# PPTP-Server / Gentoo 2.6.8 (finally) works - that's how...

## ytak

[updated last: 4. September 2004]

Hi Folks!

I finally figured out how this PPTP-Stuff under Gentoo works. I wanna give you all my configuration scripts and tell you how I made it work so hopefully you can work it out too  :Smile: 

```

mkdir /ppp

emerge gentoo-dev-sources (install new Kernel sources - will take some time)

emerge pptpd

emerge --fetchonly /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild --> ppp will be downloaded to /usr/portage/distfiles

cp /usr/portage/distfiles/ppp-2.4.2.tar.gz /ppp

cd /ppp

tar -xvzf ppp-2.4.2.tar.gz

```

Download appropriate patches for Kernel & PPPd from here:

 Kernel: http://www.polbox.com/h/hs001/linux-2.6.8-mppe-mppc-1.1.patch.gz

 PPP: http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-1.1.patch.gz

to /ppp

Note: Do NOT try to simply "emerge ppp" cuz the ppp that's coming from gentoo (the -r2) is patched with the mppe-mppc-patch 0.8 and thus not completly compatible with the kernel-patch. I've had many problems because of this tiny little sh...  :Smile: 

Make symbolic links to your Kernel:

```

cd /usr/src

ln -s linux-2.6.8-gentoo linux-2.6.8

rm linux

ln -s linux-2.6.8-gentoo linux

```

Enter Kernel-Configuration:

```

cd linux

make menuconfig

--> EXIT AND SAVE

```

Apply Kernel-Patch:

```

cd /usr/src

cp /ppp/linux-2.6.8-mppe-mppc-1.1.patch.gz ./

patch -p0 <linux-2.6.8-mppe-mppc-1.1.patch.gz

```

Apply PPP-Patch:

```

cd /ppp

patch -p0 <ppp-2.4.2-mppe-mppc-1.1.patch.gz

```

Compile PPPd:

```

emerge libpcap

cp /usr/include/bpf.h /ppp/ppp-2.4.2/include/net

ldconfig

cd ppp-2.4.2

./configure

make

make install

```

 *Quote:*   

> Note: If the file "bpf.h" doesn't exist, just copy "pcap-bpf.h" and recompile; bpf.h is actually just a symbolic link to pcap-bpf.h

 

Compile new Kernel

```

cd /usr/src/linux

make menuconfig

```

--> Do all the modifications needed for your system plus you should enable these (some are for IPSEC only but as a module they don't really hurt...):

```

Cryptographic options  --->

  [*] Cryptographic API

  [*]   HMAC support 

  <M>   MD5 digest algorithm 

  ---   SHA1 digest algorithm  

  <M>   SHA256 digest algorithm 

  <M>   SHA384 and SHA512 digest algorithms 

  <M>   DES and Triple DES EDE cipher algorithms 

  ---   ARC4 cipher algorithm  

  <M>   Deflate compression algorithm

and

Device Drivers  --->

  Networking support  --->

   <*>   PPP (point-to-point protocol) support  

   [*]     PPP filtering

   <*>     PPP support for async serial ports 

   <*>     PPP support for sync tty ports 

   <*>     PPP Deflate compression 

   <*>     PPP BSD-Compress compression      

   <*>     Microsoft PPP compression/encryption (MPPC/MPPE)

```

Now leave the configuration and SAVE the newly made settings.

Bake your new kernel: (as root)

```

mount /boot

make && make modules modules_install install

```

--- Restart the System ---

Now your Kernel supports the MPPE/MPPC implementation and PPPd is successfully patched to handle this (in case that everything went fine so far).

Now we can do the configuration stuff. Therefor I just give you my configuration-Settings to play with. I removed the "require-mppe-128" option from the "options.pptp"-File because the patched ppp-package supports it by default and asks for 128bit encryption. Well, here are the configs:

```

/etc # cat pptpd.conf

option /etc/ppp/options.pptp

speed 115200

listen 192.168.1.10

localip 192.168.1.200

remoteip 192.168.1.201-210

debug

remote

pidfile /var/run/pptpd.pid

```

```

/etc/ppp # cat options.pptp

name *

#remotename remoteuser

lock

mtu 1450

mru 1450

proxyarp

#auth

noauth

local

netmask 255.255.255.0

noipx

nobsdcomp

ipcp-accept-local

ipcp-accept-remote

lcp-echo-failure 3

lcp-echo-interval 5

nodeflate

# Handshake Auth Method

-chap

-mschap

+mschap-v2

# Data Encryption Methods

#require-mppe

#require-mppe-128

ms-wins 192.168.1.10

ms-dns 194.158.230.53

#ms-dns 192.168.1.100

#defaultroute

#nodefaultroute

#noreplacedefaultroute

idle 600

