# PPTP tunnels with kernel 2.6

## minaguib

It took me all day to get this PPTP tunnel to my office working under the 2.6 kernel so I decided to document it here:

1. Use the 2.6 kernel.  Current version in portage is 2.6.5-gentoo-r1

2. Download the appropriate MPPE/MPPC patch from here - In case of the 2.6.5 kernel it's linux-2.6.5-mppe-mppc-1.0.patch.gz

3. Patch your kernel source tree with the downloaded patch

4. Configure your kernel, make sure all these are enabled/compiled as modules:

```

#Device Drivers ---> Networking support ---> 

<M> PPP (point-to-point protocol) support

<M>   PPP support for async serial ports

<M>   Microsoft PPP compression/encryption (MPPC/MPPE)

#Cryptographic options  ---> 

[*] Cryptographic API

<M>   ARC4 cipher algorithm

```

5. Install your kernel, install modules, reboot if necessary, run modules-update

6. Download this file and save it ontop of (override) /usr/portage/net-dialup/ppp/files/2.4.2/stdopt-mppe-mppc-0.82.patch.gz

7. Install/re-install ppp: emerge /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild

8. Install/re-install pptpclient if necessary

9. Modify /etc/ppp/options.conf - Change these lines:

```

mppe-40

mppe-128

mppe-stateless

```

to so:

```

#mppe-40

#mppe-128

#mppe-stateless

```

10. NOW you can finally follow all the docs out there:

10a. Edit /etc/ppp/chap-secrets, add:

```

DOMAINNAME\\username ANYVPNNAME password

ANYVPNNAME DOMAINNAME\\username password

```

10b. Edit/create /etc/ppp/peers/ANYVPNNAME :

```

# Server IP: XX.YY.ZZ.AA

# Route: add -net XX.YY.0.0 netmask 255.255.0.0 dev TUNNEL_DEV

name DOMAINNAME\\username

remotename ANYVPNNAME

file /etc/ppp/options.pptp

```

11. If all goes well, you can start your tunnel: pptp-command start ANYVPNNAMELast edited by minaguib on Mon Jun 28, 2004 2:15 am; edited 1 time in total

----------

## hununu

Has anyone been using the patches for the kernel and ppp on a kernel 2.6.6 to connect to a Windows VPN ? I'm gettin a kernel does not support MPPE  :Sad: 

----------

## jammerJ

I've tried pretty much every tutorial and patch out there.

I always end up with the following after modprobe ppp_mppe_mppc (from dmesg)

```

PPP generic driver version 2.4.2

devfs_mk_dev: could not append to parent for ppp

failed to register PPP device (-17)

ppp_mppe_mppc: Unknown symbol ppp_register_compressor

ppp_mppe_mppc: Unknown symbol ppp_unregister_compressor

```

I figure that it's not related to any of the patches, because I don't get errormessages during compile.

Any ideas are greatly appreciated.

----------

## hununu

I can successfully compile and load the module using development-sources and the patches for 2.6.6 kernel. My problem is not being able to make ppp see it  :Neutral: 

----------

## Sinneh

 *hununu wrote:*   

> I can successfully compile and load the module using development-sources and the patches for 2.6.6 kernel. My problem is not being able to make ppp see it 

 

where do you get these patches? the site mentioned in the first post seems to be down or moved or smtg, googled for it but no success.

i need mppe support  :Sad: 

----------

## mamash

Me too. The whole polbox.com server seems to be down for a couple of days and no mirror anywhere. Does anybody have the patch at hand?

----------

## Brandoo

OK, Have spent quite a lot of time today checking this out.

I have got to the point where the tunnel is created - so I guess its a great start  :Smile: 

You will need to familiarise (spelling??) yourself with the site http://www.polbox.com/h/hs001/

Also, this has been great for a rough guide - follow it.

There were 3 things that had me stumped and  this page provided lots of help!

Problem #1: remote system is required to authenticate itself

Easily fixed from the above link  *Quote:*   

> Make sure that noauth option is in the options file, or given to pppd via the command line. Make sure that require-mschap-v2 require-mschap require-chap require-pap require-eap options are not used.

 

Problem #2: MPPE required, but kernel has no support.

This was the major problem I had - my kernel was patched, I was absolutly positive ppp was also patched, so what was the problem.

I noticed this from the above link:  *Quote:*   

> Ensure the versions of PPP and PPP's MPPE kernel support match.

