Re: Replacing a Windows PPTP server with Linux

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MMatt Alexander at <-
 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Craig White
Date:  
To: plug-discuss
Subject: Re: Replacing a Windows PPTP server with Linux
On Tue, 2005-02-22 at 18:34 -0700, Matt Alexander wrote:
> I recently setup a replacement for a Windows PPTP server. Here's what
> I did incase anyone else would like to do the same.
>
> This is a Fedora Core 3 box.
> I installed the following from www.poptop.org:
> dkms-2.0.5-1.noarch.rpm
> kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm
> pptpd-1.2.3.tar.gz
>
> Then I built and installed pppd from source from ppp.samba.org
> (patched to use winbind):
> ppp-2.4.3.tar.gz
>
> Next, I setup smb.conf:
> [global]
> workgroup = mydomain
> realm = mydomain.com
> server string = myservername
> load printers = no
> log file = /var/log/samba/%m.log
> security = ads
> socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
> local master = no
> domain master = no
> preferred master = no
> wins server = 172.16.1.100
> dns proxy = no
> winbind uid = 10000-20000
> winbind gid = 10000-20000
> winbind use default domain = yes
>
> Then join the computer to the domain:
> net join -U somedomainadmin
>
> Edit /etc/pptpd.conf:
> option /etc/ppp/options.pptpd
> ppp /usr/local/sbin/pppd
> localip 172.16.4.50
> remoteip 172.16.100.100-150
>
> Edit /etc/ppp/options.pptpd
> lock
> debug
> noauth
> name pptpdev
> nobsdcomp
> proxyarp
> refuse-pap
> refuse-mschap
> require-mschap-v2
> require-mppe-128
> ms-dns 172.16.1.100
> ms-dns 172.16.2.100
> defaultroute
> plugin winbind.so
> ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
>
> Enable IP forwarding in /etc/sysctl.conf:
> net.ipv4.ip_forward = 1
>
> Startup winbind:
> service winbind start
>
> Startup pptpd:
> /usr/local/sbin/pptpd
>
> Power down old Windows VPN server:
> Start -> Shutdown...
----
thanks for the info - couple of thoughts...

1 - fedora core tends to have relatively short life span and uncertainty
if fedoralegacy will continue to issue security updates. I tend to use
RHEL clones or 'firewall/router' projects for this application.

2 - doesn't FC-3 already have mppe in ppp?

3 - any entries in /etc/hosts or local dns server?

4 - isn't PPTP considered weak as compared to L2TP ? 

5 - have you looked at...
    IPCOP with L2TP ?
    <http://www.ipcop.org>
<http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer>


Though I think Macintosh OSX 10.3+ can connect to either PPTP or L2TP
now.

Also one last thought - has anyone played with tinyCA ?

Craig

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-development projectRe: development project->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)