Following are short notes on How I added VPN [pptp] client in Linux [initially in centos, later I will add commands for Ubuntu as well] to a mikrotik base pptp vpn server. Mikrotik is using default profile for vpn users. Something like this
PPP Default Profile …
PPP Default Profile Protocols Section …
& PPP USER …
Ok now moving to linux to add vpn client
Adding PPTP VPN Client in CENTOS 6
First install PPTP client.
yum install pptp -y
Now add the username and password inside /etc/ppp/chap-secrets file
Note: I used NANO editor as its easier, but you can use any other editor like VI or other
Now add your USER ID and PASSWORD in following scheme …
# Secrets for authentication using CHAP # client server secret IP addresses test PPTP testpass *
In above example, my vpn user name is test, and password is testpass.
Save & Exit.
Now create a VPN Dialer configuration file under /etc/ppp/peers directory called testvpn using any text editor
and use following format
pty "pptp 220.127.116.11 --nolaunchpppd" lock noauth nobsdcomp nodeflate name test remotename PPTP require-mppe-128 #file /etc/ppp/options.pptp ipparam testvpn
In above Example. Make sure to change following items
18.104.22.168 > with your target vpn server IP address or name
name test > Replace TEST with your supplied vpn dialer user name
Save & Exit.
Test Dialer Connectivity …
To dial , use following command from terminal …
pppd call testvpn
In second terminal, open messages log file so you can see the log info (and error messages if any, useful in troubleshooting) …
tail -f /var/log/messages
Upon successful logon, the messages log shoul show you something as following …
Apr 13 06:43:39 radius pppd: pppd 2.4.5 started by root, uid 0 Apr 13 06:43:39 radius pppd: Using interface ppp0 Apr 13 06:43:39 radius pppd: Connect: ppp0 <--> /dev/pts/2 Apr 13 06:43:39 radius pptp: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated Apr 13 06:43:39 radius pptp: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request' Apr 13 06:43:39 radius pptp: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply Apr 13 06:43:39 radius pptp: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established. Apr 13 06:43:40 radius pptp: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request' Apr 13 06:43:40 radius pptp: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply. Apr 13 06:43:40 radius pptp: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 921). Apr 13 06:43:40 radius pppd: CHAP authentication succeeded Apr 13 06:43:40 radius pppd: MPPE 128-bit stateless compression enabled Apr 13 06:43:41 radius pppd: local IP address 172.16.0.249 Apr 13 06:43:41 radius pppd: remote IP address 172.16.0.1
You can also check vpn interface via
ip a | grep ppp
[root@radius ~]# ip a | grep ppp 13: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1456 qdisc pfifo_fast state UNKNOWN qlen 3 link/ppp inet 172.16.0.249 peer 172.16.0.1/32 scope global ppp0
Try pinging a system in the VPN network and you should get response from other side :)
ADDING ROUTE via pptp dialer to access remote / target destination
NOTE: This will not add any ROUTE information in routing table, you can add it manually or in ifup/down file, As I didn’t required any default gateway but I added just one static route to access specific server only, example:
> Edit or create following file /etc/ppp/ip-up.local
& add following entries
#!/bin/bash route add -net 22.214.171.124/8 dev ppp0
Now assign it executable rights
chmod +x /etc/ppp/ip-up.local
Note: change 126.96.36.199/8 to match your remote target subnet you want to access via your linux pc. This is recommended method as it works on AUTO :)
Or if its just for one session , use following command
route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.16.0.1 dev ppp0
192.168.10.0 is the remote office server subnet, and 172.16.0.1 is the virtual gateway this pc should use to access remote site.
Or if all traffic should route via this , use (not tested yet)
route add default gw 172.16.0.1 ppp0
Howto Stop Dialer
To Stop dialer, you can simply kill it with
Howto add AUTO RE-CONNECT / RE-DIAL option
Note: To make it auto re-connect (redial) you can add following directives in your vpn configuration file (example /etc/ppp/peers/testvpn) to make it auto reconnect.
maxfail 0 persist
maxfail 0 and persist is for the connection to reconnect and retry forever.
You can also use script and schedule it to keep check on the dialer connectivity and perform specific action like inform you via email, or whatever you like it to trigger. If interested in script base approach, there is already a good guide for this purposes here :)