≡ Menu

Linux configure point to point tunneling PPTP VPN client for Microsoft PPTP vpn server

With this tip you will be able to work from home using VPN and that too from Linux / FreeBSD system for the proprietary Microsoft Point-to-Point vpn server.

Different organization uses different VPN connection options such as SSL, PPTP or IPSEC. When you need to access corporate network and its services, you need to login using VPN.

The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. It works on Data link layer (#2 layer) on TCP/IP model. Personally I prefer IPSEC. PPTP Client is a Linux, FreeBSD, NetBSD and OpenBSD client for the proprietary Microsoft Point-to-Point Tunneling Protocol, PPTP. Allows connection to a PPTP based Virtual Private Network (VPN) as used by employers and some cable and ADSL internet service providers.

But many originations use PPTP because it is easy to use and works with Windows, Mac OS X, Linux/*BSD and other handled devices.

Compatibility note

I’ve tested instructions and pptp on:
[a] CentOS / RHEL / Fedora Core Linux running 2.6.15+ kernel
[b] Ubuntu and Debian Linux running 2.6.15+ kernel
[c] FreeBSD etc

I've found that pptp client is 100% compatible with the following servers/products:
[a] Microsoft Windows VPN Server
[b] Linux PPTP Server
[c] Cisco PIX etc

How do I install PPTP client under Linux?

By default most distro installs PPTP client called PPTP-linux which is the client for the proprietary Microsoft Point-to-Point Tunneling. Use apt-get or yum command to install pptp client:
$ sudo apt-get install pptp-linux network-manager-pptp
Fedora Core user can install client using rpm command:
# rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
# yum --enablerepo=pptp-stable install pptpconfig

[a] network-manager-pptp or pptpconfig - A gui network management framework (PPTP plugin) for network-admin tool (frontend)
[b] pptp-linux - Point-to-Point Tunneling Protocol (PPTP) command line client

How do I configure client using command line (cli)?

You need to edit / create following configuration files

  • /etc/ppp/chap-secrets - Add your login name / password for authentication using CHAP. Pppd stores secrets for use in authentication in secrets files.
  • /etc/ppp/peers/myvpn-name - A dialup connection authenticated with PAP / CHAP configuration file. You need to add your dialup server name and other information in this file.

Sample configuration data

  1. PPTP server name: pptp.vpn.nixcraft.com
  2. VPN User Name : vivek
  3. VPN Password: VpnPassword
  4. Connection name: delhi-idc-01

Open /etc/ppp/chap-secrets file:
# vi /etc/ppp/chap-secrets
OR
$ sudo vi /etc/ppp/chap-secrets
Append line as follows:
vivek PPTP VpnPassword *

Save and close the file.

Create a connection file called /etc/ppp/peers/delhi-idc-01 (replace delhi-idc-01 with your connection name such as office or vpn):
# vi /etc/ppp/peers/delhi-idc-01
Append configuration data as follows:
pty "pptp pptp.vpn.nixcraft.com --nolaunchpppd"
name vivek
remotename PPTP
require-mppe-128
file /etc/ppp/options.pptp
ipparam delhi-idc-01

Close and save the file. Where,

  • pty "pptp pptp.vpn.nixcraft.com --nolaunchpppd": Specifies that the command script is to be used to communicate rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master/slave pair and use the slave as its terminal device. The script will be run in a child process with the pseudo-tty master as its standard input and output. An explicit device name may not be given if this option is used. (Note: if the record option is used in conjunction with the pty option, the child process will have pipes on its standard input and output.). In this case we are using pptp client to establishes the client side of a Virtual Private Network (VPN) using the Point-to-Point Tunneling Protocol (PPTP). pptp.vpn.nixcraft.com is my host name (or IP address) for the PPTP server. --nolaunchpppd option means do not launch pppd but use stdin as the network connection. Use this flag when including pptp as a pppd connection process using the pty option.
  • name vivek: VPN username
  • remotename PPTP: Set the assumed name of the remote system for authentication purposes to name. If you don't know name ask to network administrator
  • require-mppe-128: Require the use of MPPE, with 128-bit encryption. You must encrypt traffic using encryption.
  • file /etc/ppp/options.pptp: Read and apply all pppd options from options.pptp file. Options used by PPP when a connection is made by a PPTP client.
  • ipparam delhi-idc-01 : Provides an extra parameter to the ip-up, ip-pre-up and ip-down scripts (optional).