```

```

/etc/ppp # cat chap-secrets

#Client         Server          Password                IP Address

vpnusername     *               password                *

```

So, the 1 difficulty is to install the ppp-package manually. Without applying the actual patch you CAN MAKE A VPN-CONNECTION, BUT IT'S UNSTABLE OR EVEN UNUSABLE! Boy I wasted so much time finding THAT out  :Smile: 

Well, good luck to all! Hope I didn't forget anything. If you have any questions concerning PPTP stuff I'll try to answer them. Have fun!Last edited by ytak on Sat Sep 04, 2004 4:07 pm; edited 1 time in total

----------

## ElForesto

I'm glad someone took the time to write this! I've been wanting to move our PPTP operations off of a Win2K box to Linux for some time now.

I get an error when attempting the first patch, however.

```
root@aplv src # patch -p0 < linux-2.6.8-mppe-mppc-1.1.patch.gz

patch unexpectedly ends in middle of line

patch: **** Only garbage was found in the patch input.

root@aplv src #

```

I had to end up decompressing the patch first. Then I ran into another problem... a file that doesn't exist.

```
root@aplv ppp # ls /usr/include/b*

-rw-r--r--  1 root root 146K May 18 15:40 /usr/include/bfd.h

-rw-r--r--  1 root root  26K May 18 15:40 /usr/include/bfdlink.h

-rw-r--r--  1 root root 3.0K Aug 13 11:48 /usr/include/bkpublic.h

-rw-r--r--  1 root root 1.5K Aug 11 14:42 /usr/include/byteswap.h

-rw-r--r--  1 root root 7.7K Feb 19 07:23 /usr/include/bzlib.h

```

I found a similar file, /usr/include/pcap-bpf.h Is this the one I should be using?

----------

## Mben

i just recently got this working on my own and was going to write a simmilar howto untill i saw this one. good work. i thought i would add that the option 

logfd 2

in /etc/ppp/options.pptpd 

can help diagnose problems. it gives you a lot of debugging output at the terminal when a client logs in.

also is there any way to bridge the connections of 2 clients. for example if i have client a connected (192.168.1.3) on ppp0 and client b connected (192.168.1.4) on ppp1 i want to be able to have client a and b communicate. can this be done?

----------

## ytak

Yes this can be done. Yet so simple since they are both in the same subnet (192.168.1.0/24).

As long as they are in the same subnet your Linux-VPN-Gateway knows how to handle the traffic between the net-devices. 

It would be way more complex if they used another subnet like 192.168.99.0/24 and your LinuxBox was running at 192.168.1.0/24. Thus you'd have to set up the routing to the several networks like

route add -net 192.168.1.0 netmask 255.255.255.0 dev ppp0  etc...

But until now I haven't got it running properly yet because of client-configuration-problems concerning the default-gateway-config.

I ain't quite sure but I think you will have to enable "IPForward" in order to get this thing work with

```

echo "1" >/proc/sys/net/ipv4/ip_forward

```

you can add this line to one of your startup-scripts. I think there's also a way to enable it by default in your kernel-settings.

Greetz!

----------

## ytak

 *Quote:*   

> 
> 
> I get an error when attempting the first patch, however. 
> 
> Code:	
> ...

 

You will have to make sure to be in the correct directory (cuz the patchfile contains the needed directory-tree). That means your kernel-dir HAS TO BE NAMED after "linux-2.6.8". Best way to do this with a symbolic link:

```

cd /usr/src 

ln -s linux-2.6.8-gentoo linux-2.6.8 

 [ where "linux-2.6.8-gentoo" is the current kernel-src-DIR and "linux-2.6.8" the new name for it ]

```

Now you'll HAVE TO BE in /usr/src DIR in order to be able to apply the patch with 

```

patch -p0 <linux-2.6.8-mppe-mppc-1.1.patch.gz

```

if it's still not working try "-p1" instead of "-p0". Thus the directory tree is being cut by 1 step (see man patch)

The BPF.H File comes from the "libpcap" package. You should do (as mentioned in my little pptp-tutorial above) a

```

emerge libpcap

```

After compiling the libs callup "ldconfig" to update the ld-cache and you will find a bpf.h file in /usr/include/bpf.h. But I didn't have to copy any files manually for the kernel-patch, just for the ppp-patch. Maybe you used other kernel-sources than I did? (gentoo-dev-sources 2.6. :Cool: . It worked fine here and without any problem with the actual gentoo-dev-sources.

