[pptp-server] pptpd, mandrake 8.2, and mppe

Joe Ward jward at cem.msu.edu
Mon Apr 8 12:45:15 CDT 2002


Several people have written to ask me to write up exactly what I did to get
pptpd 1.1.2 to work on mandrake 8.2.  With the help of Richard Laframboise I
was able to get it all working using the following procedures. I don't have
the time to write a howto or anything like that so I just wrote out a list
of what I did to install pptpd on a fresh install of mandrake 8.2. I hope
this helps those who have asked.

-Joe Ward

NOTE: this is a fresh install of mandrake 8.2,  I used more of a server
configuration(apache, mysql, php, iptables, etc.) with the addition of
gnome.

1) Went to http://www.advancevpn.com/en/download_other.html and downloaded
the following:
  ppp 2.4.1 tarball
  mppe patch for ppp2.4.1
  mppe patch for kernel 2.4.16 (yes it works even though mandrake uses
2.4.18 kernel)
  pptpd 1.1.2 tarball

I put everything in the /usr/src/ directory
Untar’d the ppp and pptpd source

2) Used RPM to remove the kernel-source package that was installed.   Then I
downloaded fresh source rpm from mandrake-linux (obviously for the same
kernel, Probably could have been installed from the CD, but I didn’t have
them at the time).  I found it essential to do this step.   Without doing
this the build failed miserably.

3) Copied the .config file from /usr/src/linux  to a safe location as a
backup

4) Issued command (from within the /usr/src/linux/ directory): make mrproper
5) Copied the kernel patch (downloaded earlier) to /usr/src/linux
6) Issued command (again from within /usr/src/linux): patch –p1 <
nameofkernelpatch
     NOTE: received warning about already having a Makefile.  Entered “Y”
and continued.

7) Copied the backup of the .config file (from step 3) back to the
/usr/src/linux directory

8) Issued command: make xconfig.   Made sure everything looked fine and then
saved it.  In my case I didn’t change anything.

9) Recompiled the kernel using the command: make dep clean bzImage modules
modules_install

10) Took a nap ;)

11) No errors reported during compile, Moved the bzImage to /boot,  then
made the appropriate adjustments to /etc/lilo.conf.  and then issued the
command: lilo –v

12) Now went to ppp source directory in /usr/src

13) Copied the ppp patch (downloaded in step 1) to the ppp directory

14) Issued command (from within the ppp-2.4.1 directory): patch –p1 <
nameofppppatch

15) issued command: ./configure

16) Issued command: make

17) Issued command: make install

18) Probably should have removed the ppp rpm package before running the make
install, but I did not do that and did not have any problem with it.

19) Modified the files /etc/pptpd.conf and the config files in /etc/ppp
(options.pptpd, and chap-secrets) contents of my config files given below.

20) Rebooted and tested.   At first had issued with mppe not loading but it
was because of a config file issue.

pptpd.conf: (first line is really important!!!!!!!!!)
option /etc/ppp/options.pptpd
debug
localip 192.168.1.20
remoteip 192.168.1.30-40

options.pptpd: (works with win2k sp2 as a pptp client)
name *
lock
mtu 1490
mru 1490
proxyarp
auth
+chap
#+chapms #This one is optional and my be omitted.
+chapms-v2
ipcp-accept-local
ipcp-accept-remote
lcp-echo-failure 3
lcp-echo-interval 5
nodeflate
nobsdcomp
deflate 0
mppe-128
mppe-40
mppe-stateless

for those who want the rules for iptables to allow pptpd to work on a
masq/iptables box:
I used the rc.firewall-2.4-stronger from:
http://www.ecst.csuchico.edu/~dranch/LINUX/ as a basis of my firewall
then added the following lines for pptpd to work on the inbound. if anyone
sees anythign wrong with the statements let me know asap.  I peiced them
together various site and experimented to get the blasted thing to work.

echo -e "      - PPTPD Server"
#accpet control port traffic
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \
-p tcp -s $UNIVERSE -d $EXTIP --dport 1723 -j ACCEPT
#Allow GRE packets
$IPTABLES -A INPUT -i $EXTIF -m state --state NEW,ESTABLISHED,RELATED \
-p 47 -s $UNIVERSE -d $EXTIP -j ACCEPT
# forward traffic to and from the ppp interface to the private network
$IPTABLES -A FORWARD -i $INTIF -o ppp+ -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i ppp+ -o $INTIF -j ACCEPT
#not sure but these next two may be partially duplicated by the next 2,  not
sure.
$IPTABLES -A INPUT  -i ppp+ \
	-s $INTNET -d $INTNET -j ACCEPT
$IPTABLES -A OUTPUT -o ppp+ \
	-s $INTNET -d $INTNET -j ACCEPT

$IPTABLES -A FORWARD -i ppp+ -o $EXTIF -p 47 \
	-s $INTNET -d $INTNET -j ACCEPT
$IPTABLES -A FORWARD -o ppp+ -i $EXTIF -p 47 \
	-s $INTNET -d $INTNET -j ACCEPT

#Rules to allow surfing without these two lines things stop working.
$IPTABLES -A FORWARD -i ppp+ -o $EXTIF -s $INTNET \
	-j ACCEPT
$IPTABLES -A FORWARD -o ppp+ -i $EXTIF -d $INTNET \
	-j ACCEPT







More information about the pptp-server mailing list