Linux PPTP server
Building a VPN server with PPTP in Linux authenticating with RADIUS.
Software configuration
- OS: Slackware 13.37
- Software: pptpd-1.3.4
Installation
tar zxvf pptpd-1.3.4.tar.gz
modify pptpd-logwtmp.so pptpctrl.c if necessary, e.g.,
/* pppd_argv[an++] = "/usr/lib/pptpd/pptpd-logwtmp.so"; */
pppd_argv[an++] = "/usr/local/pptpd/lib/pptpd/pptpd-logwtmp.so";
./configure --prefix=/usr/local/pptpd
make
make install
Configuration
pptpd.conf
Modify the configuration, base on sample/pptpd.conf, and store the file under /usr/local/pptpd/etc/pptpd.conf
option /usr/local/pptpd/etc/options.pptpd logwtmp noipparam localip 192.168.68.1
options.pptpd
Make necessary modification base on sample/options.pptpd and store the file under /usr/local/pptpd/etc/options.pptpd
name pptpd refuse-pap refuse-chap refuse-mschap require-mschap-v2 require-mppe-128 ms-dns 192.168.1.1 ms-dns 192.168.2.1 ms-wins 192.168.1.1 proxyarp lock nobsdcomp novj novjccomp nologfd plugin radius.so plugin radattr.so
Radius client
/etc/radiusclient/radiusclient.conf
At least, the following parameters should be configured:
- authserver
- acctserver
/etc/radiusclient/servers
Setup the secret to talk with radius server, e.g.,
localhost testing123
/etc/radiusclient/dictionary
Append following at the end
INCLUDE /etc/radiusclient/dictionary.merit INCLUDE /etc/radiusclient/dictionary.microsoft
IP pool for pptpd
Radius server could assign ip address to client, we would like to have a separate ip pool for pptpd user.
/usr/local/pptpd/etc/options.pptpd
Append:
avpair NAS-Identifier="PPTPD"
/usr/local/freeradius/etc/raddb/modules/ippool
ippool pptpd_pool {
range-start = 192.168.66.2
range-stop = 192.168.71.254
netmask = 255.255.252.0
cache-size = 800
session-db = ${db_dir}/db.pptpd.ippool
ip-index = ${db_dir}/db.pptpd.ipindex
override = no
maximum-timeout = 0
}
/usr/local/freeradius/etc/raddb/users
DEFAULT NAS-Identifier=="PPTPD", Framed-Protocol == PPP, Pool-Name := "pptpd_pool", Simultaneous-Use := 1
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
/usr/local/freeradius/etc/raddb/sites-enabled/default
Add the pptpd_pool in accounting and post-auth session.
can you post a guide how did you configure it to work with ppp cortcerly ?i want to connect it to RRAS thank you.[] Reply:November 12th, 2010 at 12:13 pmI would love to write the detailed guide. Maybe it would take some time. I can answer your questions before the guide finished.The configuration would including:ppp freeradius mysql WebTo connect ppp and freeradius, Maybe you should:1. Get ppp radius modules 1.1 compile ppp from source code (because the ppp debian package doesn’t include radius modules) 1.2 find compiled radius.so radattr.so 1.3 find radiusclient folder in the ppp soucecode2. Configure ppp 2.1 Configure the radius server and shared key in: radiusclient/server ,radiusclient/realms and radiusclient/radiusclient.conf 2.2 add radius to ppp server options file. This is mine.===================================plugin /etc/ppp/radius.soplugin /etc/ppp/radattr.soradius-config-file /etc/radiusclient/radiusclient.conf====================================[]