Linux VPN Server/Client Setup - Apollo III Communications (FAQ)

How to setup VPN on a Linux Machine?
An Apollo III Communicatons' FAQ - Updated Jan. 29, 2011

After having spent a lot of time researching and testing, and getting setups that works on one machine and doesn't work on the next, I decided to go the command line method which rarely fails on other tasks. I'm adding the steps to my collection so that I can easily review it when I setup a new machine, and of course to share the steps of this reoccuring question with the community.

This is configured and tested on a Ubuntu (Version 11.04/11.10) distro and should work on any distro.

Server Setup (Compatible with Windows Clients):

Install and update the VPN server and client packages:

$ sudo apt-get install pptpd ppp pptp-linux

Four files has to be configured for the server:

/etc/pptpd.conf
/etc/ppp/pptpd-options
/etc/ppp/options
/etc/chat-secrets)

/etc/pptpd.conf:

option /etc/ppp/pptpd-options
logwtmp
localip 192.168.23.20
remoteip 192.168.23.30-39

/etc/ppp/pptpd-options:

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
noipx ## you don’t need IPX
mtu 1490 ## may help your linux client from disconnecting
mru 1490 ## may help your linux client from disconnecting

/etc/ppp/options:

lock

/etc/ppp/chap-secrets:

# Secrets for authentication using CHAP
# client server secret IP addresses

[username] pptpd [userpass] *

(The [username] and [userpass] are entries without the brackets.)

Now restart the server with:

$ sudo service pptpd restart

VPN Client Setup:

Fourconfiguration files are involved:

/etc/ppp/peers/myvpn
/etc/ppp/options.pptp
/etc/ppp/chap-secrets
/etc/ppp/ip-up.local

/etc/ppp/peers/myvpn:

# replace the bracket paramters with the host name of the VPN server and VPN user
remotename myvpn
linkname myvpn
ipparam myvpn
pty "pptp [vpn server] --nolaunchpppd "
name [username]
usepeerdns
require-mppe
refuse-eap
noauth

# adopt defaults from the pptp-linux package
file /etc/ppp/options.pptp

/etc/ppp/options.pptp:

lock
noauth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate

/etc/ppp/chap-secrets:

# Secrets for authentication using CHAP
# client server secret IP addresses
username myvpn password *

/etc/ppp/ip-up.local:

#!/bin/sh
network=`echo $IPREMOTE | awk -F\. '{print $1"."$2"."$3".0/24"}'`
route add -net $network $IFNAME

Start the VPN client with:

$ sudo pon myvpn

End VPN connection with:

$ sudo poff myvpn

You can download a script to automatically set this up at: vpnsetup.tar.bz2

Currently (and intentionally) the application will take only three options from the client. This is to make setup as easy and seamless as possible. I'm working on a way to add and advance option to input other perferred details.

The bare minimum options are vpn server, username, and password. That's all that is needed to be supplied to the script and it should work without problems. I'll later give an advance option for things such as peer (unique friendly name) name. I'm researching a way to add the advance option without making it appear to add a component of complexity into the procedure.

You can enter your questions or comments at:
LinuxQuestions.org or Apollo III Communicatons

-- L. James L. D. James ljames@apollo3.com www.apollo3.com/~ljames