Route traffic via ppp0

To route traffic via PPP0 interface add following route command to /etc/ppp/ip-up.d/route-traffic
# vi /etc/ppp/ip-up.d/route-traffic
Append following sample code (modify NET an IFACE as per your requirments):
#!/bin/bash
NET="10.0.0.0/8" # set me
IFACE="ppp0" # set me
#IFACE=$1
route add -net ${NET} dev ${IFACE}

Save and close the file:
# chmod +x /etc/ppp/ip-up.d/route-traffic

Task: connect to PPTP server

Now you need to dial out to your office VPN server. This is the most common use of pppd. This can be done with a command such as:
# pppd call delhi-idc-01
If everything is went correctly you should be online and ppp0 should be up. Remote server will assign IP address and other routing information. Here is the message from my /var/log/messages file:
# tail -f /var/log/messages
Output:

Jun 11 23:38:00 vivek-desktop pppd[30088]: pppd 2.4.4 started by root, uid 0
Jun 11 23:38:00 vivek-desktop pppd[30088]: Using interface ppp0
Jun 11 23:38:00 vivek-desktop pppd[30088]: Connect: ppp0 <--> /dev/pts/4
Jun 11 23:38:03 vivek-desktop pppd[30088]: CHAP authentication succeeded
Jun 11 23:38:03 vivek-desktop kernel: [37415.524398] PPP MPPE Compression module registered
Jun 11 23:38:03 vivek-desktop pppd[30088]: MPPE 128-bit stateless compression enabled
Jun 11 23:38:05 vivek-desktop pppd[30088]: local  IP address 10.5.3.44
Jun 11 23:38:05 vivek-desktop pppd[30088]: remote IP address 10.0.5.18

Task: Disconnect PPTP server vpn connection

Simply kill pppd service, enter:
# killall pppd
OR
# kill {pppd-PID}

How do I configure PPTP client using GUI tools?

If you are using Debian / Ubuntu, just click on Network configuration Icon on taskbar > VPN Connection > Configure VPN > Add:

Click forward :
VPN PPTP Config # 1
(click to enlarge)

Select PPTP tunnel > Forward:
VPN PPTP Config # 2
(click to enlarge)
Enter Connection Name, VPN Server / Gateway hostname/IP address > Click on diffrent tabs to configure other parameters > Forward >
VPN PPTP Config # 3
(click to enlarge)

Save and close the dialog box. To connect via VPN click on Network Icon > Select VPN Connection > Connection name (Mumbai VSNL IDC) > Enter your VPN username and password and click on Ok
VPN PPTP Config # 4
If you are using Fedora core Linux, run pptpconfig as root and just follow on screen instructions:
# pptconfig &

Troubleshooting hints

If the connection fails, you might need to gather more information and try out following troubleshooting tips.

Q. I'm authenticated successfully but cannot route traffic..

A. Use route command to add route manually:
# ip route add {NETWORK} dev ppp0
# ip route add 10.0.0.0/8 dev ppp0

Or use route command:
# route add -net 10.0.0.0 netmask 255.0.0.0 dev ppp0

Q. I'm authenticated successfully, I can ping to remote gateway but cannot access host by name...

A. Setup correct DNS server names in /etc/resolv.conf file:
# cat /etc/resolv.conf
Output:
search nixcraft.com
nameserver 10.0.6.1
nameserver 10.0.6.2
nameserver 208.67.222.222

Q. How do I open my local network (laptop, desktop and other system) to talk with any computer behind VPN server via this local Linux ppp0 interface (i.e. act this computer as router)...?

