[plug] PoPToP PPTP server for Linux ->Windows VPN

[Steve Baker]

Craig Ringer wrote:
> Hi folks
> 
> I was wondering if someone on [plug] has any experience with PPTP, 
> specifically the PoPToP VPN server for Linux. I'm having to deal with my 
> first "mobile user" here (*ARRGGH*) and need a VPN option that I can 
> restrict (firewall off SMB, etc), will run well on a Linux server and 
> accept Windows client machines.
> 
snip
> 
> If anybody has worked with roaming windows (l)users needing access to a 
> network with a linux gateway, I'd love to hear of your experiences.
> 

We have PPTP on Linux running at my place of work.  The guy who set up 
the LAN before I started there set it up, and I'm not sure of the exact 
steps he used.  Once it's set up though, the configuration is very 
similar to regular pppd.

Basically the Windows users define a VPN connection (2K/XP - add a 
network connection, tell the wizard to 'connect to a private network 
through the internet', give it the IP address of the gateway, etc) then 
activate that connection.  It's pretty straight-forward, and I've found 
that It Just Works (tm).

At the server end, you assign IPs and other connection info (gateways, 
dns, wins, etc.) as with regular pppd.  Usernames/passwords are kept in 
a pap-secrets or chap-secrets file, and I suspect you can authenticate 
via LDAP or PAM as well (unconfirmed).

As with regular ppp, when the workstation authenticates successfully, it 
becomes part of the network with whatever IP you assigned (individually 
or from a pool).  The VPN connection shows up as another interface in 
ifconfig on the server, so you need to make sure that firewalling rules 
are set properly.  You can do this either globally somehow (ip ranges, 
probably), or per-interface with if-up/if-down scripts.

The system works pretty well.  We are mostly using it at the moment to 
get access to workstations on the LAN via RDP or VNC, to work from home.

Hope this helps.

Regards,
Steve