This tutorial describes how to enable PPTP VPN log ins to your local network from an external network.
Assumptions:
- Your Running Ubuntu server.
- The server is your gateway. ie. Two or more interfaces.
- Shorewall is used for your firewall.
- Internal interface network
- IP Address: 192.168.10.1
- Netmask: 255.255.255.0
- Broadcast: 192.168.10.1
- Network: 192.168.10.1
- External interface network
- No Dynamic IP's assigned between 192.168.10.100 & 192.168.10.201.
- Samba is installed and functioning
Start with a full update of the system.
aptitude update; aptitude -y full-upgrade
Then install the required pptp cpackages.
aptitude -y install pptpd
We need to make note of the internal interface ip adress.
ifconfig # Note internal and external IP addresses
Edit the pptp daemon file
vim /etc/pptpd.conf
bcrelay eth1 # Internal interface name
localip 192.168.10.1 # Internal interface IP address
remote 192.168.10.100-201 # Address NOT within internal & external address space
Edit the pppd daemon options file
vim /etc/ppp/pptpd-options
ms-dns 192.168.10.1 # Internal interface IP address
ms-wins 192.168.10.1 # Internal interface IP address
Edit the pppd secrets file
vim /etc/ppp/chap-secrets
laptop pptpd * # User 1
other-laptop pptpd * # User 2
Edit the shorewall zones file
vim /etc/shorewall/zones
rem ipv4
Edit the shorewall interfaces file
vim /etc/shorewall/interfaces
rem ppp+ detect
Edit the shorewall policy file
vim /etc/shorewall/policy
loc rem ACCEPT
$FW rem ACCEPT
rem net ACCEPT
rem $FW ACCEPT
rem loc ACCEPT
Edit the shorewall rules file
vim /etc/shorewall/rules
PPtP(ACCEPT) net $FW
Edit the samba config file
vim /etc/samba/smb.conf
preferred master = Yes
domain master = Yes
wins support = Yes
Restart all of the required services.
service pptpd restart
service smbd restart
service nmbd restart
shorewall restart
