This is an instruction how to install PPTP Client on Debian GNU/Linux KVM.
PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN).
All commands should be run as root!
Installing the Client Program
Install PPTP Client from the Debian Project:
apt install pptp-linux
Configuration, by hand
1. obtain from your PPTP Server administrator:
- the IP address or host name of the server ($SERVER),
- the name you wish to use to refer to the tunnel ($TUNNEL),
- the authentication domain name ($DOMAIN),
- the username you are to use ($USERNAME),
- the password you are to use ($PASSWORD),
- whether encryption is required.
In the steps below, substitute these values manually. For example, where we write $PASSWORD we expect you to replace this with your password.
2. create or edit the /etc/ppp/options.pptp file, which sets options common to all tunnels:
lock noauth nobsdcomp nodeflate
3. create or add lines to the /etc/ppp/chap-secrets file, which holds usernames and passwords:
$DOMAIN\\$USERNAME PPTP $PASSWORD *
Note: if you are using a PPTP Server that does not require an authentication domain name, omit the slashes as well as the domain name.
Note: if the passwords contain any special characters, quote them. See man pppd for more details.
4. create a /etc/ppp/peers/$TUNNEL file:
pty "pptp $SERVER --nolaunchpppd" name $DOMAIN\\$USERNAME remotename PPTP require-mppe-128 file /etc/ppp/options.pptp ipparam $TUNNEL
Note: if you do not need MPPE support, then remove the require-mppe-128 option from this file and /etc/ppp/options.pptp.
5. start the tunnel using the pon command:
to further diagnose a failure, add options to the command:
pon $TUNNEL debug dump logfd 2 nodetach
Note: we have further information on enabling debug mode, and on diagnosing problems.
6. stop the tunnel using the poff command:
7. to have the tunnel automatically restarted if it fails, add the option persist to either the command line or the /etc/ppp/peers/$TUNNEL file.
8. to have a tunnel started on system boot,
add to the file /etc/network/interfaces this iface eth0:
iface tunnel inet ppp provider $TUNNEL
and edit the iface eth0 for your default network connection, usually eth0, to connect the tunnel when possible:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto tunnel iface tunnel inet ppp provider $TUNNEL pre-down ip -4 addr flush dev ppp0 scope global || : auto eth0 iface eth0 inet static address XXX.XXX.XXX.XXX netmask 255.255.255.0 broadcast + up route -A inet add XXX.XXX.XXX.XXX dev eth0 up route -A inet add default gw XXX.XXX.XXX.XXX dev eth0 iface eth0 inet6 manual pre-down ip -6 addr flush dev eth0 scope global || :
Note: this eliminates a race between the tunnel startup and the default network connection, which can prevent tunnel connection.
9. (Optional) Add routes through the PPTP Connection:
– create a /etc/ppp/ip-up.d/$TUNNEL file:
– Inside add the routes you want like this:
#!/bin/bash /sbin/route add 172.24.20.252 gw 10.255.254.0 dev ppp0
– Save the file
– Make it executable:
chmod +x /etc/ppp/ip-up.d/$TUNNEL
You could for example do a simple check and show which scripts would be run:
run-parts --test /etc/ppp/ip-up.d/