 

I patched the kernel with the recommended patch from the MPPE patch site, PPP was patched through the ebuild. I checked the kerlen patch version (I used linux-2.4.26-mppe-mppc-1.0.patch.gz) and found I was using the latest 1.0 patch.

Looking at /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild I saw  *Quote:*   

> epatch ${FILESDIR}/${PV}stdopt-mppe-mppc-0.82.patch.gz

 

The Kernel version and PPP patch version need to be consistent, PPP patch was 0.82.

Through the IRC channel and some help from marienz (Cheers!) I worked out how to apply the correct patch to the ebuild I was using (was using the unstable ebuild).

Change dir to /usr/portage/net-dialup/ppp/files/2.4.2/

Download the latest required patch to match the kernel patch

```
wget http://www.polbox.com/h/hs001/ppp-2.4.2-mppe-mppc-1.0.patch.gz
```

Edit the ebuild

```
nano /usr/portage/net-dialup/ppp/ppp-2.4.2-r2.ebuild
```

Change the epatch line to use the correct patch

```
epatch ${FILESDIR}/${PV}/ppp-2.4.2-mppe-mppc-1.0.patch.gz
```

Build ppp again

```
ACCEPT_KEYWORDS="~x86" emerge ppp
```

Reboot and try reconnecting

Problem #3: More peer/option errors

I had to remove the option require-mppe from both the peer and options file - this is my current options.pptp file that I can now connect with:

```
lock

 

noauth

nobsdcomp

nodeflate

 

refuse-pap

refuse-chap

refuse-mschap

#refuse eap

#require-mppe

```

Hope this may help some of you ppl struggling through this - at the least understand the problem(s).

----------

## BeFalou

 *jammerJ wrote:*   

> I've tried pretty much every tutorial and patch out there.
> 
> I always end up with the following after modprobe ppp_mppe_mppc (from dmesg)
> 
> ```
> ...

 

I've exactly the same problem, and i can't find a way to fix it... I'm using kernel 2.6.7+mppe1.0 patch.

----------

## BeFalou

Fixed: https://bugs.gentoo.org/show_bug.cgi?id=47519

Hope this helps.

----------

## castrik

 *Brandoo wrote:*   

> 
> 
> I had to remove the option require-mppe from both the peer and options file

 

Doesn't this mean that your tunnel has no encryption now, well at least when communicating with windows clients?

----------

## Brandoo

You would think - but with this error message, pppd will return an error Re: unrecognised command.

The VPN I'm connecting to requires encrytion, will not connect without it - without this option I connect fine.

----------

## minaguib

 *castrik wrote:*   

>  *Brandoo wrote:*   
> 
> I had to remove the option require-mppe from both the peer and options file 
> 
> Doesn't this mean that your tunnel has no encryption now, well at least when communicating with windows clients?

 

man ppp/man pppd for details.

Basically the newer ppp/pppd implementations automatically try to negotiate MPPC if the peer supports it (from my understanding) so these options in the conf file have been deprecated, hence the error you get if you leave them there.

Just my $0.02

----------

## castrik

we worked out that the problem with our configuration was fixed by

```
modprobe conntrack

modprobe ip_gre
```

----------

## OptimusP

Im trying to get a pptp server up

Ive patched the kernel and patched ppp

this is what im getting from my log

Jun 28 20:53:39 X pptpd[29800]: CTRL: Client 192.168.1.2 control connection sta$

Jun 28 20:53:39 X pptpd[29800]: CTRL: Starting call (launching pppd, opening GR$

Jun 28 20:53:39 X pppd[29801]: pppd 2.4.2 started by root, uid 0

Jun 28 20:53:39 X pppd[29801]: Using interface ppp0

Jun 28 20:53:39 X pppd[29801]: Connect: ppp0 <--> /dev/pts/40

Jun 28 20:53:39 X pptpd[29800]: GRE: Discarding duplicate packet

Jun 28 20:53:41 X pptpd[29800]: CTRL: Ignored a SET LINK INFO packet with real $

Jun 28 20:53:41 X pppd[29801]: kernel does not support PPP filtering

Jun 28 20:53:41 X pppd[29801]: MPPE required, but kernel has no support.

Jun 28 20:53:41 X pptpd[29800]: CTRL: Closing child BCrelay with pid 0

Jun 28 20:53:41 X pptpd[29800]: CTRL: Closing child ppp with pid 29801

Jun 28 20:53:41 X pptpd[29800]: CTRL: Client 192.168.1.2 control connection fin$

Jun 28 20:53:41 X pppd[29801]: Terminating on signal 2.

