Git-Url: http://git.frugalware.org/gitweb/gitweb.cgi?p=frugalware-current.git;a=commitdiff;h=0c1a827af5a47d4e573cb3b1af586945af31ab0e
commit 0c1a827af5a47d4e573cb3b1af586945af31ab0e Author: Miklos Vajna <[EMAIL PROTECTED]> Date: Tue Apr 29 20:48:24 2008 +0200 pptpd-1.3.2-3-i686 - update README.Frugalware - based on a patch from janny, thx diff --git a/source/network-extra/pptpd/README.Frugalware b/source/network-extra/pptpd/README.Frugalware index bc5cd32..e2b9e0e 100644 --- a/source/network-extra/pptpd/README.Frugalware +++ b/source/network-extra/pptpd/README.Frugalware @@ -1,7 +1,7 @@ 1. Preface + I was asked to set up VPN using PPTP. A much secure way to setup it up is using -IPSec, more details +IPSec, more details http://www.schneier.com/paper-pptpv2.html[here]. Also you could use ssh+pppd, but that's rather problematic on platforms other than Unix. @@ -41,7 +41,6 @@ Then let's see that referred '/etc/ppp/options.pptpd': -------------------------------------------- $ grep -v '^\(#\|$\)' /etc/ppp/options.pptpd name pptpd -domain nemesis.example.net refuse-pap refuse-chap refuse-mschap @@ -56,16 +55,15 @@ novjccomp nologfd --------------------------------------------- + -nemesis.example.net is the full name of the machine, replace it to your one. After everything works fine, you can remove the "debug" line from the config. + Then add at least one user: + ----------------------------------- +------------------------------------------------------------- # cat /etc/ppp/chap-secrets -Password: -vmiklos pptpd "secret" * ----------------------------------- +## client server secret IP addresses +mylogin * stupidpassword * +------------------------------------------------------------- + The rest is about to allow pptp on the firewall (I'm assuming that you use the default Frugalware configuration: INPUT is on DROP by default, but FORWARD is @@ -78,6 +76,27 @@ Add the following 2 lines to the filter section of '/etc/sysconfig/firewall': -A INPUT -p tcp -m tcp --dport 1723 -j ACCEPT --------------------------------------------- + +If you want to allow a client to access Internet via this pptp server, add the +following line to the nat section of the same file (change ethX to the correct +network interface): ++ +----------------------------------- +-A POSTROUTING -o ethX -j MASQUERAD +----------------------------------- ++ +Then check if you have PPP support in the kernel enabled: ++ +-------------------------- +# lsmod | grep ppp_generic +-------------------------- ++ +If there is no output, enable it: ++ +---------------------------------------------- +# modprobe ppp_generic +# echo "ppp_generic" >> /etc/sysconfig/modules +---------------------------------------------- ++ Now we're ready to start: + ------------------------------------ _______________________________________________ Frugalware-git mailing list [email protected] http://frugalware.org/mailman/listinfo/frugalware-git
