I wrote this for my engineers at work, thought you folks might find it useful.
#--------------------------------------------------------
# Sean N. Gray, LCA [EMAIL PROTECTED] ее
# Unix Technologies Manager GNU/Linux Certified ||
# DLP Technologies, Inc. www.dlptech.com / \
# 4750 Wesley Avenue Suite Q tel 513-232-7791 // \\
# Cincinnati, OH 45212 fax 513-232-7801 /( )\
#-------------------------------------------------------- ^`~~'^
We want to connect a remote network to a Mitel box using PPTP and be able to
route back and forth, aka multipoint PPTP. This works quite well on any other
PPTP Linux boxen as well, but I am documenting the Mitel because of the
complex templateting scheme. So far this works for sure on a 5.5 box but may
need tweaking for other versions.
Do this on the Mitel box acting ass the PPTP server...
# mkdir -p /etc/e-smith/templates-custom/etc/ppp/chap-secrets
# vi /etc/e-smith/templates-custom/etc/ppp/chap-secrets/70SEANGRAYtunnel
Here is what to put into the file, your mileage may vary, so edit it dummy.
------------------------------------begin--------------------------------------
# These entries define static pptp tunnel entries. Be sure to add the remote
# network information in the server manger. Use the assigned IP below as the
# router IP in the server manager. - Sean Gray
#
# user * password IP
tunnel0 * thisISApassword 192.168.168.9
tunnel1 * thisISApassworD 192.168.169.9
-------------------------------------end---------------------------------------
# /sbin/e-smith/expand-template /etc/ppp/chap-secrets
# mkdir /etc/e-smith/templates-custom/etc/ppp/ip-up.local
# vi /etc/e-smith/templates-custom/etc/ppp/ip-up.local/z99SEANGRAYroutes
Here is what to put into the file, your mileage may vary, so edit it dummy.
------------------------------------begin--------------------------------------
#!/bin/bash
# Add custom routing here. Use variable or else you'll f#$k up the routing table
# if more than one connection comes in.
# When the ppp link comes up, this script is called with the following
# parameters
# $1 the interface name used by pppd (e.g. ppp3)
# $2 the tty device name
# $3 the tty device speed
# $4 the local IP address for the interface
# $5 the remote IP address
# $6 the parameter specified by the 'ipparam' option to pppd
#
# Have fun playing with your PPTP. - Sean Gray
#
/bin/date >> /var/log/pptp_tunnel
echo "We were called with the following parameters: $1 $2 $3 $4 $5 $6" >>
/var/log/pptp_tunnel
# This "if" statement is what to duplicate for each tunnel.
# assigned IP
if [ $5 = "192.168.168.9" ] ; then
echo "Flushing stale routes if they exist" >> /var/log/pptp_tunnel
# client net
/sbin/route del -net 192.168.0.0 netmask 255.255.255.0 >>
/var/log/pptp_tunnel 2>&1
echo "Attempting to insert route for client network" >> /var/log/pptp_tunnel
# client net assigned IP
/sbin/route add -net 192.168.0.0 netmask 255.255.255.0 gw 192.168.168.9
dev $1 >> /var/log/pptp_tunnel 2>&1
# Just a quick test to see if the route was added.
if [ $? -eq 0 ] ; then
echo "Cool, we got a route" >> /var/log/pptp_tunnel
else
echo "Oops, something went terribly wrong. Dial 911" >>
/var/log/pptp_tunnel
exit
fi
else
echo "$5 called up so no routing to be done" >> /var/log/pptp_tunnel
exit
fi
-------------------------------------end---------------------------------------
# /sbin/e-smith/expand-template /etc/ppp/ip-up.local
PPTP Client Configuration Guidlines
This will vary depending on the device used as the client-side router but here
are a couple pointers.
Add the servers network into the routing tables, this is not totally necessary
and things will seem to work without it because pppd is doing some manipulation
of routing when the connection is made. If you are NATing the connection this
setup is fine but feature light.
So...
DO NOT use NAT on the client-side, it will hide the network and the servers net
won't be able to route to the client network machines, this would kill network
printing, for example, where the queue is on the server net and the printer is
on the client net.
--
Please report bugs to [EMAIL PROTECTED]
Please mail [EMAIL PROTECTED] (only) to discuss security issues
Support for registered customers and partners to [EMAIL PROTECTED]
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
