PPTP-VPN on Stock Kernel

From NAS-Central Buffalo - The Linkstation Wiki
Jump to: navigation, search


Attention: What ever you do, you do it on your own risk

Prerequisite

You have to have firmware 1.34 already installed and opened for telnet access. If not, you can find a guide here: Open Stock Firmware LS-XHL

You need to have the optware IPKG system installed on your device. If not, you can find a guide here: Ipkg_on_the_Linkstation_(for_end-users)

For enabling the Microsoft MPPE-Encryption we need a kernel-Module that can be loaded by the stock kernel. For this you need to download the following package:

 http://downloads.buffalo.nas-central.org/Users/kenatonline/nobody/nobody.tgz

For Firmwares before 1.34 this also may work, but it's unknown if the needed Kernel-Modules are also available.

What's the aim

The aim is to realize a PPTP VPN-Server, that allows users to dial in, establish a PPTP-Tunnel, and work remotely on the LS (or your network).

What is needed

The good news are: if you have downloaded the package above, and if you are running Firmware 1.34 with the optware IPKG Feed, the basics are there.

The bad news: we need to add a kernel-module, the PPTP-Server (POPTOP) and need to configure the things.

How to install the MPPE Kernel Module

Untar the package "nobody.tgz". You will find a new kernel-file and a module-archive "modules.tar". Forget the kernel-file, as we don't need that. Untar the module-archive "modules.tar".

In there you will find the following path: /drivers/net/ In this path you will find the file: ppp_mppe.ko

You need to copy this file to the modules directory of your Linkstation /lib/modules/%kernel-version%/kernel/drivers/net

Now you need to edit the file /etc/modules.conf and ADD the following:

  alias tty-ldisc-3 ppp_async
  alias tty-ldisc-14 ppp_synctty
  alias ppp-compress-18 ppp_mppe
  alias ppp-compress-21 bsd_comp
  alias ppp-compress-24 ppp_deflate
  alias ppp-compress-26 ppp_deflate
  alias net-pf-47 ip_gre

Now we need to update the module-library. Just execute the following command:

  depmod -a

OK, now the kernel-module is installed, and MPPE Encryption is available.

How to install the PPTP-Server

We are using the OpenSource project POPTOP as PPTP-Server. This is available in the optware feed, therefore install it with the following command:

  ipkg install POPTOP

We need to note, that POPTOP is now installed with the base-dir of /opt (like all the optware-packages)

Now we need to modify the start-script of POPTOP, as there is an issue with calling the daemon. So we need to edit the file: /opt/etc/init.d/S20poptop

  Line 11 in the script (starting the daemon) should look like this:
  /opt/sbin/pptpd -c /opt/etc/pptpd.conf -o /etc/ppp/options.pptpd -p /var/run/pptpd.pid

The aim is, to avoid loading something from nvram (as stated originally there), because nothing can be read from nvram.

Now edit the pptp.conf file in /opt/etc; It should contain at least the following:

  ###############################################################################
  # $Id: pptpd.conf 2077 2005-06-10 07:18:16Z jeanfabrice $
  # Sample Poptop configuration file /etc/pptpd.conf
  # Changes are effective when pptpd is restarted.
  ###############################################################################
  # TAG: ppp
  #        Path to the pppd program, default '/usr/sbin/pppd' on Linux
  #
  ppp /usr/local/sbin/pppd
  # TAG: option
  #        Specifies the location of the PPP options file.
  #        By default PPP looks in '/etc/ppp/options'
  #
  option /etc/ppp/options.pptpd
  #
  localip YOUR.IP.ADDRESS.HERE                  # This is the IP-Address of you linkstation
  remoteip YOUR.IP.ADDRESS.POLL-Start-POOL-End  # The addresses that will be assigned to clients, e.g.: 192.168.0.200-230

Now we need to move the file /opt/etc/ppp/options.pptpd to /etec/ppp as the ppp-daemon looks there

  mv /opt/etc/ppp/options.pptpd /etc/ppp

You can also edit this file, but all the needed things are usually already in there.

Adding allowed users

To add users to the PPTP-VPN-Server you need to edit the following file: /etc/ppp/chap-secrets

There you can add usernames, the PPTPD-Server as VPN-Server, passwords, and allowed Remote-IP-Adresses

What is left to do for you?

Now you can start the PPTP-Server (or reboot the maching, as it gets started automatically with optware).

  Otherwise you can call: /opt/etc/init.d/S20poptop start

On the client-side you have to configure the PPTP-Client withthe UName/PW from /etc/ppp/chap-sectrets.

That should do the job.

Changes

2010.09.15: Initial Version