PPTP Server for Linux
Debian pptpd HOWTO
2007-11-12
These are instructions for installing a PPTP server on Debian GNU/Linux. We last tested this with Debian Sarge packages pptp_1.2.1-2 and ppp_2.4.2+20040428-5.
Contents:
- installing MPPE support in kernel
- installing the server program
- configuring an IP address range
- adding a list of tunnel users
- testing the tunnel
- patching
- performance notes
Installing MPPE Support
Most people want their tunnels encrypted. Check the version of your kernel; if it is below 2.6.15-rc1 then you do not have MPPE support. To check further, test like this:
| # modprobe ppp-compress-18 && echo success |
If this fails, follow the Debian MPPE HOWTO, then return here.
Install the pptpd package from the Debian Project:
| # apt-get install pptpd |
Edit the file /etc/pptpd.conf for the IP address range, for example:
| localip 192.168.0.1 remoteip 192.168.0.234-238,192.168.0.245 |
Note: see pptpd.conf(5) for more details on the other options.
Note: you will need to restart pptpd to make changes to /etc/pptpd.conf effective:
| # /etc/init.d/pptpd restart |
Configure /etc/ppp/chap-secrets for the accounts, for example:
| # echo "username pptpd password *" >> /etc/ppp/chap-secrets |
Note: this method has all the usernames in one file. There are other ways, including authentication using Radius, or using Samba. Check the mailing list (subscribe, archives).
Note: you do not need to restart pptpd, a change to chap-secrets is effective for the next connection.
Attempt a connection from a client. On successful connection, a new interface should be created (e.g. ppp0), and the remote IP address of the interface should be pingable. If so, the rest of your problems are likely to be routing.
Note: if you need to set up a Debian test client, see the PPTP Client Debian HOWTO. The test client cannot be on the same host, it doesn't work.
To diagnose faults, enable the options debug dump in /etc/ppp/pptpd-options. The change is effective on the next connection. The debug output goes to /var/log/debug, and the dump output and usual output to /var/log/messages.
If you need to adopt a source code change made in CVS after the version you are running, see our Applying patches to Debian pptpd page.
On a Debian system there may be scripts run by pppd when a network interface is brought up. These scripts are in the /etc/ppp/ip-up.d directory.
Some of these scripts may run with incorrect assumptions ... in particular the Debian Sarge exim4 package includes a script /etc/ppp/ip-up.d/exim4 that restarts exim4 or runs the queue. The assumption in this script is that the system has just connected to the internet through the PPP link.
You may wish to customise this script. If your server has a default route via an ethernet interface, then either remove the script or add an exit command near the top.
Comments
If you have comments on this document, please send them to the author at james.cameron at hp.com. But if you need help, use the mailing list (subscribe, archives) so that we can share the load.ChangeLog
| Date | Change |
|---|---|
| 2007-11-12 | Add links to mailing lists. |
| 2006-04-06 | Add warning about /etc/ppp/ip-up.d/exim4. |
| 2005-11-16 | Skip MPPE kernel module if reader is using kernel 2.6.15-rc1 or later. |
| 2005-08-08 | Add patching reference. |
| 2004-12-23 | First draft, tested using Sarge. |