分类: BSD
2013-08-19 12:28:31
Tutorial details |
|
---|---|
Difficulty | Intermediate (rss) |
Root privileges | |
Requirements | FreeBSD |
Estimated completion time | N/A |
Warning: PPTP is known to be a faulty protocol. The designers of the protocol, Microsoft, recommend not to use it due to the inherent risks. Lots of people use PPTP anyway due to ease of use, but that doesn't mean it is any less hazardous. I recommend using OpenVPN (SSL based) or IPSec instead.
Type the following command to update ports tree:
# portsnap fetch update
Install the client, run:
# cd /usr/ports/net/pptpclient
# make install clean
Sample outputs:
===> Extracting for pptpclient-1.7.2_5 => SHA256 Checksum mismatch for pptp-1.7.2.tar.gz. ===> Refetch for 1 more times files: pptp-1.7.2.tar.gz => pptp-1.7.2.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch pptp-1.7.2.tar.gz 100% of 79 kB 49 kBps => SHA256 Checksum OK for pptp-1.7.2.tar.gz. ===> pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found ===> Patching for pptpclient-1.7.2_5 ===> pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found ===> Applying FreeBSD patches for pptpclient-1.7.2_5 ===> pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found ===> Configuring for pptpclient-1.7.2_5 ===> Building for pptpclient-1.7.2_5 echo "/* text added by Makefile target config.h */" > config.h echo "#define PPTP_LINUX_VERSION \"1.7.2\"" >> config.h echo "#define PPPD_BINARY \"/usr/sbin/ppp\"" >> config.h gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_gre.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c ppp_fcs.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_ctrl.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c dirutil.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c vector.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c inststr.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c util.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c version.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c test.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_quirks.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c orckit_quirks.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pqueue.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_callmgr.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c routing.c gcc -O2 -pipe -fno-strict-aliasing -Wall -DUSER_PPP -c pptp_compat.c gcc -o pptp pptp.o pptp_gre.o ppp_fcs.o pptp_ctrl.o dirutil.o vector.o inststr.o util.o version.o test.o pptp_quirks.o orckit_quirks.o pqueue.o pptp_callmgr.o routing.o pptp_compat.o -lutil pod2man pptpsetup > pptpsetup.8 ===> Installing for pptpclient-1.7.2_5 ===> pptpclient-1.7.2_5 depends on file: /usr/local/bin/perl5.12.4 - found ===> Generating temporary packing list ===> Checking if net/pptpclient already installed install -s -o root -g wheel -m 555 /usr/ports/net/pptpclient/work/pptp-1.7.2/pptp /usr/local/sbin /bin/mkdir -p /usr/local/share/examples/pptpclient install -o root -g wheel -m 444 /usr/ports/net/pptpclient/files/README /usr/local/share/examples/pptpclient install -o root -g wheel -m 444 /usr/ports/net/pptpclient/files/ppp.conf /usr/local/share/examples/pptpclient install -o root -g wheel -m 444 /usr/ports/net/pptpclient/work/pptp-1.7.2/pptp.8 /usr/local/man/man8 ===> Compressing manual pages for pptpclient-1.7.2_5 ===> Registering installation for pptpclient-1.7.2_5 ===> SECURITY REPORT: This port has installed the following files which may act as network servers and may therefore pose a remote security risk to the system. /usr/local/sbin/pptp If there are vulnerabilities in these programs there may be a security risk to the system. FreeBSD makes no guarantee about the security of ports included in the Ports Collection. Please type 'make deinstall' to deinstall the port if this is a concern. For more information, and contact details about the security status of this software, see the following webpage: ===> Cleaning for pptpclient-1.7.2_5
Here is my sample vpn server information. Talk to your network / sys administrator to find out what value you should be using.
On the client side:
In
this example connect to Mumbai data center using the vpn server IP
202.54.1.2. First, backup original /etc/ppp/ppp.conf file, enter:
# mv /etc/ppp/ppp.conf /etc/ppp/ppp.conf.factory
Edit /etc/ppp/ppp.conf, enter:
# vi /etc/ppp/ppp.conf
Append the following configuration:
MUMBAI: set authname vivek set authkey FooBar set timeout 0 set ifaddr 0 0 add 10.0.0.0/8 hisaddr alias enable yes disable ipv6cp
Save and close the file. Where,
You must run the program as root. Use a command as follows:
# pptp 202.54.1.2 MUMBAI
Sample outputs:
/bin/ip: not found /bin/ip: not found
Please ignore /bin/ip not found error. To kill vpn connection press ^C.
