. .

Linux PPTP server

Written by at May 28, 2012

Building a VPN server with PPTP in Linux authenticating with RADIUS.

Software configuration

  • OS: Slackware 13.37
  • Software: pptpd-1.3.4

Installation

tar zxvf pptpd-1.3.4.tar.gz
modify pptpd-logwtmp.so pptpctrl.c if necessary, e.g.,

     /* pppd_argv[an++] = "/usr/lib/pptpd/pptpd-logwtmp.so"; */
     pppd_argv[an++] = "/usr/local/pptpd/lib/pptpd/pptpd-logwtmp.so";

./configure --prefix=/usr/local/pptpd
make
make install

Configuration

pptpd.conf

Modify the configuration, base on sample/pptpd.conf, and store the file under /usr/local/pptpd/etc/pptpd.conf

option /usr/local/pptpd/etc/options.pptpd
logwtmp
noipparam
localip 192.168.68.1

options.pptpd

Make necessary modification base on sample/options.pptpd and store the file under /usr/local/pptpd/etc/options.pptpd

name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 192.168.1.1
ms-dns 192.168.2.1
ms-wins 192.168.1.1
proxyarp
lock
nobsdcomp
novj 
novjccomp
nologfd
plugin radius.so
plugin radattr.so

Radius client

/etc/radiusclient/radiusclient.conf

At least, the following parameters should be configured:

  • authserver
  • acctserver

/etc/radiusclient/servers

Setup the secret to talk with radius server, e.g.,

localhost                              testing123

/etc/radiusclient/dictionary

Append following at the end

INCLUDE /etc/radiusclient/dictionary.merit
INCLUDE /etc/radiusclient/dictionary.microsoft

IP pool for pptpd

Radius server could assign ip address to client, we would like to have a separate ip pool for pptpd user.

/usr/local/pptpd/etc/options.pptpd

Append:

avpair NAS-Identifier="PPTPD"

/usr/local/freeradius/etc/raddb/modules/ippool

ippool pptpd_pool {
        range-start = 192.168.66.2
        range-stop = 192.168.71.254
        netmask = 255.255.252.0
        cache-size = 800  
        session-db = ${db_dir}/db.pptpd.ippool
        ip-index = ${db_dir}/db.pptpd.ipindex
        override = no
        maximum-timeout = 0
}

/usr/local/freeradius/etc/raddb/users

DEFAULT NAS-Identifier=="PPTPD", Framed-Protocol == PPP, Pool-Name := "pptpd_pool", Simultaneous-Use := 1
        Framed-Protocol = PPP,
        Framed-Compression = Van-Jacobson-TCP-IP

/usr/local/freeradius/etc/raddb/sites-enabled/default

Add the pptpd_pool in accounting and post-auth session.