Syed Jahanzaib Personal Blog to Share Knowledge !

April 13, 2015

Short Notes Series: Adding VPN (PPTP) Dialer in Linux

Filed under: Linux Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 12:06 PM

 

vpn-animationAssalam Va Alaykum,

Following are short notes on How I added VPN [pptp] client in Linux [initially in centos, later I will add commands for Ubuntu as well] to a mikrotik base pptp vpn server. Mikrotik is using default profile for vpn users. Something like this

Mikrotik Section:

PPP Default Profile …

mt2

 

PPP Default Profile Protocols Section …

mt-ppp-default-profile

& PPP USER …

mt-3

Ok now moving to linux to add vpn client


 

Adding PPTP VPN Client in CENTOS 6

First install PPTP client.

yum install pptp -y

Now add the username and password inside /etc/ppp/chap-secrets file

Note: I used NANO editor as its easier, but you can use any other editor like VI or other

nano /etc/ppp/chap-secrets

Now add your USER ID and PASSWORD in following scheme …

# Secrets for authentication using CHAP
# client        server           secret                 IP addresses
test              PPTP           testpass                       *

In above example, my vpn user name is test, and password is testpass.

Save & Exit.

Now create a VPN Dialer configuration file under /etc/ppp/peers directory called testvpn  using any text editor

nano /etc/ppp/peers/testvpn

and use following format


pty "pptp 1.1.1.1 --nolaunchpppd"
lock
noauth
nobsdcomp
nodeflate
name test
remotename PPTP
require-mppe-128
#file /etc/ppp/options.pptp
ipparam testvpn

In above Example. Make sure to change following items

1.1.1.1 > with your target vpn server IP address or name
name test > Replace TEST with your supplied vpn dialer user name

Save & Exit.

 


 

Test Dialer Connectivity …

To dial , use following command from terminal …

pppd call testvpn

In second terminal, open messages log file so you can see the log info (and error messages if any, useful in troubleshooting) …

tail -f /var/log/messages

Upon successful logon,  the messages log shoul show you something as following …

Apr 13 06:43:39 radius pppd[1441]: pppd 2.4.5 started by root, uid 0
Apr 13 06:43:39 radius pppd[1441]: Using interface ppp0
Apr 13 06:43:39 radius pppd[1441]: Connect: ppp0 <--> /dev/pts/2
Apr 13 06:43:39 radius pptp[1442]: anon log[main:pptp.c:314]: The synchronous pptp option is NOT activated
Apr 13 06:43:39 radius pptp[1450]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 1 'Start-Control-Connection-Request'
Apr 13 06:43:39 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:739]: Received Start Control Connection Reply
Apr 13 06:43:39 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:773]: Client connection established.
Apr 13 06:43:40 radius pptp[1450]: anon log[ctrlp_rep:pptp_ctrl.c:251]: Sent control packet type is 7 'Outgoing-Call-Request'
Apr 13 06:43:40 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:858]: Received Outgoing Call Reply.
Apr 13 06:43:40 radius pptp[1450]: anon log[ctrlp_disp:pptp_ctrl.c:897]: Outgoing call established (call ID 0, peer's call ID 921).
Apr 13 06:43:40 radius pppd[1441]: CHAP authentication succeeded
Apr 13 06:43:40 radius pppd[1441]: MPPE 128-bit stateless compression enabled
Apr 13 06:43:41 radius pppd[1441]: local  IP address 172.16.0.249
Apr 13 06:43:41 radius pppd[1441]: remote IP address 172.16.0.1

 

You can also check vpn interface via

ip a | grep ppp

Result:

[root@radius ~]# ip a | grep ppp
13: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1456 qdisc pfifo_fast state UNKNOWN qlen 3
link/ppp
inet 172.16.0.249 peer 172.16.0.1/32 scope global ppp0

Try pinging a system in the VPN network and you should get response from other side 🙂


 

 

ADDING ROUTE via pptp dialer to access remote / target destination

Khunjerab - Pass Route / Beautiful PAKISTAN :) / zaib

Khunjerab – Pass Route / Beautiful PAKISTAN 🙂 / zaib

 

