[pptp-server] Secured Linux host, serving local subnet issue

Paul Hargreaves email at paul-hargreaves.freeserve.co.uk
Wed Dec 8 16:47:14 CST 1999 

I've got a Mandrake 6.1 Linux host, and I want to secure all traffic to it,
regardless of location (either the local subnet or over the internet).

All of this stuff is at my home, so I can fiddle with impunity.

Here's where I've got to:

Linux host: 10.0.0.1/8. dhcpd giving out 10.0.0.2-254/8. Samba listening on
all interfaces.
Win98: Using dynamic IP.

Everything has been working fine, with me adding and removing machines, and
being able to use Samba with impunity.

Installed pptpd. Altered the /etc/ppp/options and enabled basic chaps, I'll
worry about the patches when I get everything working.

Added vpn support to win98. Altered my chaps-secrets, "Dialed in" (over lan,
1 segment) and everything seemed to work.

Realised that although I was getting a tunnel, I wasn't using it because my
98 client can see 10.0.0.1 without vpn, so doesn't use the tunnel.

Changed the linux box to 10.1.0.1/16, altered dhcpd to serve
10.1.0.2-254/16, restarted daemons and used winipcfg to refresh my ip
addresses. Altered my "dial-in" session to point to the new location, then
"dialed in". winipcfg now shows an ip address of 10.1.0.2/16 on my adapter,
and 10.0.0.2/8 on my ppp link. Obviously I don't want 10.0.0.2/8, I want
10.0.0.2/16, so looked at the ppp docs and attempted to add in the netmask
option into the options file, but nothing happened. Tried adding it to
pptpd.conf, same result.

So, next idea. Changed pptpd to serve 192.168.0.1 as localip, and
192.168.1.1-255 as remoteip. Reconnected, and winipcfg shows everything
fine. However, if I try to ping 192.168.0.1 from my win98 box, I get
Destination host unreachable. Pinging it from the linux machine itself
returns correctly, since I guess once the ppp tunnel is created, the server
is given another ip address for a while.

If you've got this far ;) here are my questions:

1. Is there any easy way of getting pptpd to serve out an A class IP address
with the netmask of my choice?
2. What is a sensible set of configuration for my setup? I'm planning on
firewalling my linux machine, and only allowing localnet dhcpd, and remote
vpn through it. Whenever I use my linux machine at home, I'll vpn over to
it; it also means that when I'm remote, my configuration should be
identical, my ISP will set my IP, rather than my dhcp server.

More information about the pptp-server mailing list