PPTP-VPN on Stock Kernel
From NAS-Central Buffalo - The Linkstation Wiki
Nobody0472 (Talk | contribs) |
Nobody0472 (Talk | contribs) |
||
| (One intermediate revision not shown) | |||
| Line 61: | Line 61: | ||
The aim is, to avoid loading something from nvram (as stated originally there), because nothing can be read from nvram. | The aim is, to avoid loading something from nvram (as stated originally there), because nothing can be read from nvram. | ||
| + | |||
| + | Now edit the pptp.conf file in /opt/etc; It should contain at least the following: | ||
| + | |||
| + | ############################################################################### | ||
| + | # $Id: pptpd.conf 2077 2005-06-10 07:18:16Z jeanfabrice $ | ||
| + | # Sample Poptop configuration file /etc/pptpd.conf | ||
| + | # Changes are effective when pptpd is restarted. | ||
| + | ############################################################################### | ||
| + | # TAG: ppp | ||
| + | # Path to the pppd program, default '/usr/sbin/pppd' on Linux | ||
| + | # | ||
| + | ppp /usr/local/sbin/pppd | ||
| + | # TAG: option | ||
| + | # Specifies the location of the PPP options file. | ||
| + | # By default PPP looks in '/etc/ppp/options' | ||
| + | # | ||
| + | option /etc/ppp/options.pptpd | ||
| + | # | ||
| + | localip YOUR.IP.ADDRESS.HERE # This is the IP-Address of you linkstation | ||
| + | remoteip YOUR.IP.ADDRESS.POLL-Start-POOL-End # The addresses that will be assigned to clients, e.g.: 192.168.0.200-230 | ||
| + | |||
| + | Now we need to move the file /opt/etc/ppp/options.pptpd to /etec/ppp as the ppp-daemon looks there | ||
| + | mv /opt/etc/ppp/options.pptpd /etc/ppp | ||
| + | |||
| + | You can also edit this file, but all the needed things are usually already in there. | ||
| + | |||
| + | =Adding allowed users= | ||
| + | To add users to the PPTP-VPN-Server you need to edit the following file: /etc/ppp/chap-secrets | ||
| + | |||
| + | There you can add usernames, the PPTPD-Server as VPN-Server, passwords, and allowed Remote-IP-Adresses | ||
| + | |||
| + | =What is left to do for you?= | ||
| + | Now you can start the PPTP-Server (or reboot the maching, as it gets started automatically with optware). | ||
| + | Otherwise you can call: /opt/etc/init.d/S20poptop start | ||
| + | |||
| + | On the client-side you have to configure the PPTP-Client withthe UName/PW from /etc/ppp/chap-sectrets. | ||
| + | |||
| + | That should do the job. | ||
| + | |||
| + | =Changes= | ||
| + | 2010.09.15: Initial Version | ||
| + | |||
| + | [[Category:LS-XHL]][[Category:LS-CHLv2]][[Category:LS-WXL]][[Category:TS-WX1.0TL/R1]] | ||
Latest revision as of 08:48, 15 September 2010
Attention: What ever you do, you do it on your own risk
Contents |
Prerequisite
You have to have firmware 1.34 already installed and opened for telnet access. If not, you can find a guide here: Open Stock Firmware LS-XHL
You need to have the optware IPKG system installed on your device. If not, you can find a guide here: Ipkg_on_the_Linkstation_(for_end-users)
For enabling the Microsoft MPPE-Encryption we need a kernel-Module that can be loaded by the stock kernel. For this you need to download the following package:
http://downloads.buffalo.nas-central.org/Users/kenatonline/nobody/nobody.tgz
For Firmwares before 1.34 this also may work, but it's unknown if the needed Kernel-Modules are also available.
What's the aim
The aim is to realize a PPTP VPN-Server, that allows users to dial in, establish a PPTP-Tunnel, and work remotely on the LS (or your network).
What is needed
The good news are: if you have downloaded the package above, and if you are running Firmware 1.34 with the optware IPKG Feed, the basics are there.
The bad news: we need to add a kernel-module, the PPTP-Server (POPTOP) and need to configure the things.
How to install the MPPE Kernel Module
Untar the package "nobody.tgz". You will find a new kernel-file and a module-archive "modules.tar". Forget the kernel-file, as we don't need that. Untar the module-archive "modules.tar".
In there you will find the following path: /drivers/net/ In this path you will find the file: ppp_mppe.ko
You need to copy this file to the modules directory of your Linkstation /lib/modules/%kernel-version%/kernel/drivers/net
Now you need to edit the file /etc/modules.conf and ADD the following:
alias tty-ldisc-3 ppp_async alias tty-ldisc-14 ppp_synctty alias ppp-compress-18 ppp_mppe alias ppp-compress-21 bsd_comp alias ppp-compress-24 ppp_deflate alias ppp-compress-26 ppp_deflate alias net-pf-47 ip_gre
Now we need to update the module-library. Just execute the following command:
depmod -a
OK, now the kernel-module is installed, and MPPE Encryption is available.
How to install the PPTP-Server
We are using the OpenSource project POPTOP as PPTP-Server. This is available in the optware feed, therefore install it with the following command:
ipkg install POPTOP
We need to note, that POPTOP is now installed with the base-dir of /opt (like all the optware-packages)
Now we need to modify the start-script of POPTOP, as there is an issue with calling the daemon. So we need to edit the file: /opt/etc/init.d/S20poptop
Line 11 in the script (starting the daemon) should look like this: /opt/sbin/pptpd -c /opt/etc/pptpd.conf -o /etc/ppp/options.pptpd -p /var/run/pptpd.pid
The aim is, to avoid loading something from nvram (as stated originally there), because nothing can be read from nvram.
Now edit the pptp.conf file in /opt/etc; It should contain at least the following:
############################################################################### # $Id: pptpd.conf 2077 2005-06-10 07:18:16Z jeanfabrice $ # Sample Poptop configuration file /etc/pptpd.conf # Changes are effective when pptpd is restarted. ############################################################################### # TAG: ppp # Path to the pppd program, default '/usr/sbin/pppd' on Linux # ppp /usr/local/sbin/pppd # TAG: option # Specifies the location of the PPP options file. # By default PPP looks in '/etc/ppp/options' # option /etc/ppp/options.pptpd # localip YOUR.IP.ADDRESS.HERE # This is the IP-Address of you linkstation remoteip YOUR.IP.ADDRESS.POLL-Start-POOL-End # The addresses that will be assigned to clients, e.g.: 192.168.0.200-230
Now we need to move the file /opt/etc/ppp/options.pptpd to /etec/ppp as the ppp-daemon looks there
mv /opt/etc/ppp/options.pptpd /etc/ppp
You can also edit this file, but all the needed things are usually already in there.
Adding allowed users
To add users to the PPTP-VPN-Server you need to edit the following file: /etc/ppp/chap-secrets
There you can add usernames, the PPTPD-Server as VPN-Server, passwords, and allowed Remote-IP-Adresses
What is left to do for you?
Now you can start the PPTP-Server (or reboot the maching, as it gets started automatically with optware).
Otherwise you can call: /opt/etc/init.d/S20poptop start
On the client-side you have to configure the PPTP-Client withthe UName/PW from /etc/ppp/chap-sectrets.
That should do the job.
Changes
2010.09.15: Initial Version
