[CentOS] VPN via PPTP and MPPE

Wed Nov 9 04:20:46 UTC 2005
Benjamin Smith <lists at benjamindsmith.com>

I tried several times to get a VPN working - I tried 

	1) Tunneling IP over SSH fw. 
	2) IPSec 
	3) PPTP 

All were painful, and often unreliable. (I'd do a kernel update, and suddenly 
VPN would die a horrible death, and I'd have to recompile a bunch of stuff to 
get it back up - ugh) 

The best way, bar none, no exceptions, is using OpenVPN. Cross platform, 
fairly quick setup, good security, highly reliable. 

After a few hours of tinkering during setup, "it just works" and has done so 
very reliably under rather demanding circumstances for over a year. Probably 
the worst part was setting up the routing tables on either end, and that 
seems to be a PITA regardless of your VPN solution... 

The only downside I can find to OpenVPN is that it requires a process on the 
GW for each connection, so this could get cumbersome if you have hundreds of 
simultaneous connections. But, with my half-dozen connections, it works 
fanastically! 

Cheers! 

-Ben 

On Monday 31 October 2005 13:27, James B. Byrne wrote:
> I have set up a VPN over PPTP on a CentOS server using the
> DKMS module rpm dkms-0-2.0.6-3.el4 from 
> http://centos.karan.org/el4/extras/stable/i386/RPMS/repodata/repovie
> w/dkms-0-2.0.6-3.el4.kb.html  
> 
> and 
> 
> kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm at 
> http://pptpclient.sourceforge.net/howto-fedora-
> core-3.phtml.
> 
> I have configured the pptpd server on Centos4 to use MS_CHAPv2, 
> 128bit encryption and to assign server side and client IP addresses 
> in the range a.b.c.42-48 and a.b.c.52-58 respectively.
> 
> I have also opened the firewall for tcp port 1723 and the GRE 
> protocol (47).
> 
> I have configured a Microsoft Win2Kpro client and I can connect and 
> establish a VPN.  However I am missing something because:
> 
> 1.	If I try and connect to a machine on the local network segment 
> then the VPN channel is not used (this is probably the correct 
> behaviour but it is not what I want and I need to know how to force 
> local network paths over an encrypted connection).
> 
> 2.	If I try and connect to a host outside our local network then 
> the traffic is not routed out through the gateway but it does 
> travel over the vpn to the local pptdp server.
> 
> So, what am I missing in all of this?  Are there options for the 
> pptpd that I need to set for this to work?
> 
> I have a similar problem when I connect from outside the local 
> network segment.  The the vpn connects but then I cannot reach any 
> other host.
> 
> Any suggestions are welcome.  I am a digest subscriber so if you 
> could copy my email address on your reply then I would be 
> appreciative.
> 
> Regards,
> Jim
> 
> --   
>      *** e-mail is not a secure channel ***
> mailto:byrnejb.<token>@harte-lyne.ca
> James B. Byrne                Harte & Lyne Limited
> vox: +1 905 561 1241          9 Brockley Drive
> fax: +1 905 561 0757          Hamilton, Ontario
> <token> = hal                 Canada L8E 3C3
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
> 

-- 
"The best way to predict the future is to invent it."
- XEROX PARC slogan, circa 1978