I am in CUHK. Hence I need to connect to VPN from time to time. The CUHK VPN pool is using PPTP implemented by the Cisco routers or access servers (although another using IPSec is also available, but I am not supposed to know about its existence…) and I am using Debian as my primary operating system. This guide is to record down how do I make a PPTP VPN in Debian Linux.
Requirement
The required software is the pppd
daemon and the pptp-linux
suite, also your
kernel needs to support the point-to-point protocol in asynchronous mode. Here
are what I did:
# apt-get install pppd pptp-linux
That’s enough.
Procedure
To connect via PPTP, you need to make sure your kernel support PPP because PPTP is just using PPP over your existing network connection instead of your modem. I am using the kernel 2.6.8.1 at the mean time and I do this to load the modules for my kernel’s support:
# modprobe ppp-generic
# modprobe ppp-async
Basically the last line will help you load the first line as well. You may need to check your kernel’s support and build options to see if you need to recompile your kernel or use another name to call these modules or the modules are already compiled-in.
Once you make sure your kernel supports “ppp-async”, you can configure your PPP
scripts. The script is located in /etc/ppp/peers
. You can just create a script
with any name, for example, mine is /etc/ppp/peers/vpn
:
user s034554
require-pap
noipdefault
usepeerdns
defaultroute
persist
noauth
noaccomp
default-asyncmap
nopcomp
noccp
novj
The above is to specify that, I am using s034554
as my login name and PAP as
the authentication method. Once connected, use the peer side’s DNS and use the
PPTP connection as my default route. Furthermore, make this PPTP connection
persistent, which mean to reconnect upon disconnected. The rest options are
mainly configuring the PPTP not to do any encryption or compression. You can get
reference to these from the documentation of PPTP-Linux or PPP daemon.
After you’ve made this file, you can call like this:
# pptp vpn.cuhk.edu.hk -- call vpn
The part after pptp is the hostname you are connecting to, and then a double
dash to separate the PPTP option and PPP options, which I tell PPP to use the
options described in the script called vpn
in the /etc/ppp/peers
directory.
Once you invoked this command, you will get a ppp0
connection within a few seconds.
Another Procedure
The above is not the only way to do. We can alternatively, invoke pppd
instead
of pptp to bring up the connection. It is no difference, just see if you want
pppd
to call pptp or pptp to call ppp to finish the whole thing. If you choose
to use the former method, see the following.
Your kernel also needs the asynchronous ppp support. Afterwards, create a option
script in /etc/ppp/peers
like this:
name s034554
require-pap
defaultroute
persist
pty "pptp vpn.cuhk.edu.hk --nolaunchpppd"
remotename vpn.cuhk.edu.hk
ipparam vpn.cuhk.edu.hk
lock
noauth
nobsdcomp
nodeflate
The key point here is you have already specify your VPN server (in PPP’s terminology, the concentrator) in the option file and then we can just connect via the PPTP by invoking:
# pppd call vpn
where I have assumed that vpn
is the name of the script.