Configure the PPTP + mppc service in Linux

Author: kendiv
Date: 2006.12.16

***********************************
Software Used
***********************************
1. linux-2.6.12.6.tar.bz2
2. linux-2.6.12-mppe-mppc-1.3.patch.gz
3. ppp-2.4.3.tar.gz
4. ppp-2.4.3-mppe-mppc-1.1.patch.gz
5. pptpd-1.3.3.tar.gz

***********************************
1. download the latest kernel source code
***********************************
: Http://www.kernel.org/pub/linux/kernel/

Http://pptpclient.sourceforge.net/
News: MPPE in Linux 2.6.15
Linux Kernel 2.6.15 has been released and provided des the ppp mppe encryption module,
Which implements the Microsoft point-to-point encryption method as a PPP compressor/decompressor.
This is necessary for Linux clients and servers to interoperate
Microsoft Point-to-Point Tunneling Protocol (PPTP) servers
(Either Microsoft PPTP servers or the PopTop project) which use MPPE to encrypt data when creating a VPN.

Now that Linux nodes des the module, the PPTP projects Recommend upgrading to 2.6.15.

-- James Cameron

If Linux 2.6.15 is used, you do not need to install the mppc/MPPE patch.

/* Pptpd */
Http://sourceforge.net/project/showfiles.php? Group_id = 44827 & release_id = 138437

/* Mppc/MPPE */
Http://mppe-mppc.alphacron.de/

***********************************
Ii. Patch mppc/MPPE
***********************************
# Cp linux-2.6.12.6.tar.bz2/usr/src/kernels
# Cd/usr/src/kernels
# Tar xvjf linux-2.6.12.6.tar.bz2
# Patch kernel files
# Cd/usr/src/kernels
# Ln-S/usr/src/kernels/linux-2.6.12.6/linux-2.6.12
# Patch-P0-I linux-2.6.12-mppe-mppc-1.3.patch.gz

/*************************************** *******************/
Patching file linux-2.6.12/Drivers/NET/makefile
Patching file linux-2.6.12/Drivers/NET/ppp_generic.c
Create the file linux-2.6.12/Drivers/NET/ppp_mppe_mppc.c
Patching file linux-2.6.12/include/Linux/ppp-comp.h
/*************************************** *******************/

***********************************
Iii. customized kernel
***********************************
# Cd/usr/src/kernels/linux-2.6.12/
# Make clean
# Make menuconfig
++ ++ =
The ext2 and ext3 file systems are configured as follows: (select all)
File systems --->
<*> Second extended FS Support
Ext2 extended attributes
Ext2 POSIX access control lists
Ext2 Security labels
<*> Ext3 Journalling File System Support
Ext3 extended attributes
Ext3 POSIX access control lists
Ext3 Security labels
Jbb (ext3) debugging support
++ ++ =
Choose device drivers>; Networking Support>;
<>; Ppp bsd-compress Compression
<>; Microsoft PPP compression/encryption (mppc/MPPE)
Find the two items above, press the Space key, and the first <>; will be changed to <m>;, as shown below
<M>; ppp bsd-compress Compression
<M>; Microsoft PPP compression/encryption (mppc/MPPE)
++ ++ =
Load sha1, arc4, and so on in cryptographic options as modules.
++ ++ =

***********************************
4. Compile the kernel and modules
***********************************
# Make-JN (N indicates the process of simultaneous compilation, which can speed up compilation. N is determined by your configuration, and my configuration is 15-25)

Note: This command has completed make bzimage and make modules. The generated bzimage Kernel File is in the arch/i386/boot directory, and the file storage location varies depending on the CPU core.

Note: This step takes 30 minutes or longer depending on the machine configuration.

***********************************
5. Compile and load modules and install new kernels
***********************************
If you have set the loadable modules When configuring the kernel, You need to compile these modules so that you can use the insmod command to load them in the future.
# Make modules_install (install the kernel module to/lib/modules/2. x. x)
# Make install (copy the mkinitrd command and kernel (bzimage) and system. map)

After the installation is complete, check the/boot directory. The file name is different. For GRUB boot, The make install command has automatically modified the boot options for you and the Lilo Command needs to be manually modified, rewrite the Boot Record.

***********************************
Check whether the kernel and PPP support MPPE/MPPE
***********************************
# Strings 'which pppd '| grep-I MPPE | WC -- lines
If the above command output is "0", it means not supported; If the output is "30" or a larger number, it means support.

# Strings 'which pppd '| grep-I mppc | WC -- lines
If the above command output is "0", it means not supported; If the output is "7" or a larger number, it means support.