Jun 28 20:53:41 X pppd[29801]: Connection terminated.

Jun 28 20:53:41 X pppd[29801]: Connect time 0.1 minutes.

Jun 28 20:53:41 X pppd[29801]: Sent 0 bytes, received 44 bytes.

Jun 28 20:53:41 X pppd[29801]: tcflush failed: Input/output error

Jun 28 20:53:41 X pppd[29801]: Connect time 0.1 minutes.

Jun 28 20:53:41 X pppd[29801]: Sent 0 bytes, received 44 bytes.

Can anyone help?

----------

## dmitrio

I have copied this, with permission of minaguib, to gentoo-wiki.com 

http://gentoo-wiki.com/HOWTO_PPTP_tunnels_with_kernel_2.6

If you see anything that should be added or changed, feel free to do so. 

Thank you for a great HOWTO.

----------

## Hendry

Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel  version.   :Embarassed: 

----------

## dmitrio

 *Hendry wrote:*   

> Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel  version.  

 

look here http://gentoo-wiki.com/HOWTO_Install_a_Kernel_Patch

----------

## OptimusP

Has anyone successfully patched and got a pptp server working with the 2.6.7-r5 gentoo dev kernel?

Mine just doesnt seem to want to work.

----------

## hununu

 *OptimusP wrote:*   

> Has anyone successfully patched and got a pptp server working with the 2.6.7-r5 gentoo dev kernel?
> 
> Mine just doesnt seem to want to work.

 

Ok, i was going to try 2.6.7 out but now I'm losing hope  :Smile:  I'll try it tomorrow...

----------

## jammerJ

 *Quote:*   

> Ok, i was going to try 2.6.7 out but now I'm losing hope  I'll try it tomorrow...

 

Thanks to BeFalou's bug report, I am now able to connect, using 2.6.7-gentoo

Unfortunately still have some authentication issues, though...

But it's late...

----------

## veezi

I'm at the verge of banging my head against the wall  :Mad:   I'm trying to get mppe-mppc to work. Tried it all, all the tips everywhere .. I always end up with :

```

MPPE required, but kernel has no support

```

Tried:

1. compile ppp_* as modules, builtin .. no difference

2. modified ppp ebuild for exact ppp patche (1.0) for mppe_mppc .. no difference

3. clean out all and re-emerge .. no difference

I'm using development-sources 2.6.6

Anyone? any ideas ?

Thanks,

----------

## castrik

So you've tried everything,

 *Quote:*   

> 
> 
> Tried:
> 
> 1. compile ppp_* as modules, builtin .. no difference
> ...

 

Did you apply the kernel patch for your kernel? and have you modprobe'd ip_gre and conntrack?

----------

## veezi

 *castrik wrote:*   

> So you've tried everything,
> 
>  *Quote:*   
> 
> Tried:
> ...

 

kernel patch applied. tried this also, but same:

```

modprobe arc4

modprobe ip_conntrack

modprobe ip_gre

```

I even tried kernel-2.6.7, same thing always gives me:

```

MPPE required, but kernel has no support

```

Any other ideas?

Thanks,

----------

## Deathscythe

Thats weird. I am sure I have patched the kernel and compile it correctly. When I try to load the following modules. 

```
modprobe ip_conntrack

modprobe ip_gre 
```

It said

```
FATAL: Module ip_conntrack not found.

FATAL: Module ip_gre not found.
```

----------

## veezi

A quick question: What do these modules do (conntrack, gre)? And why do we need them for MPPE/MPPC connections?

----------

## veezi

 *veezi wrote:*   

> I'm at the verge of banging my head against the wall   I'm trying to get mppe-mppc to work. Tried it all, all the tips everywhere .. I always end up with :
> 
> ```
> 
> MPPE required, but kernel has no support
> ...

 

Just changed my ppp options from:

```

noauth require-mppe refuse-eap

```

to

```

noauth refuse-eap

```

And it works. Though I don't understand why  :Rolling Eyes: 

----------

## Deathscythe

problem is I don't know which one is for MPPE, so I load everything I think it related to ppp and pptp.

----------

## Deathscythe

btw, can you tell me where did u change your require-mppe options.

----------

## veezi

'Which ones to load?' Ideally you shouldn't load anything manually if you have configure autoload in the kernel. The kernel will autoload whatever is needed (ppp_mppe_mppc, arc4, etc.). The reason I tried manually loading ip_conntrack and ip_gre (which till now I don't know what they have to do with MPPE/MPPC!) is that someone suggested that!

