Debian Linux VPN Server



1. Log in as root.



2. Configure server for unstable packages.


# vi /etc/apt/sources.lists

deb http://ftp.ie.debian.org/debian stable main contrib non-free
deb http://ftp.ie.debian.org/debian-non-US stable/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free

deb http://ftp.ie.debian.org/debian unstable main contrib non-free
deb http://ftp.ie.debian.org/debian-non-US unstable/non-US main contrib non-free

# apt-get update


3. Install required packages.


# apt-get -t unstable install \
	kernel-source-2.6.8 \
	pptpd \
	pptp-linux \
	ppp \
	kernel-package \
	gcc \
	libc6-dev \
	libncurses-dev \
	iptables \
	iproute \
	kernel-patch-mppe


4. Change directory.


# cd /usr/src


5. Extract the source code.


# tar jxf kernel-source-2.6.8.tar.bz2


6. Change directory.


# cd kernel-source-2.6.8


7. Copy old/current kernel configuration.


# uname --all !! Don't use a 2.2 or 2.4 config with 2.6 !!
# cp /boot/config-$(uname --kernel-release) .config
# make oldconfig


8. Configure the kernel source for PPP and Firewall.


# make menuconfig

Code maturity level options  --->
  [*] Prompt for development and/or incomplete code/drivers

Loadable module support  --->
  [*] Enable loadable module support
  [*]   Module unloading
  [*]   Module versioning support (EXPERIMENTAL)
  [*]   Automatic kernel module loading

Device Drivers  --->
  Networking support  --->
    Networking options  --->
      [*] TCP/IP networking
      [*] Network packet filtering (replaces ipchains)  ---> !! Select all options as modules !!

Device Drivers  --->
  Networking support  --->
    [*] Network device support
      <M> PPP (point-to-point protocol) support
      [*]   PPP multilink support (EXPERIMENTAL)
      [*]   PPP filtering
      <M>   PPP support for async serial ports
      <M>   PPP support for sync tty ports
      <M>   PPP Deflate compression
      <M>   PPP BSD-Compress compression
      <M>   PPP over Ethernet (EXPERIMENTAL)

Cryptographic options  --->  !! Select all options as modules !!


9. Compile the kernel.


# make-kpkg clean
# PATCH_THE_KERNEL=YES make-kpkg --append-to-version -vpn.1 --revision 1 kernel_image kernel_headers modules_image

You maybe prompted for extra kernel options, says yes.

10. Install newly created packages.


# dpkg --install kernel-image-2.6.8-vpn.1_1_i386.deb


11. Reboot the server.


# reboot


12. Log in as root.



13. Configure pptpd server.


Add or replace the following in
# vi /etc/pptpd.conf
localip 10.1.1.1
remoteip 10.1.1.128-254


# vi /etc/ppp/pptp-options


name TESTVPN
auth
lock
proxyarp

default-mru
require-mppe-128
require-mschap-v2

ms-dns 10.1.1.1
netmask 255.255.255.0
nodefaultroute

debug
dump


# vi /etc/ppp/chap-secrets
"test"          TESTVPN     "test"       10.1.1.128


14. Restart pptpd daemon.


# /etc/init.d/pptpd restart


15. Change your firewall settings.


Example entires include:

iptables -A INPUT -p icmp --icmp-type fragmentation-needed -j ACCEPT
iptables -A INPUT -p tcp --dport 1723 -j ACCEPT
iptables -A INPUT -p gre -j ACCEPT
iptables -A FORWARD -i ppp+ -s 10.1.1.0/24 -j ACCEPT


Home
Last updated 2006-04-22. Copyright © 2004, 2006 Robert Fitzsimons. robfitz at 273k dot net