So far.... Hope I could help you!

Good Luck!  :Wink: 

----------

## Mben

 *ytak wrote:*   

> Yes this can be done. Yet so simple since they are both in the same subnet (192.168.1.0/24).
> 
> ```
> 
> echo "1" >/proc/sys/net/ipv4/ip_forward
> ...

 

thanks so much, it workes perfectly.

----------

## mcr072378

All,

Thanks for the great post.  Couple questions.

Will this work with the current 2.6.8-r1 kernel?

Also will this work with the pptpd client

<http://pptpclient.sourceforge.net/howto-gentoo.phtml>

Thanks

----------

## sf_alpha

This is my work, Works well for 2 months

At Least 2.6.8-r1 works

Optain portage overlay here, distfiles, for Lastest Poptop and pppd

http://sf-alpha.bjgang.org/PPTP/

```

cd /usr/src/linux-2.6.8-gentoo-r1

zcat wher_patch.gz  |  patch -p1

```

config you kernel to support MPPC,MPPE and then emereg ppp, pptpd using portage overlay

(Test it for me too )

----------

## mcr072378

Hi all,

I have followed the instructions and I seem to be having some issues with the kernel patch

Currently my kernel is 2.6.8 and I have grub booting off of kernel /vmlinuz /dev/hda1

With the symbolic links we have created do I have to recompile my kernel to be linux-2.6.8 instead of vmlinuz in order for this patch to work?

Code:

root@alphabeat # patch -p0 < linux-2.6.8-mppe-mppc-1.1.patch.gz

patch unexpectedly ends in middle of line

patch: **** Only garbage was found in the patch input.

root@alphabeta #

----------

## mcr072378

I have made the change that I was previously posting about, it now boots off of kernel /linux-2.6.8 instead of vmlinuz.

Still getting the same error.  There has to be something I am missing, anyone have any ideas?

----------

## mcr072378

Well you all won't believe it, or maybe you will.  The patch was bad.  IE when it was downloaded it didn't copy over correctly.  I had to copy all of the text from the url and then make my own patch, seemed to work but I will see...keep ya all posted. Thanks for even looking

----------

## mcr072378

All,

I am having a problem with this step;

emerge libpcap

cp /usr/include/bpf.h /ppp/ppp-2.4.2/include/net

ldconfig

cd ppp-2.4.2

./configure

make

make install 

I don't have the bpf.h file even after emerge libpcap.  Any ideas?

----------

## drakos7

edit: top post deprecates this comment

----------

## drakos7

edit: top post deprecates this comment

Aside: notice that at this point in time all of mcr072378's posts (5) are in this thread?   :Laughing: Last edited by drakos7 on Wed Sep 22, 2004 9:02 pm; edited 1 time in total

----------

## ytak

Hey Folkz!

I'm happy about you enjoying my little PPTP-Docu and that there have been so less problems discovered so far!

Actually my documentation lacks on the step of copying the bpf.h to PPP's include-directory. The file bpf.h is just a symbolic link to pcap-bpf.h

```

lrwxr-xr-x  1  root  root  10  Aug  12  16:40  bpf.h  ->  pcap-bpf.h

```

Thus copying the pcap-bpf.h to the include-DIR is correct as well.

Lots of fun furthermore - hope I can help with this post

Experiences so far: I'm using this setup now for about 3 Weeks and haven't had any problem yet -> to be recommended  :Smile: 

Greetz!

----------

## GurliGebis

Instead of manually unpacking and patching ppp, you should do it this way:

go to /usr/portage/net-dialup/ppp/files/2.4.2, and place the patch there.

go to /usr/portage/net-dialup/ppp and edit ppp-2.4.2-r2.ebuild .

at line 30 you see: 

```
epatch ${FILESDIR}/${PV}/stdopt-mppe-mppc-0.82.patch.gz
```

Change it to: 

```
epatch ${FILESDIR}/${PV}/ppp-2.4.2-mppe-mppc-1.1.patch.gz
```

Save and emerge ppp.