NOTE: This will not add any ROUTE information in routing table, you can add it manually or in ifup/down file, As I didn’t required any default gateway but I added just one static route to access specific server only, example:

> Edit or create following file /etc/ppp/ip-up.local

& add following entries

#!/bin/bash
route add -net 2.0.0.0/8 dev ppp0

Now assign it executable rights
chmod +x /etc/ppp/ip-up.local

Note: change 2.0.0.0/8 to match your remote target subnet you want to access via your linux pc. This is recommended method as it works on AUTO 🙂

 

Or if its just for one session , use following command

route add -net 192.168.10.0 netmask 255.255.255.0 gw 172.16.0.1 dev ppp0 

192.168.10.0 is the remote office server subnet, and 172.16.0.1 is the virtual gateway this pc should use to access remote site.

Or if all traffic should route via this , use (not tested yet)

route add default gw 172.16.0.1 ppp0

Howto Stop Dialer

To Stop dialer, you can simply kill it with

killall pppd

 


 

Howto add AUTO RE-CONNECT / RE-DIAL option

Note: To make it auto re-connect (redial) you can add following directives in your vpn configuration file (example /etc/ppp/peers/testvpn) to make it auto reconnect.

maxfail 0
persist

maxfail 0 and persist is for the connection to reconnect and retry forever.

You can also use script and schedule it to keep check on the dialer connectivity and perform specific action like inform you  via email, or whatever you like it to trigger. If interested in script base approach, there is already a good guide for this purposes here 🙂

http://www.jamescoyle.net/how-to/968-script-to-automatically-detect-and-restart-linux-pptp-client


 


.

Regard’s
Syed Jahanzaib

Advertisements

April 1, 2015

Howto display combined values of two interfaces in single MRTG graph

Filed under: Linux Related, Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 9:16 AM

mrtgmrtg-for-combo-wan

 


 

 

If you want to view combined value for two or more interfaces in single mrtg graph, here is the simple way to go…
[thanks to MRTG which supports simple math formulas as well 🙂  ]

Example:

On your router you have two wan interfaces (You’re not limited to just two) with the names of WAN1 and WAN2 (in load balancing mode or whatever) and you want to display single graph which should displays combined value for both interfaces so that you can have an idea how much WAN bandwidth is consuming (good to make average historical based graphs) , use following cfg

 


# combinedwan.cfg
Target[192.168.0.1_combowan]: #WAN1:publicsnmp@192.168.0.1: + #WAN2:publicsnmp@192.168.0.1:
MaxBytes[192.168.0.1_combowan]: 12500000
Title[192.168.0.1_combowan]: Traffic Analysis for BOTH DSL WAN Links WAN1+WAN2 -- MikroTik
PageTop[192.168.0.1_combowan]: <h1>Traffic Analysis for BOTH DSL WAN Links WAN1+WAN2  -- MikroTik</h1>
<div id="sysdetails">
<table>
<tr>
<td>System:</td>
<td>MikroTik Routerboard with Load Balacning</td>
</tr>
<tr>
<td>Maintainer:</td>
<td>aacable@hotmail.com</td>
</tr>
<tr>
<td>Description:</td>
<td>WAN1 + WAN2 Combined</td>
</tr>
<tr>
<td>ifType:</td>
<td>ethernetCsmacd (6)</td>
</tr>
<tr>
<td>ifName:</td>
<td>WAN1+WAN2</td>
</tr>
<tr>
<td>Max Speed:</td>
<td>100 Mbits/s</td>
</tr>
<tr>
<td>Ip: DYNAMIC</td>
<td>No Ip (No DNS name)</td>
</tr>
</table>
</div>

 


 

Note: Change the Interfaces names, SNMP string and IP according to your network setup. You can get interface numbers/names from the individual mrtg.cfg / router.cfg entries. cfgmaker can help you in this regard example

cfgmaker snmp@192.168.0.1 > router.cfg

 

Happy Graphing 🙂

Regard’s

Syed Jahanzaib

 

%d bloggers like this: