netbsd-help: Re: pptp config

Subject: Re: pptp config
To: Mipam <mipam@ibb.net>
From: Bryan P <u9@terran.org>
List: netbsd-help
Date: 07/08/2003 12:42:15
On the distinguished day of Jul 8, Mipam wrote:

> Hi,
>
> Im trying to get pptp to work here.  I have a dsl modem so my ethernet
> card is connected to the modem.  Now my provider wishes me to speak pptp
> to him.
...
> Any suggestions what i could do or where im going wrong?

Hello,

This may or may not be helpful, but it is a mini-HOWTO I wrote for how to
set up access to PPTP to an unnamed corporate network.  It "works for me".

Using PPTP at XXXXXXXX (mini-HOWTO)
===================================

Bryan P, Feb 2003

  1.) You'll need a PPTP account set up, which is basically a username and
      password on the external PPTP server.  Contact the network
      administrator for this.

  2.) Install pptp-linux, following the included directions.  Note that for
      NetBSD, you'll need to turn OFF GRE support in the kernel (build with
      the "pseudo-device gre" commented out).

  3.) Create a pptp.conf file which contains, at least:

      name <youraccountname>
      remotename PPTP

      Putting your PPTP acount name in the space <youraccountname>.

  4.) Create an /etc/ppp/chap-secrets file (which should not be readable by
      anyone but root), which looks like this:

      <youraccountname> PPTP <yourpassword>

  5.) Start pptp with something like:

      pptp 1.2.3.4 file pptp.conf

      where "1.2.3.4" is the address of the PPTP server.

  6.) Add a network route through the tunnel, which looks something like
      this:

      route add -net 10.1.0.0 -netmask 255.255.0.0 10.1.99.151

      Where "10.1.99.151" is the address for the PPTP server-side.  Figure
      that out by looking at the netstat -rn or ifconfig of the ppp
      interface.

  Other things to consider...

      If you are tunneling in from behind a firewall of some sort, you will
      want to make sure that you allow out IP protocol 47 (GRE) and that
      PPTP masquerading is turned on if you need it.  You would probably
      need it if you were tunneling from a private address, though if the
      NAT device is not also capable of being a PPTP endpoint itself and/or
      supports portless NAT, it might work as-is.

-bp
--