A. Append following two rules in your existing iptables rules to turn on routing (adjust IP address range as per your setup):
iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE
iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT
iptables --append FORWARD --in-interface eth0 -j ACCEPT

Q. Point-to-Point Encryption is not working and I'm not able to connect to remote PPTP server...

A. Make sure you are using 2.6.15 or above kernel. If you are using old kernel version upgrade to latest version and compile support for ppp_mppe kernel module. If you are using latest version, load driver using modprobe:
# modprobe ppp_mppe
# pppd call myoffice

Note: You can always get more information by reading pptp diagnosis howto here.

A note to readers

As I said earlier I prefer to use open source solution such as OpenVPN or IPsec as they are more secure. The PPTP is not secure enough for some information security policies. Next time I will write about OpenVPN and IPsec.

Further readings

  • Please read pppd, pptp, iptables man pages.
  • Official pptp client home page
Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

Comments on this entry are closed.

  • Karl O. Pinc June 13, 2007, 4:46 pm

    Obligitory post to point out that Microsoft’s PPTP was, as initially implimented, very insecure. It may be that Microsoft has completely rewritten it since then and fixed every problem, I don’t know. Wikipedia says it can be compromized if MSCHAP-V2 is used and user’s choose weak passwords, so you’d want to try to avoid MSCHAP-V2. It appears to me that this article configures PPTP with MSCHAP-V2. You’d also need to check all your Microsoft Windows machines to be sure they’re not using a broken implimentation.

    An easy alternative is OpenVPN, which has a MS Windows installer and is all-around easy to impliment.

    • Syed Zaigham Ali September 24, 2010, 1:12 pm

      Dear all fellows,

      i have installed Linux i.e ubuntu 10.04 on my PC in which i have installed pptp client and able to connect it successfully but problem is that it unable to browse internet. in windows it works fine.
      Kindly help me out.
      Regard,
      Syed Zaigham Ali

      • Mahesh September 24, 2010, 2:55 pm

        Check u r gateway using “route -n” command.Try to post u r output.

        • Syed Zaigham Ali August 3, 2011, 9:49 am

          Yes mahesh it was a gateway problem. My service provider didn’t want to tell the gateway and network address and said that install windows we did’t provide services on Linux. But Finally i knew it and using internet on UBUNTU…:)

  • nixCraft June 13, 2007, 5:59 pm

    Kari,

    The PPTP is not secure enough for some information security policies and I personally like to use OpenVPN. PPTP is known to be a faulty protocol and your link in FAQ proves the same. This tutorial is for those who can’t switch to OpenVPN.

    Appreciate your post!

  • Allen July 4, 2007, 5:15 pm

    Great guide! This helped me get beyond my problems using the GUI tools, which don’t report all the info. Also, the “fault tree” link on the pptpclient page is a good debugging resource.

    I appreciate the command line tool approach, as that shows you more what is happening under the covers, and to test your config step by step.

  • adnan July 8, 2007, 1:52 pm

    Hi,
    I need to connect my linux centos4.4 server to VPN windows 2003. I tried to install pptpclient while I do not have apt-get and use
    yum –enablerepo=pptp-stable install pptpconfig with independencies error

    Error: Missing Dependency: libxml.so.1 is needed by package php4-pcntl-gtk
    Error: Missing Dependency: libglade.so.0 is needed by package php4-pcntl-gtk

    Please help me I will be thankfull
    Regards
    Adnan

    • Carlos March 4, 2011, 4:06 am

      I have this problem….

    • Alex June 24, 2011, 2:21 pm

      Try to install rpm pptp instead of pptpconfig and use command line for further configuring.

  • Arulkumar January 20, 2008, 1:33 pm

    Hi

    My Lan is connected to internet using the Linux firewall and ADSL Modem.

    My Lan Architecture:
    vpnclient–>Linux–>ADSL MODEM–>net–>VPNSERVER

    From ADSL modem asigned public IP.

    Now My Question??

    How I will connect my LAN(VPN client) to server.
    Please help me out.