----------

## PeeJay

I've patched the kernel (2.6.7 r14) and ppp and I can get winxp to connect but there is no data flowing over the link. I can see the light flashing on the hub when I try and ping but it dosen't get through.

Any ideas?

----------

## GurliGebis

 *PeeJay wrote:*   

> I've patched the kernel (2.6.7 r14) and ppp and I can get winxp to connect but there is no data flowing over the link. I can see the light flashing on the hub when I try and ping but it dosen't get through.
> 
> Any ideas?

 

Are you using iptables on the box?

What does the /var/log/everything/current say?

----------

## PeeJay

I think i'm using iptables

this is the log output:

```
Sep 15 15:01:25 [pptpd] CTRL: Client 192.168.0.2 control connection started

Sep 15 15:01:25 [pptpd] CTRL: Starting call (launching pppd, opening GRE)

Sep 15 15:01:25 [pppd] pppd 2.4.2 started by root, uid 0

Sep 15 15:01:25 [pppd] Using interface ppp1

Sep 15 15:01:25 [pppd] Connect: ppp1 <--> /dev/pts/2

Sep 15 15:01:25 [pptpd] GRE: Discarding duplicate packet

Sep 15 15:01:28 [pptpd] CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Sep 15 15:01:28 [pppd] local  IP address 10.1.10.1

Sep 15 15:01:28 [pppd] remote IP address 10.1.10.10

Sep 15 15:01:28 [pppd] MPPC/MPPE 128-bit stateful compression enabled

Sep 15 15:02:07 [pppd] LCP terminated by peer (>g^]M-T^@<M-Mt^@^@^@^@)

Sep 15 15:02:07 [pppd] Modem hangup

Sep 15 15:02:07 [pppd] Connection terminated.

Sep 15 15:02:07 [pppd] Connect time 0.7 minutes.

Sep 15 15:02:07 [pppd] Sent 2291 bytes, received 5329 bytes.

Sep 15 15:02:07 [pptpd] CTRL: Client 192.168.0.2 control connection finished

Sep 15 15:02:07 [pppd] Terminating on signal 2.

Sep 15 15:02:07 [pppd] Connect time 0.7 minutes.

Sep 15 15:02:07 [pppd] Sent 2291 bytes, received 5329 bytes.

Sep 15 15:02:07 [pppd] Exit.

S
```

----------

## GurliGebis

It seems like it's an error at the windows box.

About iptables, I accept incomming packets on ppp+ interfaces, and allows forward between ppp+ and eth1 (internal interface).

----------

## drakos7

FYI: I successfully patched 2.6.9-rc2-mm3 with the linux-2.6.8-mppe-mppc-1.1 patch. Of course YMMV.

----------

## sf_alpha

 *mcr072378 wrote:*   

> Hi all,
> 
> I have followed the instructions and I seem to be having some issues with the kernel patch
> 
> Currently my kernel is 2.6.8 and I have grub booting off of kernel /vmlinuz /dev/hda1
> ...

 

You need zcat .. it gzipped ! huh

----------

## sf_alpha

 *PeeJay wrote:*   

> I think i'm using iptables
> 
> this is the log output:
> 
> ```
> ...

 

try add debug option in /etc/ppp/options.pptpd and watch the log

----------

## drakos7

Kernel patch for 2.6.9 is now available:

http://www.polbox.com/h/hs001/linux-2.6.9-mppe-mppc-1.1.patch.gz

----------

## Mben

do you know what they changed? i have been using the 2.6.8 version with both 2.6.9 and 2.6.10-rc1 adn it seems fine. i havent had a need for it lately though

----------

## drakos7

sorry. no clue what changed. YOu could just do a diff on the two patches respective files... a diff on the diffs.   :Wink: 

----------

## Mben

ok. well i dont know much c so that doesn't get me far. anyway thanks for pointing it out. i guess if it ain't broke dont fix it  :Wink: 

----------

## nocternal

OK, Thanks!  I got pptpd running (with MPPE-128 with help from other threads here on gentoo.org).

Anyways... I'm getting another error messages (nothing that's stopping the connection from working).  I get the following message for proxyarp:

Nov 12 22:40:31 daffy pptpd[31236]: CTRL: Received PPTP Control Message (type: 15)

Nov 12 22:40:31 daffy pptpd[31236]: CTRL: Ignored a SET LINK INFO packet with real ACCMs!