# Dmesg | grep MPPE
MPPE/mppc encryption/compression module registered

If you have compiled MPPE/mppc as module, add to your/etc/modules. conf following line:

Alibaba ppp-compress-18 ppp_mppe_mppc

Edit the/etc/modules. conf configuration file and add the following content:
Alias char-Major-108 ppp_generic
Alias tty-ldisc-3 ppp_async
Alias tty-ldisc-14 ppp_synctty
Alias ppp-compress-18 ppp_mppe_mppc # I added only this line
Alias ppp-compress-21 bsd_comp
# Alibaba ppp-compress-24 ppp_deflate
# Alibaba ppp-compress-26 ppp_deflate
Alias net-pf-47 ip_gre

The module needs to be loaded every time the system starts. Therefore, we need to write a line in/etc/rc. d/rc. Local:
/Sbin/modprobe ppp_mppe_mppc

***********************************
Install PPP
***********************************
# Rpm-e -- nodeps PPP # uninstall the default ppp-2.4.2
# Tar zxvf ppp-2.4.3.tar.gz
# Patch-P0-I ppp-2.4.3-mppe-mppc-1.1.patch.gz
# Cd ppp-2.4.3
#./Configure
# Make
# Make install

By default, pppd is installed to/usr/local/lib/pppd and/usr/local/sbin/pppd.

The original pppd in the system is installed in the/usr/lib/pppd directory.

You do not need to delete the/usr/lib/pppd directory.

***********************************
Install PPTP
***********************************
# Tar zxvf pptpd-1.3.3.tar.gz
# Cd pptpd-1.3.3
#./Configure
# Make
# Make install

***********************************
Modify configuration file
***********************************
/Etc/pptpd. conf # PopTop configuration file
/Etc/PPP/options.ppt PD # poptopic file (the latest options.ppt PD is very necessary)
/Etc/PPP/chap-secrets # file storage by account and password

****************
/* Pptpd. conf */
****************
#/Etc/pptpd. conf
PPP/usr/local/sbin/pppd # specifiy your pppd
Option/etc/PPP/options.ppt PD
Debug
Logwtmp
Localip 192.168.1.100 # VPN Server IP
Remoteip 192.168.1.5, 192.168.1.6 # clients IP pool

*******************
/* Options.ppt Pd */
*******************
#/Etc/PPP/options.ppt PD
Name Mimi. VPN # VPN Server Name
Lock
MTU 1450
MRU 1450
Proxyarp
Auth
Ipcp-Accept-Local
Ipcp-Accept-remote
LCP-Echo-failure 3
LCP-Echo-interval 5
Deflate 0

# Handshake auth Method
+ Chap
+ Mschap-v2 # MPPE require client use mschap-v2

# Data encryption methods
MPPE required

Logfile/var/log/pptpd. log # path of logfiles

MS-wins 192.168.1.2 # wins IP
MS-DNS 192.168.1.2 # DNS IP

*******************
/* Chap-secrets */
*******************
#/Etc/PPP/chap-secrets

# Client server secret IP addresses
"Kendiv" mimi. VPN "12345 "*

The four items in the second line of code correspond to the four items in the first line. "ABC1" is the VPN user name of the client;
"Server" corresponds to the name of the VPN Server, which must be the same as that specified in the/etc/PPP/options.ppt PD file,
Or set "*" to automatically identify the server. "secret" corresponds to the logon password;
"IP addresses" corresponds to the IP address of the client that can be dialed in. If you do not need to make any special restrictions, you can set it.

***********************************
Configure IP disguised forwarding
***********************************
Only remote computers connected to the VPN can ping each other after IP disguised Forwarding is configured, so as to achieve sharing like a LAN. Run the following command to set the parameters:
# Echo 1>/proc/sys/NET/IPv4/ip_forward
You can put this command in the file/etc/rc. d/rc. Local to automatically run this command at startup.

***********************************
Start pptpd
***********************************
#/Usr/local/sbin/pptpd

***********************************
View loaded modules
***********************************
# Depmod-
# Updatedb
# Locate PPP | grep bi

After installation, I found that/var/log/messages contains the following content:

Dec 16 14:53:26 Mimi kernel: PPP Generic Driver version 2.4.2 # No need to worry about it, as long as you make the path of the real pppd.
Dec 16 14:53:26 Mimi kernel: MPPE/mppc encryption/compression module registered # indicates that MPPE/mppc has been successfully loaded to the kernel

After successfully establishing a connection with the VPN Server,/var/log/messages contains the following content:

Dec 16 15:57:56 Mimi pptpd [5225]: CTRL: starting call (launching pppd, opening GRE)
Dec 16 15:57:56 Mimi pppd [5226]: pppd 2.4.3 started by root, UID 0
Dec 16 15:57:56 Mimi pppd [5226]: Using interface ppp0
Dec 16 15:57:56 Mimi pppd [5226]: CONNECT: ppp0 <-->/dev/pts/1
Dec 16 15:57:59 Mimi pptpd [5225]: CTRL: ignored a set link info packet with real accms!
Dec 16 15:57:59 Mimi pppd [5226]: Warning-secret file/etc/PPP/chap-secrets has world and/or group access
Dec 16 15:57:59 Mimi pppd [5226]: mppc/MPPE 128-bit stateful compression Enabled
Dec 16 15:58:00 Mimi pppd [5226]: Found interface eth0 for proxy ARP
Dec 16 15:58:00 Mimi pppd [5226]: local IP address 192.168.1.100
Dec 16 15:58:00 Mimi pppd [5226]: remote IP address 192.168.1.5
Dec 16 16:01:01 Mimi crond (pam_unix) [5244]: session opened for user root by (uid = 0)