[plug] Windows VPN

[Brad Campbell]

G'day all,

Well it's all working, so for those interested this is how I did it for 
Debian Woody.
Note, the Debian pppd comes with a number of options enabled, including PAM.
I don't use any of these, therefore this may not work for you.
If you need to you could apt-get source pppd and patch it with the mppe 
patches
floating around on the net. Don't forget to patch your kernel then.

Grab http://quozl.netrek.org/pptp/ppp-2.4.2_cvs_20021120.tar.gz
apt-get install pptpd

My kernel is 2.4.20 and it lives in /usr/src/linux
in ppp-2.4.2_cvs_20021120/linux/mppe there is a script to patch your 
kernel with mppe support. A simple sh mppeinstall.sh /usr/src/linux and 
it's done.

Add mppe support to ppp in Network Devices in the kernel config.
I did a make dep && make bzImage && make modules as there are a couple 
of files
added to the tree and I wanted to make sure the .deps were ok.

Anyway, install the kernel and modules and re-boot.

Then just ./configure && make && make install-progs in the 
ppp-2.4.2...blah dir.

edit /etc/ppp/pptpd-options to contain
____________________________

name "Your Server Name"
domain "Your Domain"
auth
require-mschap-v2
require-mppe-128
ms-dns your.dns.address
ms-wins your.wins.server

netmask 255.255.255.0

nodefaultroute
proxyarp
lock
_______________________________________

change localip and remoteip in /etc/pptpd.conf to match your desired 
settings
mine are
localip 192.168.3.10-20
remoteip 192.168.3.21-30

I also had to punch holes in my firewall...

#Allow GRE for PPTP
$IPTABLES -A FORWARD -i eth2 -p 47 -j ACCCEPT
#Open the pptp control port to the local machine
$IPTABLES -A INPUT -p tcp -i eth2 -d 192.168.4.100 --dport 1723 -j ACCCEPT

Client is a win2k box and has been told to only use mschap-v2 and drop 
the connection unless it gets the strongest encryption. Works a treat.

Oh yeah, don't forget to set up your /etc/ppp/chap-secrets file.

While testing, adding debug to your /etc/ppp/pptpd-options helps a lot.