PPTP-VPN on Stock Kernel

Attention: What ever you do, you do it on your own risk

=Prerequisite= You have to have firmware 1.34 already installed and opened for telnet access. If not, you can find a guide here: Open Stock Firmware LS-XHL

You need to have the optware IPKG system installed on your device. If not, you can find a guide here: Ipkg_on_the_Linkstation_(for_end-users)

For enabling the Microsoft MPPE-Encryption we need a kernel-Module that can be loaded by the stock kernel. For this you need to download the following package:

http://downloads.buffalo.nas-central.org/Users/kenatonline/nobody/nobody.tgz

For Firmwares before 1.34 this also may work, but it's unknown if the needed Kernel-Modules are also available.

=What's the aim= The aim is to realize a PPTP VPN-Server, that allows users to dial in, establish a PPTP-Tunnel, and work remotely on the LS (or your network).

=What is needed= The good news are: if you have downloaded the package above, and if you are running Firmware 1.34 with the optware IPKG Feed, the basics are there.

The bad news: we need to add a kernel-module, the PPTP-Server (POPTOP) and need to configure the things.

=How to install the MPPE Kernel Module= Untar the package "nobody.tgz". You will find a new kernel-file and a module-archive "modules.tar". Forget the kernel-file, as we don't need that. Untar the module-archive "modules.tar".

In there you will find the following path: /drivers/net/ In this path you will find the file: ppp_mppe.ko

You need to copy this file to the modules directory of your Linkstation /lib/modules/%kernel-version%/kernel/drivers/net

Now you need to edit the file /etc/modules.conf and ADD the following: alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-47 ip_gre

Now we need to update the module-library. Just execute the following command: depmod -a

OK, now the kernel-module is installed, and MPPE Encryption is available.

=How to install the PPTP-Server= We are using the OpenSource project POPTOP as PPTP-Server. This is available in the optware feed, therefore install it with the following command: ipkg install POPTOP

We need to note, that POPTOP is now installed with the base-dir of /opt (like all the optware-packages)

Now we need to modify the start-script of POPTOP, as there is an issue with calling the daemon. So we need to edit the file: /opt/etc/init.d/S20poptop

Line 11 in the script (starting the daemon) should look like this: /opt/sbin/pptpd -c /opt/etc/pptpd.conf -o /etc/ppp/options.pptpd -p /var/run/pptpd.pid

The aim is, to avoid loading something from nvram (as stated originally there), because nothing can be read from nvram.

Now edit the pptp.conf file in /opt/etc; It should contain at least the following:

###############################################################################  # $Id: pptpd.conf 2077 2005-06-10 07:18:16Z jeanfabrice $ # Sample Poptop configuration file /etc/pptpd.conf # Changes are effective when pptpd is restarted. ###############################################################################  # TAG: ppp #       Path to the pppd program, default '/usr/sbin/pppd' on Linux #  ppp /usr/local/sbin/pppd # TAG: option #       Specifies the location of the PPP options file. #       By default PPP looks in '/etc/ppp/options' #  option /etc/ppp/options.pptpd #  localip YOUR.IP.ADDRESS.HERE                  # This is the IP-Address of you linkstation remoteip YOUR.IP.ADDRESS.POLL-Start-POOL-End # The addresses that will be assigned to clients, e.g.: 192.168.0.200-230

Now we need to move the file /opt/etc/ppp/options.pptpd to /etec/ppp as the ppp-daemon looks there mv /opt/etc/ppp/options.pptpd /etc/ppp

You can also edit this file, but all the needed things are usually already in there.

=Adding allowed users= To add users to the PPTP-VPN-Server you need to edit the following file: /etc/ppp/chap-secrets

There you can add usernames, the PPTPD-Server as VPN-Server, passwords, and allowed Remote-IP-Adresses

=What is left to do for you?= Now you can start the PPTP-Server (or reboot the maching, as it gets started automatically with optware). Otherwise you can call: /opt/etc/init.d/S20poptop start

On the client-side you have to configure the PPTP-Client withthe UName/PW from /etc/ppp/chap-sectrets.

That should do the job.

=Changes= 2010.09.15: Initial Version