I have set up a VPN over PPTP on a CentOS server using the DKMS module rpm dkms-0-2.0.6-3.el4 from http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repovie w/dkms-0-2.0.6-3.el4.kb.html
and
kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm at http://pptpclient.sourceforge.net/howto-fedora- core-3.phtml.
I have configured the pptpd server on Centos4 to use MS_CHAPv2, 128bit encryption and to assign server side and client IP addresses in the range a.b.c.42-48 and a.b.c.52-58 respectively.
I have also opened the firewall for tcp port 1723 and the GRE protocol (47).
I have configured a Microsoft Win2Kpro client and I can connect and establish a VPN. However I am missing something because:
1. If I try and connect to a machine on the local network segment then the VPN channel is not used (this is probably the correct behaviour but it is not what I want and I need to know how to force local network paths over an encrypted connection).
2. If I try and connect to a host outside our local network then the traffic is not routed out through the gateway but it does travel over the vpn to the local pptdp server.
So, what am I missing in all of this? Are there options for the pptpd that I need to set for this to work?
I have a similar problem when I connect from outside the local network segment. The the vpn connects but then I cannot reach any other host.
Any suggestions are welcome. I am a digest subscriber so if you could copy my email address on your reply then I would be appreciative.
Regards, Jim
-- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3
I tried several times to get a VPN working - I tried
1) Tunneling IP over SSH fw. 2) IPSec 3) PPTP
All were painful, and often unreliable. (I'd do a kernel update, and suddenly VPN would die a horrible death, and I'd have to recompile a bunch of stuff to get it back up - ugh)
The best way, bar none, no exceptions, is using OpenVPN. Cross platform, fairly quick setup, good security, highly reliable.
After a few hours of tinkering during setup, "it just works" and has done so very reliably under rather demanding circumstances for over a year. Probably the worst part was setting up the routing tables on either end, and that seems to be a PITA regardless of your VPN solution...
The only downside I can find to OpenVPN is that it requires a process on the GW for each connection, so this could get cumbersome if you have hundreds of simultaneous connections. But, with my half-dozen connections, it works fanastically!
Cheers!
-Ben
On Monday 31 October 2005 13:27, James B. Byrne wrote:
I have set up a VPN over PPTP on a CentOS server using the DKMS module rpm dkms-0-2.0.6-3.el4 from http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repovie w/dkms-0-2.0.6-3.el4.kb.html
and
kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm at http://pptpclient.sourceforge.net/howto-fedora- core-3.phtml.
I have configured the pptpd server on Centos4 to use MS_CHAPv2, 128bit encryption and to assign server side and client IP addresses in the range a.b.c.42-48 and a.b.c.52-58 respectively.
I have also opened the firewall for tcp port 1723 and the GRE protocol (47).
I have configured a Microsoft Win2Kpro client and I can connect and establish a VPN. However I am missing something because:
- If I try and connect to a machine on the local network segment
then the VPN channel is not used (this is probably the correct behaviour but it is not what I want and I need to know how to force local network paths over an encrypted connection).
- If I try and connect to a host outside our local network then
the traffic is not routed out through the gateway but it does travel over the vpn to the local pptdp server.
So, what am I missing in all of this? Are there options for the pptpd that I need to set for this to work?
I have a similar problem when I connect from outside the local network segment. The the vpn connects but then I cannot reach any other host.
Any suggestions are welcome. I am a digest subscriber so if you could copy my email address on your reply then I would be appreciative.
Regards, Jim
-- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 11/8/05, Benjamin Smith lists@benjamindsmith.com wrote:
I tried several times to get a VPN working - I tried
1) Tunneling IP over SSH fw. 2) IPSec 3) PPTPAll were painful, and often unreliable. (I'd do a kernel update, and suddenly VPN would die a horrible death, and I'd have to recompile a bunch of stuff to get it back up - ugh)
The best way, bar none, no exceptions, is using OpenVPN. Cross platform, fairly quick setup, good security, highly reliable.
After a few hours of tinkering during setup, "it just works" and has done so very reliably under rather demanding circumstances for over a year. Probably the worst part was setting up the routing tables on either end, and that seems to be a PITA regardless of your VPN solution...
The only downside I can find to OpenVPN is that it requires a process on the GW for each connection, so this could get cumbersome if you have hundreds of simultaneous connections. But, with my half-dozen connections, it works fanastically!
Just upgrade to 2.X and you will be able to use one process for all connections for the server.
-- Leonard Isham, CISSP Ostendo non ostento.
-
Benjamin Smith -
James B. Byrne -
Leonard Isham