    I will be thankfull
    Arul

    • Alex June 24, 2011, 2:26 pm

      If your ADSL modem is in the bridge mode, and Linux firewall performs NAT for vpnclient, you should connect to VPNSERVER without problems. However, you may need to tune the firewall on the linux box (FORWARD chain) and load ip_nat_pptp kernel module (via modprobe command).

  • ramsam February 24, 2008, 9:47 pm

    Hello !

    I set up pptpd on ubuntu 6.10
    i did manage to connect to the pptpd server
    but I am having issues with my default gateways.
    my clients are windows boxes.
    I connect to the VPN and this is what i see in my
    PPP adapter ramsam:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface
    Physical Address. . . . . .:00-53-45-00-00-00
    Dhcp Enabled. . . . : No
    IP Address. . . . . . : 192.168.1.50
    Subnet Mask . . . . . : 255.255.255.255
    Default Gateway . . . : 192.168.1.50
    DNS Servers . . . . . : 192.168.1.1
    4.2.2.2
    How do I make sure my vpn clients get the default gateway of 192.168.1.1 and why is it taking the ipaddress assigned to it as the gw.
    my DHCP runs on my router 192.168.1.1

    • Alex June 24, 2011, 2:30 pm

      It’s because windows considers that VPN-connection route is more preferable than your default route. To avioid this problem try to uncheck
      the option “use default gateway in remote network” in TCP-IP options of VPN-connection (“Advanced…” button).

  • stevo March 19, 2008, 11:00 pm

    It simply does not work
    No default route set, no connection at all

    I had to go back to WindowsXP

    • Rodent May 23, 2011, 12:31 pm

      I know this is a very old thread, but I had the same problem with the local campus network. No Default Route to x.x.x.x.
      The fix turned out to be really easy.

      sudo route add default gw 10.25.10.1

      and bingo it started working, hope this helps someone in the future.
      p.s. replace the 10.25.10.1 with the address of YOUR gateway.

  • majid June 29, 2008, 1:13 pm

    in my system there is no item by this name “pptp tunnel”

    pls help me!!

  • Chris September 1, 2008, 12:34 pm

    I’m using Arch Linux (all current), and it worked perfectly. Thanks for the help!

  • Varghese M October 8, 2008, 10:24 pm

    Excellent article! I was able to setup this one without much difficulty on CentOS 5. Thanks a lot!

  • Sandip Shah December 6, 2008, 9:16 pm

    Worked perfectly on my Ubuntu system.

    Vivek – you can add a note in your excellent article – ‘10.0.0.0/8′ this is the network at the work place. For example the VPN server that I am trying to connect to is on the network ‘192.168.17.0/24′.

    I just had to make that change to the config file – route-traffic – and everything worked fine.

    • George Kharmujai February 15, 2011, 7:57 pm

      Thanks Sandip.

      I didnt realise this one…now my VPN connection its working great!

  • James West January 15, 2009, 12:27 am

    hello.
    Thanks for the tutorial! worked great!

    I have come across a problem though. The connection times out every 1000 minutes or so.

    Does anyone have any ideas on what could be causing this?

    Thanks!

  • Igor Sotelo January 29, 2009, 7:36 pm

    There is an OpenSource alternative to Microsoft PPTP Server, and is called PopTop. Runs on Linux, however works only with 128 bits encryption and MS CHAP v2 authentication that are the least insecure PPTP options.

    Best Regards.

    • Alex June 24, 2011, 2:33 pm

      And one more alternative is pptpd (vpn-server implementing PPTP protocol)

  • Bryan February 12, 2009, 1:24 pm

    I know this is an old thread, but I followed these instructions and my VPN connection worked great. Then later on it stopped working and I couldn’t determine why for the longest time. I thought Firestarter may have been the culprit, so I uninstalled it. Didn’t help. Finally last night I uninstalled other vpn software I had loaded, but wasn’t using: OpenSwan, IKE and probably a couple others. And viola, my PPTP VPN connection began working again.

