******************************************************************** *** DOCUMENTATIE DE CONFIGURATIE PENTRU CONECTARE VPN-BizarNet *** *** Linux *** *** Made By Marius Lazaroi (lmarius@elcom.ro) *** ******************************************************************** Pentru configurarea VPN pe Linux sunt necesare urmatoarele pachete: ppp-mppe-2.4.0-4.i386.rpm pptp-linux-1.0.3-1.i386.rpm ( pentru RedHat) sau surse pentru alte sisteme. Se instaleaza cele doua pachete cu: rpm -i --force ppp-mppe-2.4.0-4.i386.rpm si rpm -i pptp-linux-1.0.3-1.i386.rpm Dupa instalarea pachetelor se trece la configurarea lor [root@test]# pptp-command 1.) start 2.) stop 3.) setup 4.) quit What task would you like to do?: 3 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 5 Add a NEW PPTP Tunnel. 1.) Other Which configuration would you like to use?: 1 Tunnel Name: [test] - se inlocuieste cu ce nume doriti dvs pentru tunel Server IP: 1.1.1.1 - se inlocuieste cu adresa serverului de VPN What route(s) would you like to add when the tunnel comes up? This is usually a route to your internal network behind the PPTP server. You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file TUNNEL_DEV is replaced by the device of the tunnel interface. DEF_GW is replaced by the existing default gateway. The syntax to use is the same as the route(8) command. Enter a blank line to stop. route: Local Name and Remote Name should match a configured CHAP secret. Local Name is probably your NT domain\username. NOTE: Any backslashes (\) must be doubled (\\). Local Name: username - se inlocuieste cu utilizatorul pe care l-ati primit Remote Name [PPTP]: 1.1.1.1 - se inlocuieste cu adresa serverului de VPN Adding test - 1.1.1.1 - username - test In cazul in care obtineti o eroare de genul Insecure dependency in open while running with -T switch at /usr/sbin/pptp-command line 181, line 8. se editeaza fisierul /usr/sbin/pptp-command si se scoate switch-ul -T din prima linie #!/usr/bin/perl -wT Se reia pe urma configurarea de la inceput: [root@test]# pptp-command 1.) start 2.) stop 3.) setup 4.) quit What task would you like to do?: 3 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 5 Add a NEW PPTP Tunnel. 1.) Other Which configuration would you like to use?: test Argument "test" isn't numeric in numeric eq (==) at /usr/sbin/pptp-command line 350, line 3. Use of uninitialized value in hash element at /usr/sbin/pptp-command line 372, line 3. Use of uninitialized value in hash element at /usr/sbin/pptp-command line 372, line 3. Use of uninitialized value in hash element at /usr/sbin/pptp-command line 373, line 3. Use of uninitialized value in array dereference at /usr/sbin/pptp-command line 373, line 3. Local Name and Remote Name should match a configured CHAP secret. Local Name is probably your NT domain\username. NOTE: Any backslashes (\) must be doubled (\\). Local Name: username Remote Name [PPTP]: [root@xantic ppp]# pptp-command 1.) start 2.) stop 3.) setup 4.) quit What task would you like to do?: 3 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 5 Add a NEW PPTP Tunnel. 1.) Other Which configuration would you like to use?: 1 Tunnel Name: test Server IP: 1.1.1.1 What route(s) would you like to add when the tunnel comes up? This is usually a route to your internal network behind the PPTP server. You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file TUNNEL_DEV is replaced by the device of the tunnel interface. DEF_GW is replaced by the existing default gateway. The syntax to use is the same as the route(8) command. Enter a blank line to stop. route: Local Name and Remote Name should match a configured CHAP secret. Local Name is probably your NT domain\username. NOTE: Any backslashes (\) must be doubled (\\). Local Name: username Remote Name [PPTP]: 1.1.1.1 Adding test - 1.1.1.1 - username - 1.1.1.1 Added tunnel test 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: 8 1.) default 2.) star 3.) uicont 4.) test 5.) new-tunel 6.) cancel Which tunnel do you want to be the default?: 4 1.) List CHAP secrets 2.) Add a New CHAP secret 3.) Delete a CHAP secret 4.) List PPTP Tunnels 5.) Add a NEW PPTP Tunnel 6.) Delete a PPTP Tunnel 7.) Configure resolv.conf 8.) Select a default tunnel 9.) Quit ?: q [root@test/]# Se editeaza fisierul /etc/ppp/options si se pun urmatoarele optiuni: lock debug nodetach require-pap Se editeaza fisierul /etc/ppp/pap-secrets si se lasa doar urmatoare linie in fisier username * secrets * In acest moment configurarea este gata si se poate trece la startarea conexiunii de VPN [root@test/]# pptp-command start default si se realizeaza conexiunea Dupa realizarea conexiunii trebuie modificata tabela de routare pentru a functiona corespunzator toate serviciile pe aceasta conexiune. Toate acestea se pot pune in /etc/ppp/ip-up.local si /etc/ppp/ip-down.local /etc/ppp/ip-up.local #!/bin/bash /sbin/route add -net 1.1.1.0/24 gw localgw - unde 1.1.1.0.24 este clasa din care face parte serverul de vpn si localgw este adresa de gateway local inainte de conectare /sbin/route del default /sbin/route add default gw ppp0addr - ppp0addr adresa care se primeste pe legatura ppp dupa conectare la VPN