PPTP-VPN on Stock Kernel

From NAS-Central Buffalo - The Linkstation Wiki
Revision as of 14:48, 3 May 2014 by Moefr (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


Attention: What ever you do, you do it on your own risk

Contents

Prerequisite

You have to have firmware 1.34 already installed and opened for telnet access. If not, you can find a guide here: Open Stock Firmware LS-XHL

You need to have the optware IPKG system installed on your device. If not, you can find a guide here: Ipkg_on_the_Linkstation_(for_end-users)

For enabling the Microsoft MPPE-Encryption we need a kernel-Module that can be loaded by the stock kernel. For this you need to download the following package:

 http://downloads.buffalo.nas-central.org/Users/kenatonline/nobody/nobody.tgz

For Firmwares before 1.34 this also may work, but it's unknown if the needed Kernel-Modules are also available.

What's the aim

The aim is to realize a PPTP VPN-Server, that allows users to dial in, establish a PPTP-Tunnel, and work remotely on the LS (or your network).

What is needed

The good news are: if you have downloaded the package above, and if you are running Firmware 1.34 with the optware IPKG Feed, the basics are there.

The bad news: we need to add a kernel-module, the PPTP-Server (POPTOP) and need to configure the things.

How to install the MPPE Kernel Module

Untar the package "nobody.tgz". You will find a new kernel-file and a module-archive "modules.tar". Forget the kernel-file, as we don't need that. Untar the module-archive "modules.tar".

In there you will find the following path: /drivers/net/ In this path you will find the file: ppp_mppe.ko

You need to copy this file to the modules directory of your Linkstation /lib/modules/%kernel-version%/kernel/drivers/net

Now you need to edit the file /etc/modules.conf and ADD the following:

  alias tty-ldisc-3 ppp_async
  alias tty-ldisc-14 ppp_synctty
  alias ppp-compress-18 ppp_mppe
  alias ppp-compress-21 bsd_comp
  alias ppp-compress-24 ppp_deflate
  alias ppp-compress-26 ppp_deflate
  alias net-pf-47 ip_gre

Now we need to update the module-library. Just execute the following command:

  depmod -a

OK, now the kernel-module is installed, and MPPE Encryption is available.

How to install the PPTP-Server

We are using the OpenSource project POPTOP as PPTP-Server. This is available in the optware feed, therefore install it with the following command:

  ipkg install POPTOP

We need to note, that POPTOP is now installed with the base-dir of /opt (like all the optware-packages)

Now we need to modify the start-script of POPTOP, as there is an issue with calling the daemon. So we need to edit the file: /opt/etc/init.d/S20poptop

  Line 11 in the script (starting the daemon) should look like this:
  /opt/sbin/pptpd -c /opt/etc/pptpd.conf -o /etc/ppp/options.pptpd -p /var/run/pptpd.pid

The aim is, to avoid loading something from nvram (as stated originally there), because nothing can be read from nvram.

Now edit the pptp.conf file in /opt/etc; It should contain at least the following:

  ###############################################################################
  # $Id: pptpd.conf 2077 2005-06-10 07:18:16Z jeanfabrice $
  # Sample Poptop configuration file /etc/pptpd.conf
  # Changes are effective when pptpd is restarted.
  ###############################################################################
  # TAG: ppp
  #        Path to the pppd program, default '/usr/sbin/pppd' on Linux
  #
  ppp /usr/local/sbin/pppd
  # TAG: option
  #        Specifies the location of the PPP options file.
  #        By default PPP looks in '/etc/ppp/options'
  #
  option /etc/ppp/options.pptpd
  #
  localip YOUR.IP.ADDRESS.HERE                  # This is the IP-Address of you linkstation
  remoteip YOUR.IP.ADDRESS.POLL-Start-POOL-End  # The addresses that will be assigned to clients, e.g.: 192.168.0.200-230

Now we need to move the file /opt/etc/ppp/options.pptpd to /etec/ppp as the ppp-daemon looks there

  mv /opt/etc/ppp/options.pptpd /etc/ppp

You can also edit this file, but all the needed things are usually already in there.

Adding allowed users

To add users to the PPTP-VPN-Server you need to edit the following file: /etc/ppp/chap-secrets

There you can add usernames, the PPTPD-Server as VPN-Server, passwords, and allowed Remote-IP-Adresses

What is left to do for you?

Now you can start the PPTP-Server (or reboot the maching, as it gets started automatically with optware).

  Otherwise you can call: /opt/etc/init.d/S20poptop start

On the client-side you have to configure the PPTP-Client withthe UName/PW from /etc/ppp/chap-sectrets.

That should do the job.

Changes

2010.09.15: Initial Version