Anyway, pptp options are in /etc/ppp/options.conf (as mentioned in the first post of this topic). If you want to know what your pppd command with all options looks like, type 'ps ax | grep pppd' after you start the connection (that is after you type 'pptp-command start whatever-peer').

----------

## Deathscythe

Hi,

I have successfully connect the VPN now. But I can't ping any machine at the office network. I think its a routing problem. Can you tell me how do I set this up.  :Smile: 

----------

## castrik

i assume that gre is to do with the IP Protocol GRE that PPTP uses. not too sure about conntrack myself.

----------

## veezi

 *Deathscythe wrote:*   

> Hi,
> 
> I have successfully connect the VPN now. But I can't ping any machine at the office network. I think its a routing problem. Can you tell me how do I set this up. 

 

If you're connecting in two steps, ppp0 (for the dialup net), and ppp1 (for the pptp vpn net), which is like my setup then you need to:

1. set 'defaultroute' as one of pppd's options when brining up ppp0. This will set the default route to ppp0.

2. do not set 'defaultroute' as one of pppd's options when brining up ppp1 (the vpn). Instead, edit '/etc/ppp/ip-up' script, and in there add manual route commnads to whatever your network is. Here's an example:

```

if [ "$1" = "ppp1" ]

then

  /sbin/route add -net 116.25.0.0 netmask 255.255.0.0 dev $1

  /sbin/route add -net 116.190.0.0 netmask 255.255.0.0 dev $1

fi

```

3. Last you'll need to figure out how to handle your nameserver. The 'usepeerdns' option in pppd will create a file '/etc/ppp/resolv.conf' which contains the name servers that it got from the ppp server. You can copy that to '/etc/resolv.conf' within the ip-up script mentioned above. Be careful, since you're calling pppd two times, the second call (vpn connection) will overwrite '/etc/ppp/resolv.conf' that the first call created. 

Of course, you can just do whatever you want, like setup your network routes, name servers and even firewall, from within the '/etc/ppp/ip-up' script. 

Note that the most common mistake in routing setup here is setting your default route to the vpn tunnel device (ppp1) instead of the original device which carries the tunnel (ppp0).

Cheers,

----------

## Deathscythe

I tried to connect to a PC at my office's VPN. The VPN server issue me with a IP address of 192.168.4.2 

The PC's IP address is 192.168.0.10

I tried to use the following route command

```
route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp0
```

But I can't connect to a server, can you tell me what's wrong with the above command.

----------

## minaguib

PPP and PPTP both have built-in capabilities to add and remove routes.

In my original post, this section:

/etc/ppp/peers/ANYVPNNAME

```

# Route: add -net XX.YY.0.0 netmask 255.255.0.0 dev TUNNEL_DEV

```

The #Route command looks like a comment, but it's not and it gets interpreted.

If your route gets added but it still doesn't work, try:

1. Accessing/pinging/tracerouting a machine by IP, not by hostname

2. Post the output of `route -n`

 *Deathscythe wrote:*   

> I tried to connect to a PC at my office's VPN. The VPN server issue me with a IP address of 192.168.4.2 
> 
> The PC's IP address is 192.168.0.10
> 
> I tried to use the following route command
> ...

 

----------

## arkhan_jg

 *Deathscythe wrote:*   

> I tried to connect to a PC at my office's VPN. The VPN server issue me with a IP address of 192.168.4.2 
> 
> The PC's IP address is 192.168.0.10
> 
> I tried to use the following route command
> ...

 

Try 

```
route add -net 192.168.0.0 netmask 255.255.0.0 dev ppp0
```

----------

## Corpse2

 *dmitrio wrote:*   

>  *Hendry wrote:*   Stupid Question, but can anyone tell me how to patch a kernel? Never did it before and there must be a first time! I want to patch the 2.6.7-r1 kernel  version.   
> 
> look here http://gentoo-wiki.com/HOWTO_Install_a_Kernel_Patch

 

I'm still having problems here. Also first time kernel patcher.

I downloaded the patches from polbox.com which are in gz-format. Then it says to unpack the patch using your tool of choice.

```
corpse2 linux # gunzip linux-2.6.7-mppe-mppc-1.0.patch.gz

gunzip: linux-2.6.7-mppe-mppc-1.0.patch.gz: not in gzip format

```

Same thing with the ppp patch. 