  • p sky March 22, 2009, 2:16 am

    Very good explanation, but the repository appears not to be valid. I have not been able to find a new one, so I am in dependancy hell trying to get it to work. If anybody knows the door out let me know. :)

  • fvaw April 3, 2009, 9:45 pm

    Could you please update the GUI settings for the Jaunty?

  • eric May 24, 2009, 5:45 pm

    Hi,

    I have small problem ,i already using ppptd and now running but i have ip still using DHCP (old ISP/IP Private) not from ip vpn (new ISP/IP Public) ,what cause this ?

    i tried to ping from network-tools.com and the message is ” Timed out ” but i can ping the vpn gateway also got reply quickly.

    log message :
    May 24 12:28:30 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
    May 24 12:28:30 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
    May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 ‘Outgoing-Call-Request’
    May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
    May 24 12:28:31 cpe-134-112 pptp[15920]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer’s call ID 27914).
    May 24 12:28:31 cpe-134-112 pppd[15906]: CHAP authentication succeeded
    May 24 12:28:31 cpe-134-112 pppd[15906]: CCP terminated by peer (No compression negotiated)
    May 24 12:28:31 cpe-134-112 pppd[15906]: Compression disabled by peer.
    May 24 12:28:31 cpe-134-112 pppd[15906]: local IP address 202.147.201.119
    May 24 12:28:31 cpe-134-112 pppd[15906]: remote IP address 202.147.205.1

    Let me know about this..

    thanks,

  • Ajinkya May 25, 2009, 5:02 am

    Please send me the ppt of following configuration

  • IrQ July 6, 2009, 11:46 pm

    Users of KDE 4 can’t use gui tools to connect over pptp vpn. If anybody needed this feature, please register and vote for it.

    https://bugs.kde.org/show_bug.cgi?id=174439

  • Kevin September 1, 2009, 4:21 am

    No luck here. I have tried both commandline and gui on ubuntu jaunty and no luck. via the gui it says that I am connected to my work VPN, however i can not login to my machine or ping anything on the network.

    Any ideas? I am at my wits end.

  • Kevin September 2, 2009, 4:18 am

    Also.. What is the proper NET and IFACE?

    #!/bin/bash
    NET="10.0.0.0/8" # set me
    IFACE="ppp0" # set me
    #IFACE=$1
    route add -net ${NET} dev ${IFACE}

    • Alex June 24, 2011, 2:36 pm

      $NET – the network you wish to be routed via VPN-connection. If you want all your trafic go via VPN-tunnel, use “0.0.0.0/0″ as value for $NET variable. $IFACE – is that network interface which appeares after VPN-connection established (usually ppp0).

  • syed sharik March 10, 2010, 3:53 pm

    hi friends i have some problem for inretnet I want install a net hub so how to install Please help me I will be thankfull

  • Jack June 4, 2010, 8:20 am

    Thank you Vivek for sharing the information!

  • Michael August 24, 2010, 6:41 am

    where can i edit /etc/ppp/ip-up.d/route-traffic?
    it’s not available in my centos 5.3 server

  • Michael August 24, 2010, 7:27 am

    Hi!
    How to make script to auto connect to vpn server when I got disconnected?

    Thanks!

  • Nawab August 24, 2010, 1:06 pm

    ***
    #!/bin/bash
    NET=”192.168.1.0/24″ # set me
    IFACE=”ppp0″ # set me
    #IFACE=$1
    route add -net ${NET} dev ${IFACE}
    ***
    I receive the following error after saving route-traffic file with the aforementioned excerpt.

    “/etc/ppp/ip-up.d/route-traffic”
    “/etc/ppp/ip-up.d/route-traffic” E212: Can’t open file for writing

    Kindly help !!!

    • Michael August 25, 2010, 8:23 am

      @Nawab

      i think you should set the permission.
      # chmod +x /etc/ppp/ip-up.d/route-traffic

  • Nawab August 27, 2010, 2:53 pm

    Thanks Michael, I tried changing permission with this command it says:

    “chmod: cannot access `/etc/ppp/ip-up.d/route-traffic': No such file or directory”

    • Michael August 28, 2010, 3:52 am

      @Nawab,
      I just created the ip-up.d (directory) and create the file route-traffic..
      Since no one answered my question, out of luck it works!

