[pptp-server] pptpd questions/info newbie...
Neale Banks
neale at lowendale.com.au
Thu Oct 4 17:08:38 CDT 2001
On Thu, 4 Oct 2001, Dean Roman wrote:
[Long lines wrapped for clarity - Neale. Dean: please wrap lines]
> I've been using Linux for many years now, and have been tasked to
> setup a vpn that will have linux on the server side, and win2k
> clients(behind NAT'd firewalls...like cable modem running NAT) on the
> client side.
>
> Sounds to me like PPTP is the best solution? However, I'm a bit
> lost about PPTPD as it seems the docs that I have are outdated as are
> the patches.
Probably the "most convenient" rather than "best" solution.
> My setup is:
> DISTRIBUTION: Debian/GNU Linux(woody/testing)
> SETUP: Gateway(firewall) running iptables+bridging
> KERNEL: 2.4.9
> PPP: 2.4.1
> PPTPD: 1.0.0
"should be " OK, but many here would probably strongly recommend a more
current pptpd.
> I have some questions that hopefully you all can help me out with:
>
> Here are my questions:
> =====================
> 1) Will PPTP work with the win2k clients behind NAT'd firewalls (like a cable modem running NAT)?
Qualified yes/sometimes - others can answer this better. BTW, if you
mean > 1 client behind any given NAT, then expect problems.
> 2) Does the basic package found in woody WITHOUT any patches support
> any kind of encryption mechanism?
AFAIK, no.
> 3) If NO on 2, where can I find good docs/patches on how to add the
> MPPE/chap to kernel 2.4.9 and any other patches I need.
> 4) Do I need to patch the ppp daemon in Debian woody for this to work?
Short answer: I just did this for potato (i.e. current "stable" Debian)
and documented the process at
http://www.planet.net.au/~neale/crypto/alpha/ - in particular see
Debian-HOWTO.txt there.
Other priorities permitting, I may be able to have a go at patching the
ppp from woody soon (unless someone can provide a pointer to where this
has already been done ;-).
> 5) Is the concept the same as that for a regular dialup connection using ppp?
Not sure what you men here - the isues within PPP (e.g. LCP, IPCP, CCP,
CHAP negotiations) will be the same.
> 6) Could somebody explain exactly what needs to be patched in order to
> achieve some type of security(link encryption)?
See above doc + Robert's HOWTO pointed to therefrom.
> 7) If I downgraded to kernel 2.2.19 would this help things out?
IMHO, that "shouldn't" be necessary.
HTH,
Neale.
More information about the pptp-server
mailing list