Wednesday, December 29, 2010

Set up PPTP client and tunnel all traffic through VPN

Be smart...don't do this. Just use OpenVPN, it's much easier. However, if for some reason you have to use PPTP:

To tunnel all traffic except DNS over VPN:

Add info for the VPN account your using to /etc/ppp/chap-secrets
    ex: [username] [server] password *

Create a file (filename = name you want to call VPN connection) in /etc/ppp/peers:
    Put connection info in this file
        ex: pty "pptp [VPN_ADDR] --nolaunchpppd"
            name [NAME]
            remotename [RNAME]
            require-mppe-128
            refuse-eap
            noauth
            file /etc/ppp/options.pptp
            ipparam [RNAME]

Edit the options.pptp file if you want. (I didn't change anything)

Create a script (ie AllToTunnel) in /etc/ppp/ip-up.d/ containing the following 

(with the modifications indicated below):
    Modifications:
        change PRIMARY to the network interface used to connect to internet
        change SERVER to the address of the PPTP server
        change "tunnel" in the last if statement to the name of your tunnel

    #!/bin/sh
    # pppd ip-up script for all-to-tunnel routing
   
    # name of primary network interface (before tunnel)
    PRIMARY=eth0
   
    # address of tunnel server
    SERVER=tunnel.example.com
   
    # provided by pppd: string to identify connection aka ipparam option
    CONNECTION=$6
    if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi
   
    # provided by pppd: interface name
    TUNNEL=$1
    if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi
   
    # if we are being called as part of the tunnel startup
    if [ "${CONNECTION}" = "tunnel" ] ; then
   
      # direct tunnelled packets to the tunnel server
      route add -host ${SERVER} dev ${PRIMARY}
   
      # direct all other packets into the tunnel
      route del default ${PRIMARY}
      route add default dev ${TUNNEL}
   
    fi

Don't forget to chmod a+x the file after you're done.


Create a script (ie AllToTunnelDown) in /etc/ppp/ip-down.d/ containing the following (with the modifications indicated below):
    Modifications:
        change "tunnel" in the last if statement to the name of your tunnel

    #!/bin/sh
    # pppd ip-down script for all-to-tunnel routing
   
    # name of primary network interface (before tunnel)
    PRIMARY=eth0
   
    # provided by pppd: string to identify connection aka ipparam option
    CONNECTION=$6
    if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi
   
    # provided by pppd: interface name
    TUNNEL=$1
    if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi
   
    # if we are being called as part of the tunnel shutdown
    if [ "${CONNECTION}" = "tunnel" ] ; then
   
      # direct packets back to the original interface
      route del default ${TUNNEL}
      route add default dev ${PRIMARY}
   
    fi

Don't forget to chmod a+x the file after you're done.

References:

http://pptpclient.sourceforge.net/howto-debian.phtml#configure_by_hand
http://pptpclient.sourceforge.net/routing.phtml#all-to-tunnel

No comments:

Post a Comment