  • Lakshmi September 22, 2010, 9:12 pm

    Excellent & simple to follow.
    They worked for me.

  • Mahesh September 23, 2010, 11:17 am

    There is another way to do this, by using pptpsetup command…
    e.g.
    pptpsetup –create –server server_ip_addr –username –password

  • ana October 10, 2010, 11:50 am

    I want to delete my VPN and I can’t :(

    I can’t use my real ip or to open any browser without VPN.

  • kerem October 18, 2010, 5:53 pm

    Hi

    I am trying to use your setup. I think I got most of the setup fine except the “IFACE” thing. What is it supposed to be?

    thanks

  • ali October 31, 2010, 8:27 am

    sending information for e-mail ; thank you

  • ahmed January 25, 2011, 10:11 am

    i tried the CLI to configure
    and got the following output
    OS is RH 5.3

    Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_disp:pptp_ctrl.c:781]: Received Stop Control Connection Request.
    Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 4 ‘Stop-Control-Connection-Reply’
    Jan 25 13:12:25 vis pptp[8755]: anon log[callmgr_main:pptp_callmgr.c:253]: Closing connection
    Jan 25 13:12:25 vis pptp[8755]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 12 ‘Call-Clear-Request’
    Jan 25 13:12:25 vis pppd[8749]: Modem hangup
    Jan 25 13:12:25 vis pppd[8749]: Connection terminated.
    Jan 25 13:12:25 vis pptp[8755]: anon log[pptp_read_some:pptp_ctrl.c:537]: read returned zero, peer has closed
    Jan 25 13:12:25 vis pppd[8749]: Exit.
    Jan 25 13:12:27 vis pptp[8755]: anon log[pptp_read_some:pptp_ctrl.c:537]: read returned zero, peer has closed
    Jan 25 13:12:29 vis pptp[8755]: anon log[call_callback:pptp_callmgr.c:77]: Closing connection

  • nanotera February 18, 2011, 8:43 am

    In CENTOS 5 there is no ip-up.d but you can instead add the route commands to

    /etc/ppp/ip-up.local

    use chmod to make it executable and then it will work.

  • Rodent May 23, 2011, 12:38 pm

    Just a quick question, I run Ubuntu 10.04 – Lucid Lynx, is there any way of firing a script or scripts when the VPN Connects / disconnects from the campus VPN.

  • James Bond May 30, 2011, 8:59 pm

    I’d like to add my success to this.

    For anyone who doesn’t want to force all traffic over the VPN, but rather just traffic bound to that interface, use the following script in /etc/ppp/if-up.d/route-traffic:

    IF1=ppp0
    IP1=VPN_CLIENT_IP
    P1=VPN_GATEWAY_IP
    P1_NET=VPN_NETWORK_IP

    ip route add $P1_NET dev $IF1 src $IP1 table extra
    ip route add default via $P1 table extra
    ip route add $P1_NET dev $IF1 src $IP1
    ip rule add from $IP1 table extra

    Be sure to:

    echo “10 extra” >> /etc/iproute2/rt_tables

    Tested on countless Debian/Ubuntu servers. Enjoy!

    • Mike September 1, 2011, 11:06 am

      The if-up.d does not exist after installation, are we supposed to create this directory, or have things changed in recent versions?
      I’m on RHEL though…

      • Mike September 1, 2011, 2:11 pm

        don’t worry, found it

  • sa144 August 1, 2011, 10:54 am

    I have set up PPTP VPN server on linux
    But accounts are open for concurrent simultaneous connections. means there can be many users using one account at the time.
    i need to limit that to one user at the time.
    anybody knows how it can be done?

