Red Hat pptpd HOWTO

Packages for Yum based distributions are available from our Yum repository.

• http://poptop.sourceforge.net/yum/beta/packages/ (packages here require ppp 2.4.4)
• http://poptop.sourceforge.net/yum/stable/packages/ (packages here require ppp 2.4.3, except FC6, FC7, RHEL5, all of which have ppp 2.4.4 already)

Quick start:

# rpm -Uvh http://poptop.sourceforge.net/yum/stable/fc7/pptp-release-current.noarch.rpm # yum --enablerepo=poptop-stable install pptpd

Derived from work by Richard de Vroede, this HOWTO shows the steps required to install pptpd on a Red Hat style distribution, such as Red Hat, Fedora Core, and Mandrake.

1. if you are using a kernel version below 2.6.15-rc1, and you want encrypted tunnels, you need to add MPPE support to the kernel. Some distribution kernels already have MPPE. You can test by typing modprobe ppp-compress-18 && echo ok and if that works, skip to step 2,

   Otherwise, to add MPPE support to the kernel, choose either of these two methods;

   1. go to the PPTP Client project and read the instructions that are the closest match to the distribution you have, and do the parts of the instructions that cover MPPE, or;

   2. download and install the latest DKMS RPM and the latest kernel_ppp_mppe RPM from the new MPPE module builder section of our downloads, (for more information about DKMS, see the OLS 2004 DKMS paper),

2. upgrade PPP to version 2.4.3 or later, see our latest ppp RPMs,

3. download and install the latest pptpd RPM,

4. configure the following files;
   • /etc/modules.conf (only on Red Hat distributions released before 2001)
   • /etc/pptpd.conf (especially the localip and remoteip tags, see the ROUTING CHECKLISTS in man pptpd.conf for more details)
   • /etc/ppp/options.pptpd (especially ensure the MPPE options match your PPP version),
   • /etc/ppp/chap-secrets (add a username and password for a client to log in with),

5. start the service;

   service pptpd start

6. upgrade all Win9x clients using MSdun1.4 to get 128-bit encryption,

7. try a connection.

Once you can ping from the client to the server using the IP address assigned within the tunnel, you know it works. You may need to configure your server to forward the packets further, but that's a routing problem that has nothing specific to do with pptpd. See our Diagnosing Forwarding document; which boils down to;

• enable IP forwarding in /etc/sysctl.conf:

  net.ipv4.ip_forward = 1

• enable IP forwarding now:

  echo 1 > /proc/sys/net/ipv4/ip_forward

For configuration against an Active Directory service, see our Replacing a Windows PPTP server with Linux HOWTO, by Matt Alexander, from December 2004.

For more complex configuration, see Beyond Samba - Integrating Windows Authentication into a wireless VPN solution, by Andrew Bartlett, 4th January 2005.

---

Comments

If you have comments on this document, please send them to the author at quozl at laptop dot org. But if you need help, use the mailing list (subscribe, archives) so that we can share the load.

---

ChangeLog

Date	Change
2007-08-09	Add Yum repository but did not update rest of document. Input needed.
2005-11-16	Add text to skip step 1 if reader is on kernel 2.6.15-rc1 or later.
2005-06-20	Remove support for SuSE because we don't have pppd packages available.
2005-05-11	Add ip_forward hints (not specific to pptpd but usually part of the process people go through), add link to the Active Directory HOWTO, thanks again to Illtud Daniel.
2005-04-14	Add links to our PPP packages, thanks to Illtud Daniel for pointing out the omission.
2004-12-21	Add links to DKMS and samba.org information.
2004-12-17	First draft and minor edits following review by mailing list.

---