If you like to access your network from a remote location, you might like to connect to it using vpn.
While not the most secure of the VPN solutions out there, PPTP is by far the simplest to install, configure and connect to from any modern system and from windows specifically as the client is a part of the OS since the XP days and you don’t need to mess with certificates (like with L2TP+IPsec or SSL VPNs) on both sides of the connection.
I have a (virtual) debian server running squeeze with 386M memory. Make sure you configure a static IP.
Install the pptp package.
$ apt-get install pptpd
Edit the “/etc/pptpd.conf” configuration file:
$ vim /etc/pptpd.conf
Add these lines:
localip 192.168.1.5 remoteip 192.168.1.234-238,192.168.1.245
Where the “localip” is the address of the server, and the remoteip are the addresses that will be handed out to the clients, it is up to you to adjust these for your network’s requirements.
Edit the “/etc/ppp/pptpd-options” configuration file:
$ vim /etc/ppp/pptpd-options
Make sure all these settings are present, if not add them at the end of the file.
ms-dns 192.168.1.1 nobsdcomp noipx mtu 1490 mru 1490
Where the IP used for the ms-dns directive is the DNS server for the local network your client will be connecting to and, again, it is your responsibility to adjust this to your network’s configuration.
Edit the chap secrets file:
$ vim /etc/ppp/chap-secrets
Add to it the authentication credentials for a user’s connection, in the following syntax:
username <TAB> * <TAB> users-password <TAB> *
Restart the connection’s daemon for the settings to take affect:
$ /etc/init.d/pptpd restart
Enable port forwarding
While this step is optional and could be viewed as a security risk, it is needed to connect to devices other than this machine.
By enabling forwarding we make the entire network available to us when we connect and not just the VPN server itself. Doing so allows the connecting client to ‘jump’ through the VPN server, to all other devices on the network.
$ vim /etc/sysctl.conf
Find this line and change it to:
$ sysctl -p
With forwarding enabled, all the server side settings are done.comments powered by Disqus