PPTP!
pptp.interface.org.nz is the PPTP server.
your username and password are available at https://user.interface.org.nz/secure/vpn/password.cgi -- the username/password you need to access this page are the same as the username and password you use to access the interface user server.
The new/better way to do this is via OpenVPN. PPTP is deprecated and may be removed in a future revision of Interface.
Settings for Windows XP
Create a new VPN connection. The following is the steps via the New Connection Wizard:
- Connect to the network at my workplace
- Virtual Private Network connection
- Give some random name (like 'SWANS')
- Do not dial the initial connection
- Host name: pptp.interface.org.nz
If working from something that has already been set up (as in looking at the Properties of a pre-existing connection):
- The hostname is pptp.interface.org.nz
{http://user.interface.org.nz/~gringer/vpn/hostname.png}
- Use typical security settings
{http://user.interface.org.nz/~gringer/vpn/sec_options.png}
Settings for Debian
possibly applicable to other distributions as well
You need to install a PPTP client.
Make sure you have the relevant ppp and tunneling options enabled in the kernel :
Device Drivers -> Networking support -> PPP support
- MPPE as well, because it now appears to be required
Make sure the following options are enabled in /etc/ppp/options.pptp (create if not present) :
lock noauth noproxyarp ## mppe settings seem to alternate between required and rejected if enabled, ## depending on the person who last configured the tunnel on the server side ## if things don't work with mppe disabled, try using the require-mppe option # require-mppe ## possibly not needed, but things seem to work better when enabled lcp-echo-interval 10 chap-interval 30 usepeerdns
Your /etc/ppp/chap-secrets should look something like the following :
# [replace <user> with your username, and <password> with your password] # Secrets for authentication using CHAP # client server secret IP addresses swans <user> <password> * <user> swans <password> * ["the first of these two lines may not be necessary"]
And finally, the actual connection script (/etc/ppp/peers/swans) :
pty "pptp pptp.interface.org.nz --nolaunchpppd" name <user> remotename swans file /etc/ppp/options.pptp ipparam swans
The following scripts should work with Debian systems to set up the default route correctly (make them chmod a+x): [/etc/ppp/ip-up.d/defaultroute]
#!/bin/sh # create emergency variables etc. ip route list | grep default | sed 's/^default via //' | head -n 1 > /etc/ppp/olddefroute.pppd-backup ls /var/run/pptp/ | sed s/^.*:// > /etc/ppp/pptphost.pppd-backup olddefroute=$(cat /etc/ppp/olddefroute.pppd-backup) pptphost=$(cat /etc/ppp/pptphost.pppd-backup) # set up route ip route add $pptphost via $olddefroute # includes device ip route replace default via $IPREMOTE dev $IFNAME
[/etc/ppp/ip-down.d/defaultroute]
#!/bin/sh # retrieve emergency variables etc. olddefroute=$(cat /etc/ppp/olddefroute.pppd-backup) pptphost=$(cat /etc/ppp/pptphost.pppd-backup) # set up old route and remove route to pptp host ip route replace default via $olddefroute ip route del $pptphost via $olddefroute rm /etc/ppp/olddefroute.pppd-backup rm /etc/ppp/pptphost.pppd-backup
To check if everything's working, run 'pon swans debug nodetach'. Running 'pon swans' is what should be done most times.
Those scripts seem to be necessary because either pppd or the remote peer doesn't know how to set the default route properly. When you are connected, running 'ip route list' should produce something looking like the following:
10.73.3.1 dev ppp0 proto kernel scope link src 10.73.3.4 130.195.11.127 via 10.130.0.1 dev eth1 10.130.0.0/15 dev eth1 proto kernel scope link src 10.130.3.241 default via 10.73.3.1 dev ppp0
Pages that were used to get this information: