HAMNET PPTP VPN with linux
- Details
- Veröffentlicht: 13. Juni 2017
- Geschrieben von Ralf, DH3WR
- Zugriffe: 134686
This description describes how to setup a Linux running computer for permanent HAMNET VPN connection via PPTP.
1. Install PPTP Client
sudo apt-get install pptp-linux
2. Create config file
sudo nano /etc/ppp/peers/hamnetdb0sda
### HAMNET VPN Server
pty "pptp vpn.afu.rwth-aachen.de --nolaunchpppd --nobuffer --timeout 10"
### FOR SPECIAL FIXED IP accounts use hamnet.afu.rwth-aachen.de instead of vpn.afu.rwth-aachen.de
### PPTP - Loginname
name YOURLOGINNAME
### Restart after loosing the connection
persist
### MTU has to be smaller than 1500, as PPTP is increasing the TCP packet
mtu 1400
# Terminate after n consecutive failed connection attempts.
# A value of 0 means no limit. The default value is 10.
maxfail 0
### Misc.
remotename PPTP
lock
noauth
refuse-eap
nobsdcomp
nodeflate
#end
3. Make or edit the password storage file
sudo nano /etc/ppp/chap-secrets
Add a line like
# Secrets for authentication using CHAP
# client server secret IP addresses
YOURPPTPNAME PPTP THISISYOURPW *
Then make sure only root can read your password:
chmod 600 /etc/ppp/chap-secrets
4. Try the VPN-Tunnel
Start with: sudo pon hamnetdb0sda
You should see a ppp0 device in sudo ifconfig
now.
ping 44.148.186.1
should also work. For SPECIAL FIXED IP account the IP is 44.225.166.1 .
Stop the tunnel with: sudo poff hamnetdb0sda
5. Make scripts to add the route to 44.0.0.0/8 via the VPN tunnel
Add a skript to /etc/ppp/ip-up.d named hamnetdb0sda . It's important you keep this filename, so the pptp programm can identify it to run it with your configuration.
sudo nano /etc/ppp/ip-up.d/hamnetdb0sda
#!/bin/bash
#
# Help - Text:
# ---------------------------------------------------------------
# This script is called with the following arguments:
# Arg Name Example
# $1 Interface name ppp0
# $2 The tty ttyS1
# $3 The link speed 38400
# $4 Local IP number 12.34.56.78
# $5 Peer IP number 12.34.56.99
# $6 Optional ''ipparam'' value foo
# ---------------------------------------------------------------
# don't bother to restart postfix when lo is configured.
if [ "$1" = "lo" ]; then
exit 0
fi
if [ "$1" = "ppp0" ]; then
#if [ "$6" = "hamnetdb0sda" ]; then
echo "'date +%b" "%e" "%H":"%M":"%S' HAMNET VPN: PPTP - ipparam: $6 Interface goeas up ($1). "\
"Now adding routing..." >> /var/log/messages
route add -net 44.0.0.0/8 gw 44.148.186.1 $1
#FOR SPECIAL FIXED IP ACCOUNTS USE route add -net 44.0.0.0/8 gw 44.225.166.1 $1
fi
exit 0
Add a skript to /etc/ppp/ip-down.d named hamnetdb0sda . It's important you keep this filename, so the pptp programm can identify it to run it with your configuration.
sudo nano /etc/ppp/ip-down.d/hamnetdb0sda
#!/bin/bash
#
# Help - Text:
# ---------------------------------------------------------------
# This script is called with the following arguments:
# Arg Name Example
# $1 Interface name ppp0
# $2 The tty ttyS1
# $3 The link speed 38400
# $4 Local IP number 12.34.56.78
# $5 Peer IP number 12.34.56.99
# $6 Optional ''ipparam'' value foo
# ---------------------------------------------------------------
# don't bother to restart postfix when lo is configured.
if [ "$1" = "lo" ]; then
exit 0
fi
if [ "$1" = "ppp0" ]; then
#if [ "$6" = "hamnetdb0sda" ]; then
echo "'date +%b" "%e" "%H":"%M":"%S' HAMNET VPN: PPTP - ipparam: $6 Interface goes down ($1). "\
"Now removing routing..." >> /var/log/messages
route del -net 44.0.0.0/8 gw 44.148.186.1 $1
#FOR SPECIAL FIXED IP ACCOUNTS USE route del -net 44.0.0.0/8 gw 44.225.166.1 $1
fi
exit 0
Make both scruipts executable:
sudo chmod 750 /etc/ppp/ip-up.d/hamnetdb0sda
sudo chmod 750 /etc/ppp/ip-down.d/hamnetdb0sda
6. Try the tunnel with activated routing
Start with: sudo pon hamnetdb0sda
Type sudo route -n
and check that there is a route for 44.0.0.0 with subnet mask 255.0.0.0 to 44.148.186.1 on device ppp0.
#FOR SPECIAL FIXED IP ACCOUNTS the Gateway is 44.225.166.1.
Stop the tunnel with: sudo poff hamnetdb0sda
7. Make the systemd service files to enable easy job controlling and auto-start on boot
sudo nano /etc/systemd/system/hamnetvpn.service
[Unit]
Description=PPTP HAMNET link to DB0SDA
Requires=multi-user.target
After=network-online.target
[Service]
Type=forking
ExecStart=/usr/bin/pon hamnetdb0sda
ExecStop=/usr/bin/poff hamnetdb0sda
ExecReload=/usr/bin/poff -r hamnetdb0sda
[Install]
WantedBy=network-online.target
Reload the systemd environment with sudo systemctl daemon-reload
.
Now you can use
sudo systemctl status hamnetvpn.service to check the status,
sudo systemctl start hamnetvpn.service to start the tunnel,
sudo systemctl stop hamnetvpn.service to stop the tunnel,
sudo systemctl enable hamnetvpn.service to start the tunnel automatically at boot time,
sudo systemctl disable hamnetvpn.service to not start the tunnel automatically at boot time.
8. Reboot and feel happy