source and source and source. I’m keeping it as simple as possible.
The serverside LAN in this example is 10.50.0.0/16.
On the server, install pptpd. Then edit /etc/pptpd.conf and set:
# This is the IP the server will have from the clients perspective. SHould be the servers local IP. localip 10.50.0.1 # And from this range, the client IPs will be given. Here, the range 10.50.91.x is reserved for VPN hosts. remoteip 10.50.91.1-254
Then edit /etc/ppp/pptpd-options and set options (comments have been removed from this example):
name my-pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp
Then restart pptpd.
Then edit accounts in /etc/ppp/chap-secrets. Example:
user my-pptpd password *
On the client, /etc/options.pptp (comments once again removed):
lock noauth refuse-pap refuse-eap refuse-chap refuse-mschap nobsdcomp nodeflate
/etc/ppp/chap-secrets:
user my-pptpd password *
Then make /etc/ppp/peers/johnsvpn:
pty "pptp hostname --nolaunchpppd" name user remotename my-pptpd require-mppe-128 file /etc/ppp/options.pptp ipparam johnsvpn
You should then be able to turn it on with “pon johnsvpn”. Use poff to turn it off.
To be able to access the entire LAN from the client, run this:
route add -net 10.50.0.0 netmask 255.255.0.0 dev ppp0
More is necessary, like permanent host-to-LAN config (with route pushing or something), DNS, testing if windows works, etc. More is to come.
Congratulations! You have published post number 300.