Nov 12 22:40:31 daffy pppd[31237]: MPPC/MPPE 128-bit stateful compression enabled

Nov 12 22:40:34 daffy pppd[31237]: Cannot determine ethernet address for proxy ARP

Nov 12 22:40:34 daffy pppd[31237]: local  IP address 172.20.20.1

Nov 12 22:40:34 daffy pppd[31237]: remote IP address 172.20.20.20

Here's my interfaces setup on my Gentoo box (now running 2.6.9-gentoo-r1 w/ ppp 2.4.2-r9:

eth0:  Internet connection --  x.x.x.x/23

eth1:  Lan --  10.20.30.128/25

eth2:  Wireless LAN --  172.17.20.80/29

PPTP Pool:  172.20.20.0/24

I have put in all the proper iptables rules to permit access from the PPTP pool to my other networks.  Everything works.  

What is the recommended setup for the localip and remoteip variables in this case -- should one place the PPTP pool on the same network as your LAN (eth1 in my case).

The reason I ask this is that I believe you need this proxyarp to work to permit LAN games to work properly on VPN -- games that broadcast (BCRelay is configured....)

Some insight would be helpful... TIA!    :Very Happy: 

----------

## bin-doph

well nice howto. I'd like to know if somebody has yet got poptop working to auth against a win2k (or winxp) dc? There is a patch from Adam Williams (site) but that patch is broken and only tested against openldap servers. I have a guess that it's because the ms-ras stuff needs to check the ad-attribute msNPAllowDialin for TRUE but ... well it's only a guess :>

anybody tried or has experience with that issue?

cheers

-fe

----------

## PeeJay

Works on win2k and winxp for me. Now that pppd has the patches built in it makes it all much easier   :Smile: 

----------

## bin-doph

 *PeeJay wrote:*   

> Works on win2k and winxp for me. Now that pppd has the patches built in it makes it all much easier  

 

could you be a bit more specific about that? u tried it with win2k and winxp DC's/domains and used ldap for authentification? is there a piece of documentation about that? the poptop-hp says nothing about a patch except that from adam williams

----------

## PeeJay

No, I didn't use ldap.

----------

## drzap

 *ytak wrote:*   

> 
> 
> I ain't quite sure but I think you will have to enable "IPForward" in order to get this thing work with
> 
> ```
> ...

 

Set:

net.ipv4.ip_forward = 1

in /etc/sysctl.conf

----------

## rusxakep

new kernel patch:

http://www.polbox.com/h/hs001/linux-2.6.9-mppe-mppc-1.2.patch.gz

----------

## ben0it

Cool, I just noticed that the mppe-mppc ppp patch is now included in ppp-2.4.3-r1 (still masked, but anyway):

```

USE="mppe-mppc" emerge ">=ppp-2.4.3-r1"

```

Next step is its inclusion in the kernel  :Smile: 

----------

## asiobob

the mppe-mppc patch from the polbox site will never be included in the vanila kernel tree because the mppc part is pateted in some countries.

Of course it could be included in another patch set but I'm not sure of the potential problems that could arise.

Right now we (I) just do  it myself and it works great. However would I be sending this message  :Very Happy: 

----------

## Mben

the version for 2.6.10 is out by the way  :Exclamation:   it also seems to work with 2.6.11-rc1 but i havent tried to use it yet. the 2.6.9 version didnt work well with 2.6.10

----------

## drakos7

the 2.6.10 patch applied cleanly to gentoo-dev-sources-2.6.11 also. Need to road test it now.

----------

## nrdu

 *ytak wrote:*   

> [updated last: 4. September 2004]
> 
> Download appropriate patches for Kernel & PPPd from here:
> 
>  Kernel: http://www.polbox.com/h/hs001/linux-2.6.8-mppe-mppc-1.1.patch.gz
> ...

 

Looking at the digest file for ppp, I see:

```
MD5 362bcf218fba8afbb9afbee7471e5dac ppp-2.4.2.tar.gz 774441

MD5 fac00b23c87223d1d6cc8a0a169b5719 ppp-2.4.2-patches-20050729.tar.gz 13162

MD5 0d2679907627f68dd6a2c32d1c7dda90 ppp-2.4.2-mppe-mppc-1.1.patch.gz 12532

MD5 9d2f3febf510c5b0cbb4dacba713a217 ppp-dhcpc.tgz 33497

```

Can one say that now with ppp using the 1.1 patch or mppe-mppc that you can use emerge and not have to install ppp by hand?

----------

## PeeJay

I haven't patched ppp since last year I think....

----------

