, verify your settings and contact your Administrator
In my /etc/pptpd.conf I have the following
# (Recommended)
Quote:
localip 192.168.0.99
remoteip 192.168.0.234-238,192.168.0.245
# or
#localip 192.168.0.234-238,192.168.0.245
#remoteip 192.168.1.234-238,192.168.1.245
where the localip of 192.168.0.99 is the ip of my server.

Any ideas please on what to try next?
Cheers
Paul.
swanside is offline   Reply With Quote
Old 21st Feb 2012, 13:57   #17
wammz
What's a Dremel?
 
Join Date: Feb 2012
Posts: 2
wammz has yet to learn the way of the Dremel
Hi,
Thanks for the how-to.however,there are a few concept that i do not understand.While i am not new to linux,i am new to vpn and here is my scenario:

I want to setup the pptp server on a ubuntu box,behind a pix firewall that has a public ip tht NATs to the ubuntu box.what i do not understand is whci i do i use,the public one or the private one in the conf file on the localip,also the users that i create in tht file,are they system users or anything in the file will login?my current server has a lan ip of 192.168.1.2,shd i use this on the localip?
also,i use the default vpn client that comes with ubuntu 11.10 and it requires that i put a gateway when setting up a new vpn connection.what shd be put on the gateway?

Thanks in advance.
wammz is offline   Reply With Quote
Old 21st Feb 2012, 14:02   #18
wammz
What's a Dremel?
 
Join Date: Feb 2012
Posts: 2
wammz has yet to learn the way of the Dremel
Quote:
Originally Posted by foodie202 View Post
It all sounded so simple, maybe I'm missing something? It looks like it's all up and running on the VPN server's side. Is there any setup I need to enable the outside world to connect? I forwarded port 1723 on my router to the server host's IP address (both TCP and UDP), but clients can't connect.
If i have a public ip on the pix firewall that NATs to the local 192.168.1.2 that has a ubuntu OS,what ip shd i use,the public one or the private one?also these users that we create,are they system users or u can create them straight from that file?

also,on my ubuntu 11.10 default vpn client,it asks for a gateway on setting up a connection,which ip shd i use for the gateway?

thanks in advance
wammz is offline   Reply With Quote
Old 2nd Oct 2012, 19:04   #19
crimsont
What's a Dremel?
 
Join Date: Oct 2012
Posts: 4
crimsont has yet to learn the way of the Dremel
Routers

I have read soewhere that some older routers do not support the VPN connection protocols. How relevant is that to the set up? Comments?
crimsont is offline   Reply With Quote
Reply

Tags
linux

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 06:45.
Powered by: vBulletin Version 3
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.