Posts Tagged ‘PPTP’

Finding a static route for a windows VPN connection

Thursday, May 14th, 2009

You may have stumbled upon this from this post.  If not and you are trying to figure this out then you are in luck.  I’m going to go through step by step how to figure out a static route for a windows XP VPN client connection.

Step 1: Make the VPN Connection

Setting up and connecting to a VPN in Windows XP is will documented so I’m not going to repeat it in this article.  When you make the VPN connection you should see a two computer blinking screen icon in the system tray:

VPN Icon in System Tray

VPN Icon in System Tray

Step 2: Look Up Client IP

Double click on the icon from step one.  In the window that pops up click the Details tab.  You need to find the address after Client IP address:

VPN Connection Details

VPN Connection Details

Step 3: Look Up Routing Table

Next open a command prompt.  You can find it under Accessories in the start menu:

Open Command Prompt

Open Command Prompt

In the command box type route print.

route print in Command Prompt

route print in Command Prompt

In the output of route print you should find only 2 lines where the Interface is the address we found in Step 2 and the Metric is 1.  One of those lines starts with 255.255.255.255, this is not the line we want.  We want the line that’s going to start out like the Interface address but end with zeros.  In my screenshot I’ve got the magic line hilighed in green.

A static route would be represented by the Network Destination and the Netmask combination.  You can google for subnet calculator to convert the 255.255.255.0 notation to a number of bits (ie 24 in our example).

Tags: , ,
Posted in Uncategorized | 1 Comment »

Gentoo VPN connection to Windows Server as Network Interface

Thursday, May 14th, 2009

This article will explain how to setup a ppp network interface on Gentoo for a Windows Server Routing and Remote Access VPN connection.

This article assumes that you have open PPTP ports on the windows server, which are setup by default.

/etc/conf.d/net

This first step is to define your ppp interface in /etc/conf.d/net.  This will involve a few lines:

config_ppp0=( "ppp" )
link_ppp0="pty 'pptp vpn.yourdomain.com --nolaunchpppd'"
username_ppp0='DOMAIN\username'
pppd_ppp0=(
"updetach"
"debug"
"remotename your-vpn-profile"
"file /etc/ppp/options.pptp"
)
routes_ppp0=( "192.168.1.0/24" );

The first change, vpn.yourdomain.com, needs to point to either the IP or FQDN of the Windows Server running the VPN you want to connect to.

The second change, DOMAIN\username, is the standard windows login notation for the user that you wish to dial in with.  It’s important to note that in the conf.d/net file, this field does NOT require special characters escaped with a\.  The chap_secrets file WILL require this.

The third change, your-vpn-profile, is a label that must match the chap_secrets file.

The forth change, 192.168.1.0/24, is the static route to the network that is behind the VPN.  If you’re not the network admin for the windows server that you are connecting too this may be a little confusing.  You can check out this post for instructions on how to figure that out.

/etc/ppp/options.pptp

Add the following lines:

require-mppe-128
lcp-echo-interval 15
lcp-echo-failure 3

/etc/ppp/chap-secrets

This is the place where we will define the passwords for our VPN connection.

# Secrets for authentication using CHAP
# client  server  secret      IP addresses
DOMAIN\\username your-vpn-profile Pa\$\$word1 *

DOMAIN\\username will be changed to the same as you defined in /etc/conf.d/net with one important difference, ALL control characters MUST BE ESCAPED with \.  In this example it requires two \’s between the domain and username.

your-vpn-profile must match the label you setup in /etc/conf.d/net.

Pa\$\$word1 is where you define the password for the VPN connection.  Again, ALL control characters MUST BE ESCAPED.  This string sends an actual password of Pa$$word1.

/etc/init.d/net.ppp0

Finally we’ll symlink net.lo to net.ppp0 to give us an init script to work with.

ln -s net.lo net.ppp0

Now if you wanted you can do:

rc-update add net.ppp0 default

To have the connection start on bootup.

Tags: , , , ,
Posted in Uncategorized | 2 Comments »