What am I missing here?

----------

## Corpse2

never mind,

seems that saving the patches with Internet Exploder on Fat partition and copying this to an ext3 partition stuffed up somewhere.

----------

## Skydive

 *minaguib wrote:*   

> 
> 
> If your route gets added but it still doesn't work, try:
> 
> 1. Accessing/pinging/tracerouting a machine by IP, not by hostname
> ...

 

Thanks for the excellent guide! I seem to be having the same problem as Deathscythe, though.

My VPN gets established correctly with interface ppp1.

My standard connection to the internet has interface ppp0.

Without VPN my /etc/resolv.conf file looks like this:

```

domain easynet.be

search easynet.be www.easynet.be

nameserver 212.100.160.52

nameserver 212.100.160.51

```

Easynet is my ISP.

When the VPN is being set up I can see the following logs:

```

...

local  IP address 192.168.3.6

remote IP address 192.168.3.5

primary   DNS address 192.168.0.5

secondary DNS address 192.168.0.12

...

```

My VPN peer is called brc and it has the option usepeerdns.

As a result, my /etc/resolv.conf looks like this as soon as the VPN is active:

```

domain easynet.be

search easynet.be www.easynet.be

nameserver 192.168.0.5

nameserver 192.168.0.12

```

Next, I add a routing rule and after that the route -n command gives me:

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

81.188.75.1     0.0.0.0         255.255.255.255 UH    0      0        0 ppp0

192.168.3.5     0.0.0.0         255.255.255.255 UH    0      0        0 ppp1

192.168.0.0     0.0.0.0         255.255.0.0     U     0      0        0 ppp1

127.0.0.0       127.0.0.1       255.0.0.0       UG    0      0        0 lo

0.0.0.0         81.188.75.1     0.0.0.0         UG    0      0        0 ppp0

```

"ping 192.168.0.5" gives 100% packet loss  :Crying or Very sad: 

Thanks in advance!

----------

## veezi

Try:

```

route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp1

```

And try pinging 192.168.0.5 again.

----------

## Wishmaster

I've the same problem with the kernel module and I don't know why.

Debug messages are:

```

......

rcvd [CHAP Success id=0x1 "S=4F86EDC193045F25DA870E105D69E1554A6865E0 M=Welcome to fw01.seg"]

MPPE required, but kernel has no support.

sent [LCP TermReq id=0x2 "MPPE required but not available"]

rcvd [CCP ConfReq id=0x1 <mppe +H -M +S -L -D -C>]

Discarded non-LCP packet when LCP not open

rcvd [LCP TermAck id=0x2]

Connection terminated.