  • Lukas August 22, 2011, 11:22 am

    Hello there. Thanks for very nice PPTP VPN manual. I got just one question. IS it possible to monitor users traffic on VPN ? Give users quota for VPN ? Problem is on my server is users making too mutch traffic and i need to stop this. Thanks for any help. lu

  • Sysadmin August 22, 2011, 7:03 pm

    Lukas, yes, you can monitor VPN users trafic. The most simplier solution – is IP-address -based traffic accounting via iptables. This approach requires that each vpn-user have it’s oun unique IP-address. For example:
    iptables -N ACCOUNT
    iptables -A ACCOUNT -s 10.10.10.2 -j RETURN
    iptables -A ACCOUNT -s 10.10.10.3 -j RETURN
    ……………
    iptables -A FORWARD -j ACCOUNT

    Then you can get packets and bytes counters with the command:
    iptables -nL ACCOUNT -vx
    and probably graph the stats via cacti/munin/etc…

  • Ladislav September 5, 2011, 11:21 am

    Hi Vivek and everybody here,

    does anybody here have any experiences with setting up the client VPN against Microsoft PPTP VNP server, which use the client certificates. I already patched my ppp using this patch. But I am not able to set this connection up.

    Thanks for some example of configuration.

    Information about live connection I gathered from the Windows client are following:

    On the connection configuration card:
    On security folder there is selected "Precise configuration", then click on the Setting
    Cryptography of data: Require (disconnect if cryptography cannot be used)
    Use of protocol EAP: Smart Card or another certificate
    There is a button for "Properties" where is>
    - Use certificate in this computer
    - Verify server certificate
    - and in the root certificates list I selected the CA root certificate
    Windows client VPN attributes after connection made:
    Type of device: vpn
    Type of server: PPP
    Transports: TCP/IP
    Authentication: EAP
    Cypher: MPPE 128
    Compression: MPPC
    Multilink patterns of PPP: disabled
    

    I use following command to initiate connection, but without any success:

    /usr/local/sbin/pppd \
    noauth nobsdcomp nodeflate require-eap \
    name "$FQDN_HOSTNAME" remotename "$CN_Z_CA_CERTIFIKATU" \
    cert $PRIVATNI_CERTIFIKAT \
    key $VEREJNY_KLIC
    ca $CA_CERTIFIKAT
    password $HESLO \
    logfile /tmp/pppd.log pty \
    "pptp $VPN_SERVER  --nolaunchpppd"
    
  • lutpiero November 18, 2011, 1:49 am

    I do exactly as u write and
    I receive this on my centos LCP: timeout sending Config-Requests.

    I have already try to connect from windows 7 and vpn succesfully connected

  • fmp July 4, 2012, 5:20 pm
    [admin@goku Downloads]$ sudo rpm -Uvh http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
    Retrieving http://pptpclient.sourceforge.net/yum/stable/fc6/pptp-release-current.noarch.rpm
    warning: /var/tmp/rpm-tmp.gZFCXj: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY
    Preparing...                ########################################### [100%]
    	package pptp-release-4-6.fc16.noarch (which is newer than pptp-release-4-6.fc6.noarch) is already installed
    [admin@goku Downloads]$ sudo yum --enablerepo=pptp-stable install pptpconfig
    Loaded plugins: langpacks, presto, refresh-packagekit
    Could not retrieve mirrorlist http://poptop.sourceforge.net/yum/stable/mirrorlist-poptop-stable-fc17 error was
    14: HTTP Error 404 - Not Found : http://poptop.sourceforge.net/yum/stable/mirrorlist-poptop-stable-fc17
    Could not retrieve mirrorlist http://pptpclient.sourceforge.net/yum/stable/mirrorlist-pptp-stable-fc17 error was
    14: HTTP Error 404 - Not Found : http://pptpclient.sourceforge.net/yum/stable/mirrorlist-pptp-stable-fc17
    Error: Cannot find a valid baseurl for repo: poptop-stable
    [admin@goku Downloads]$
    

    What went wrong on the 2nd command? anyone who will lead on this. thanks.

  • Jawad January 27, 2014, 10:32 pm

    Hi
    can anybody help me out with Suse linux PPTP client ? no matter what configurations i use it always gives me MS-Chap authentication error.. any help???