******************************************************************** *** Documentation for establishing a LINUX VPN with BizarNet *** *** Linux *** *** Made By Marius Lazaroi (lmarius@elcom.ro) *** ******************************************************************** For VPN configuration on LINUX it is necessary the following packets: ppp-mppe-2.4.0-4.i386.rpm pptp-linux-1.0.3-1.i386.rpm ( for RedHat) or sources for other systems. Install both packets with: rpm -i --force ppp-mppe-2.4.0-4.i386.rpm and rpm -i pptp-linux-1.0.3-1.i386.rpm After installation proceed to configure them [root@test]# pptp-command 1.) start 2.) stop 3.) setup 4.) quit What task would you like to do?: 3 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 5 Add a NEW PPTP Tunnel. 1.) Other Which configuration would you like to use?: 1 Tunnel Name: [test] - replace with the name as you wish for the tunel Server IP: 1.1.1.1 - replace with the IP of the VPN server What route(s) would you like to add when the tunnel comes up? This is usually a route to your internal network behind the PPTP server. You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file TUNNEL_DEV is replaced by the device of the tunnel interface. DEF_GW is replaced by the existing default gateway. The syntax to use is the same as the route(8) command. Enter a blank line to stop. route: Local Name and Remote Name should match a configured CHAP secret. Local Name is probably your NT domain\username. NOTE: Any backslashes (\) must be doubled (\\). Local Name: username - replace with the username you receive from BizarNet Remote Name [PPTP]: 1.1.1.1 - replace with the IP of the VPN server Adding test - 1.1.1.1 - username - test If you receive an error like: Insecure dependency in open while running with -T switch at /usr/sbin/pptp-command line 181, line 8. edit the file /usr/sbin/pptp-command and delete the switch -T from first line #!/usr/bin/perl -wT Restart the configuration from the beginning: [root@test]# pptp-command 1.) start 2.) stop 3.) setup 4.) quit What task would you like to do?: 3 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 5 Add a NEW PPTP Tunnel. 1.) Other Which configuration would you like to use?: test Argument "test" isn't numeric in numeric eq (==) at /usr/sbin/pptp-command line 350, line 3. Use of uninitialized value in hash element at /usr/sbin/pptp-command line 372, line 3. Use of uninitialized value in hash element at /usr/sbin/pptp-command line 372, line 3. Use of uninitialized value in hash element at /usr/sbin/pptp-command line 373, line 3. Use of uninitialized value in array dereference at /usr/sbin/pptp-command line 373, line 3. Local Name and Remote Name should match a configured CHAP secret. Local Name is probably your NT domain\username. NOTE: Any backslashes (\) must be doubled (\\). Local Name: username Remote Name [PPTP]: [root@xantic ppp]# pptp-command 1.) start 2.) stop 3.) setup 4.) quit What task would you like to do?: 3 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 5 Add a NEW PPTP Tunnel. 1.) Other Which configuration would you like to use?: 1 Tunnel Name: test Server IP: 1.1.1.1 What route(s) would you like to add when the tunnel comes up? This is usually a route to your internal network behind the PPTP server. You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file TUNNEL_DEV is replaced by the device of the tunnel interface. DEF_GW is replaced by the existing default gateway. The syntax to use is the same as the route(8) command. Enter a blank line to stop. route: Local Name and Remote Name should match a configured CHAP secret. Local Name is probably your NT domain\username. NOTE: Any backslashes (\) must be doubled (\\). Local Name: username Remote Name [PPTP]: 1.1.1.1 Adding test - 1.1.1.1 - username - 1.1.1.1 Added tunnel test 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 8 1.) default 2.) star 3.) uicont 4.) test 5.) new-tunel 6.) cancel Which tunnel do you want to be the default?: 4 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: q [root@test/]# Edit the file /etc/ppp/options and insert the following options: lock debug nodetach require-pap Edit the file /etc/ppp/pap-secrets and let the folowing line as the ONLY inside the file username * secrets * Now, the configuration it is finished and you can start the VPN link [root@test/]# pptp-command start default and the link are established After the link established it must be modified the routing table for all services working properly all services on this VPN link. All this can be written in /etc/ppp/ip-up.local and /etc/ppp/ip-down.local /etc/ppp/ip-up.local #!/bin/bash /sbin/route add -net 1.1.1.0/24 gw localgw - where 1.1.1.0.24 it is the class where VPN server belong and localgw it is the local gateway address before establish the VPN link /sbin/route del default /sbin/route add default gw ppp0addr - ppp0addr address received on ppp link after VPN establishment