Type the following command (open a new terminal):
# ifconfig tun0
Sample outputs:
tun0: flags=8051 metric 0 mtu 1498
options=80000 inet 10.1.3.62 --> 10.0.31.18 netmask 0xffffffff nd6 options=21
Opened by PID 36259
Where,
Type the following command:
# netstat -r
OR
# netstat -r -f inet
Sample outputs:
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 192.168.1.2 UGS 0 1930 bge0 10.0.0.0 10.0.31.18 UGS 0 0 tun0 10.0.31.18 link#8 UHS 0 0 tun0 10.1.3.89 link#8 UHS 0 0 lo0 localhost link#7 UH 0 2308 lo0 192.168.1.0 link#3 U 0 962 bge0 fwks01.nixcraft.ne link#3 UHS 0 0 lo0
Use the ping and traceroute commands:
$ ping -c3 10.37.34.2
Sample outputs:
PING 10.37.34.2 (10.37.34.2): 56 data bytes 64 bytes from 10.37.34.2: icmp_seq=0 ttl=61 time=330.681 ms 64 bytes from 10.37.34.2: icmp_seq=1 ttl=61 time=329.039 ms 64 bytes from 10.37.34.2: icmp_seq=2 ttl=61 time=329.592 ms --- 10.37.34.2 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 329.039/329.771/330.681/0.682 ms
To print the route packets take to network host:
$ tracroute 10.37.34.2
Type the following command:
# tail -f /var/log/ppp.log
# grep something /var/log/ppp.log
Sample outputs (a log of successful connection):
Jul 16 04:01:43 fwks01 ppp[37612]: Phase: Using interface: tun0 Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: Created in closed state Jul 16 04:01:43 fwks01 ppp[37612]: Warning: The alias command is deprecated Jul 16 04:01:43 fwks01 ppp[37612]: Phase: PPP Started (direct mode). Jul 16 04:01:43 fwks01 ppp[37612]: Phase: bundle: Establish Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: closed -> opening Jul 16 04:01:43 fwks01 ppp[37612]: Alert: deflink: Can't create /var/run/pts/3.if: No such file or directory Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: Connected! Jul 16 04:01:43 fwks01 ppp[37612]: Phase: deflink: opening -> carrier Jul 16 04:01:44 fwks01 ppp[37612]: Phase: deflink: /dev/pts/3: CD detected Jul 16 04:01:44 fwks01 ppp[37612]: Phase: deflink: carrier -> lcp Jul 16 04:01:45 fwks01 ppp[37612]: Phase: bundle: Authenticate Jul 16 04:01:45 fwks01 ppp[37612]: Phase: deflink: his = CHAP 0x81, mine = none Jul 16 04:01:45 fwks01 ppp[37612]: Phase: Chap Input: CHALLENGE (16 bytes) Jul 16 04:01:45 fwks01 ppp[37612]: Phase: Chap Output: RESPONSE (vivek) Jul 16 04:01:45 fwks01 ppp[37612]: Phase: Chap Input: SUCCESS (S=DC9CCD2E06D333C502626C4BAXXXYYYZZZYYY) Jul 16 04:01:45 fwks01 ppp[37612]: Phase: deflink: lcp -> open Jul 16 04:01:45 fwks01 ppp[37612]: Phase: bundle: Network
Start it as follows:
# pptp 38.96.196.94 DAL 2>/dev/null &
OR use nohup command which allows to run pptp that can continue running in the background after you log out from a shell:
# nohup pptp 38.96.196.94 DAL 2>/dev/null &
To kill it, enter:
# kill -TERM `cat /var/run/tun0.pid`
OR
# kill -TERM $(cat /var/run/tun0.pid)
You can write a shell script to start and stop pptp. This is left as an exercise for the reader.
based implementation of the multi-link PPP protocol for FreeBSD. It is designed to be both fast and flexible. It handles configuration and negotiation in user land, while routing all data packets strictly in the kernel. You can use mpd for the same purpose. Stay tuned for mpd tutorial.
See also