I am in CUHK. Hence I need to connect to VPN from time to time. The CUHK VPN pool is using PPTP implemented by the Cisco routers or access servers (although another using IPSec is also available, but I am not supposed to know about its existence…) and I am using Debian as my primary operating system. This guide is to record down how do I make a PPTP VPN in Debian Linux.
The required software is the
pppd daemon and the
pptp-linux suite, also your
kernel needs to support the point-to-point protocol in asynchronous mode. Here
are what I did:
# apt-get install pppd pptp-linux
To connect via PPTP, you need to make sure your kernel support PPP because PPTP is just using PPP over your existing network connection instead of your modem. I am using the kernel 22.214.171.124 at the mean time and I do this to load the modules for my kernel’s support:
# modprobe ppp-generic # modprobe ppp-async
Basically the last line will help you load the first line as well. You may need to check your kernel’s support and build options to see if you need to recompile your kernel or use another name to call these modules or the modules are already compiled-in.
Once you make sure your kernel supports “ppp-async”, you can configure your PPP
scripts. The script is located in
/etc/ppp/peers. You can just create a script
with any name, for example, mine is
user s034554 require-pap noipdefault usepeerdns defaultroute persist noauth noaccomp default-asyncmap nopcomp noccp novj
The above is to specify that, I am using
s034554 as my login name and PAP as
the authentication method. Once connected, use the peer side’s DNS and use the
PPTP connection as my default route. Furthermore, make this PPTP connection
persistent, which mean to reconnect upon disconnected. The rest options are
mainly configuring the PPTP not to do any encryption or compression. You can get
reference to these from the documentation of PPTP-Linux or PPP daemon.
After you’ve made this file, you can call like this:
# pptp vpn.cuhk.edu.hk -- call vpn
The part after pptp is the hostname you are connecting to, and then a double
dash to separate the PPTP option and PPP options, which I tell PPP to use the
options described in the script called
vpn in the
Once you invoked this command, you will get a
ppp0 connection within a few seconds.
The above is not the only way to do. We can alternatively, invoke
of pptp to bring up the connection. It is no difference, just see if you want
pppd to call pptp or pptp to call ppp to finish the whole thing. If you choose
to use the former method, see the following.
Your kernel also needs the asynchronous ppp support. Afterwards, create a option
/etc/ppp/peers like this:
name s034554 require-pap defaultroute persist pty "pptp vpn.cuhk.edu.hk --nolaunchpppd" remotename vpn.cuhk.edu.hk ipparam vpn.cuhk.edu.hk lock noauth nobsdcomp nodeflate
The key point here is you have already specify your VPN server (in PPP’s terminology, the concentrator) in the option file and then we can just connect via the PPTP by invoking:
# pppd call vpn
where I have assumed that
vpn is the name of the script.