...

```

I've tested all options and loaded ip_gre and ip_conntrack. ppp_mppe_mppc is loaded fine automatically when pppd starts calling.

Any further ideas? 

Bye,

Wishmaster

----------

## Skydive

 *veezi wrote:*   

> Try:
> 
> ```
> 
> route add -net 192.168.0.0 netmask 255.255.255.0 dev ppp1
> ...

 

I've tried that, but it still doesn't work.

----------

## ashrobo

Can someone send me a copy of the kernel patch? www.polbox.com seems to be down...

----------

## vmk

http://itai-otakus.de/stuff/linux-2.6.7-mppe-mppc-1.0.patch.gz

http://itai-otakus.de/stuff/stdopt-mppe-mppc-0.82.patch.gz

----------

## ashrobo

Thanks vmk!  :Smile: 

----------

## znmeb

 *ashrobo wrote:*   

> Can someone send me a copy of the kernel patch? www.polbox.com seems to be down...

 

Yeah ... it's still down as of this post. I have the patch for 2.6.11, but Portage now has 2.6.12! Is there a source for the patch to 2.6.12, or am I stuck at 11???

----------

## thoughtform

i need the patch for 2.6.11 and 2.6.12

thanks

----------

## jamapii

I'm also looking for the 2.4.31 patch

----------

## zaiyon

Well, polbox is still down (isn't there a new official location for the patches?)

So I'm in need of the patch for 2.6.13 now, perhaps a little early ... would be great if someone could tell me where to get it.

You can download 2.6.12 from me, if you need it.

http://www.zaiyon.ath.cx/~fhd/stuff/linux-2.6.12-mppe-mppc-1.3.patch.gz

I don't have any other versions, but I'll collect, starting today.

----------

## zaiyon

OMFG look HERE: http://mppe-mppc.alphacron.de/

Everything is there! So I can finally move to 2.6.13  :Wink: 

----------

## dspgen

Just a success FYI:

I am using 2.6.12 kernel.

I added a 3rd nic card to my firewall box, and plugged the wifi network into it.

using http://mppe-mppc.alphacron.de and http://gentoo-wiki.com/HOWTO_PPTP_tunnels_with_kernel_2.6, I was able to PPTP with max encryption from my (Windows XP) wi-fi computers to my Gentoo firewall, and onto the internet.

It works great, just add a short-cut to the PPTP connection to your startup folder, and you never have to do anything!

----------

## hasues

I believe these methods are outdated with newer kernels as they incclude an mppe module, and if you patch pppd with mppe-mppc support, I believe you disable pppd's support for that newer kernel module and enable it for the old.  However, if I do not add the mppe-mppc support (the USE flag), then I can't get it to work.  I guess the process needs to be revised again.

Haz

----------

## dspgen

 *hasues wrote:*   

> I believe these methods are outdated with newer kernels as they incclude an mppe module, and if you patch pppd with mppe-mppc support, I believe you disable pppd's support for that newer kernel module and enable it for the old.  However, if I do not add the mppe-mppc support (the USE flag), then I can't get it to work.  I guess the process needs to be revised again.
> 
> Haz

 

this http://gentoo-wiki.com/HOWTO_PPP_Dial_In_Server says:

 *Quote:*   

> Note: The patch for kernel 2.6.13 applies to 2.6.14 without errors. Linux 2.6.15 by has MPPE included by default. MPPC is however not part of it. If anyone knows where to find a patch for MPPC, please update this. 

 

Does pptp on Windows XP work without MPPC (Microsoft Point-to-Point Compression)?

Were it not for the difficulties of getting laptop wifi working in linux, I'd not be using Microsoft at all anymore   :Sad: 

----------

## saschabieler

Hi there,

I liked this tutorial here, but unfortunately it's not working with kernel 2.6.15. So here we go:::

1. Against all tuts I disabled the mppe-mppc use-flag for net-dialup/ppp!!! And made my kernel 2.6.15 ready:

```
Cryptographic options ---> 

--- Cryptographic API

---   HMAC support 

---   MD5 digest algorithm 

<M>   SHA1 digest algorithm

<M>   SHA256 digest algorithm 

<M>   SHA384 and SHA512 digest algorithms 

<M>   DES and Triple DES EDE cipher algorithms 

<M>   Blowfish cipher algorithm 

<M>   AES cipher algorithms (i586)

<M>   ARC4 cipher algorithm

<M>   Deflate compression algorithm 

Device Drivers ---> 

Networking support ---> 

<*>   PPP (point-to-point protocol) support 

[*]     PPP multilink support (EXPERIMENTAL)

[*]     PPP filtering

<M>     PPP support for async serial ports

<M>     PPP support for sync tty ports

<M>     PPP Deflate compression

<M>     PPP BSD-Compress compression

<M>     PPP MPPE compression (encryption) (EXPERIMENTAL)

<M>     PPP over Ethernet (EXPERIMENTAL)

<M>     PPP over ATM
```

2. Edited /etc/portage/package.keywords

```
net-dialup/ppp ~x86

net-dialup/pptpd ~x86
```

3. Emerged net-dialup/ppp-2.4.3-r11 and net-dialup/pptpd-1.3.0, because I use windbind to authenticate.

4. Edited /etc/ppp/options.pptpd

```
plugin winbind.so

ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1 --require-membership-of=SID_of_your_VPN_access_group"

noauth

lock

proxyarp

ms-dns ip_of_your_nameserver

ms-wins ip_of_your_wins_server

refuse-pap

refuse-chap

refuse-mschap

require-mschap-v2

require-mppe-128

require-mppe

nobsdcomp

nologfd

defaultroute

#debug

logfile /var/log/pptpd.log
```

5. To be sure all neccessary modules will be loaded at boot time added the following to /etc/modules.autoload.d/kernel-2.6

```
ppp_generic

ppp_deflate

ppp_mppe
```

6. Don't forget to open the relevant tcp-port 1723 and protocol GRE (47) to your ppp+ (ppp*) interfaces

Hope this will help and saves ur nights with ur girls...  :Wink: 

Greetings

Sascha

----------

## CaptainBlood

Hi,

You've saved my life   :Very Happy: 

Thanks  :Cool: 

----------

