[pptp-server] pptpd questions/info newbie...

Neale Banks neale at lowendale.com.au
Thu Oct 4 17:08:38 CDT 2001 

On Thu, 4 Oct 2001, Dean Roman wrote:

[Long lines wrapped for clarity - Neale.  Dean: please wrap lines]
>    I've been using Linux for many years now, and have been tasked to
> setup a vpn that will have linux on the server side, and win2k
> clients(behind NAT'd firewalls...like cable modem running NAT) on the
> client side.
> 
>    Sounds to me like PPTP is the best solution?  However, I'm a bit
> lost about PPTPD as it seems the docs that I have are outdated as are
> the patches.

Probably the "most convenient" rather than "best" solution.  

> My setup is:
>    DISTRIBUTION:  Debian/GNU Linux(woody/testing)
>    SETUP: Gateway(firewall) running iptables+bridging
>    KERNEL:  2.4.9
>    PPP: 2.4.1
>    PPTPD:  1.0.0

"should be " OK, but many here would probably strongly recommend a more
current pptpd.

> I have some questions that hopefully you all can help me out with:
>  
> Here are my questions:
> =====================
> 1) Will PPTP work with the win2k clients behind NAT'd firewalls (like a cable modem running NAT)?

Qualified yes/sometimes - others can answer this better.  BTW, if you
mean > 1 client behind any given NAT, then expect problems.

> 2) Does the basic package found in woody WITHOUT any patches support
> any kind of encryption mechanism?

AFAIK, no.

> 3) If NO on 2, where can I find good docs/patches on how to add the
> MPPE/chap to kernel 2.4.9 and any other patches I need.
> 4) Do I need to patch the ppp daemon in Debian woody for this to work?

Short answer: I just did this for potato (i.e. current "stable" Debian)
and documented the process at
http://www.planet.net.au/~neale/crypto/alpha/ - in particular see
Debian-HOWTO.txt there.

Other priorities permitting, I may be able to have a go at patching the
ppp from woody soon (unless someone can provide a pointer to where this
has already been done ;-).

> 5) Is the concept the same as that for a regular dialup connection using ppp?

Not sure what you men here - the isues within PPP (e.g. LCP, IPCP, CCP,
CHAP negotiations) will be the same.

> 6) Could somebody explain exactly what needs to be patched in order to
> achieve some type of security(link encryption)?

See above doc + Robert's HOWTO pointed to therefrom.

> 7) If I downgraded to kernel 2.2.19 would this help things out?

IMHO, that "shouldn't" be necessary.

HTH,
Neale.

More information about the pptp-server mailing list