Be smart...don't do this. Just use OpenVPN, it's much easier. However, if for some reason you have to use PPTP:
To tunnel all traffic except DNS over VPN:
Add info for the VPN account your using to /etc/ppp/chap-secrets
ex: [username] [server] password *
Create a file (filename = name you want to call VPN connection) in /etc/ppp/peers:
Put connection info in this file
ex: pty "pptp [VPN_ADDR] --nolaunchpppd"
name [NAME]
remotename [RNAME]
require-mppe-128
refuse-eap
noauth
file /etc/ppp/options.pptp
ipparam [RNAME]
Edit the options.pptp file if you want. (I didn't change anything)
Create a script (ie AllToTunnel) in /etc/ppp/ip-up.d/ containing the following
(with the modifications indicated below):
Modifications:
change PRIMARY to the network interface used to connect to internet
change SERVER to the address of the PPTP server
change "tunnel" in the last if statement to the name of your tunnel
#!/bin/sh
# pppd ip-up script for all-to-tunnel routing
# name of primary network interface (before tunnel)
PRIMARY=eth0
# address of tunnel server
SERVER=tunnel.example.com
# provided by pppd: string to identify connection aka ipparam option
CONNECTION=$6
if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi
# provided by pppd: interface name
TUNNEL=$1
if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi
# if we are being called as part of the tunnel startup
if [ "${CONNECTION}" = "tunnel" ] ; then
# direct tunnelled packets to the tunnel server
route add -host ${SERVER} dev ${PRIMARY}
# direct all other packets into the tunnel
route del default ${PRIMARY}
route add default dev ${TUNNEL}
fi
Don't forget to chmod a+x the file after you're done.
Create a script (ie AllToTunnelDown) in /etc/ppp/ip-down.d/ containing the following (with the modifications indicated below):
Modifications:
change "tunnel" in the last if statement to the name of your tunnel
#!/bin/sh
# pppd ip-down script for all-to-tunnel routing
# name of primary network interface (before tunnel)
PRIMARY=eth0
# provided by pppd: string to identify connection aka ipparam option
CONNECTION=$6
if [ "${CONNECTION}" = "" ]; then CONNECTION=${PPP_IPPARAM}; fi
# provided by pppd: interface name
TUNNEL=$1
if [ "${TUNNEL}" = "" ]; then TUNNEL=${PPP_IFACE}; fi
# if we are being called as part of the tunnel shutdown
if [ "${CONNECTION}" = "tunnel" ] ; then
# direct packets back to the original interface
route del default ${TUNNEL}
route add default dev ${PRIMARY}
fi
Don't forget to chmod a+x the file after you're done.
References:
http://pptpclient.sourceforge.net/howto-debian.phtml#configure_by_hand
http://pptpclient.sourceforge.net/routing.phtml#all-to-tunnel
No comments:
Post a Comment