On Tue, 2005-02-22 at 18:34 -0700, Matt Alexander wrote:
> I recently setup a replacement for a Windows PPTP server.  Here's what
> I did incase anyone else would like to do the same.
> 
> This is a Fedora Core 3 box.
> I installed the following from www.poptop.org:
>   dkms-2.0.5-1.noarch.rpm
>   kernel_ppp_mppe-0.0.5-2dkms.noarch.rpm
>   pptpd-1.2.3.tar.gz
> 
> Then I built and installed pppd from source from ppp.samba.org
> (patched to use winbind):
>   ppp-2.4.3.tar.gz
> 
> Next, I setup smb.conf:
> [global]
>   workgroup = mydomain
>   realm = mydomain.com
>   server string = myservername
>   load printers = no
>   log file = /var/log/samba/%m.log
>   security = ads
>   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>   local master = no
>   domain master = no
>   preferred master = no
>   wins server = 172.16.1.100
>   dns proxy = no
>   winbind uid = 10000-20000
>   winbind gid = 10000-20000
>   winbind use default domain = yes
> 
> Then join the computer to the domain:
>   net join -U somedomainadmin
> 
> Edit /etc/pptpd.conf:
>   option /etc/ppp/options.pptpd
>   ppp /usr/local/sbin/pppd
>   localip 172.16.4.50
>   remoteip 172.16.100.100-150
> 
> Edit /etc/ppp/options.pptpd
>   lock
>   debug
>   noauth
>   name pptpdev
>   nobsdcomp
>   proxyarp
>   refuse-pap
>   refuse-mschap
>   require-mschap-v2
>   require-mppe-128
>   ms-dns 172.16.1.100
>   ms-dns 172.16.2.100
>   defaultroute
>   plugin winbind.so
>   ntlm_auth-helper "/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1"
> 
> Enable IP forwarding in /etc/sysctl.conf:
>   net.ipv4.ip_forward = 1
> 
> Startup winbind:
>   service winbind start
> 
> Startup pptpd:
>   /usr/local/sbin/pptpd
> 
> Power down old Windows VPN server:
>   Start -> Shutdown...
----
thanks for the info - couple of thoughts...

1 - fedora core tends to have relatively short life span and uncertainty
if fedoralegacy will continue to issue security updates. I tend to use
RHEL clones or 'firewall/router' projects for this application.

2 - doesn't FC-3 already have mppe in ppp?

3 - any entries in /etc/hosts or local dns server?

4 - isn't PPTP considered weak as compared to L2TP ?

5 - have you looked at...
    IPCOP with L2TP ?
    <http://www.ipcop.org>
<http://www.elminster.com/xoops/modules/phpwiki/index.php/IpcopL2tpRemoteAccessServer>

Though I think Macintosh OSX 10.3+ can connect to either PPTP or L2TP
now.

Also one last thought - has anyone played with tinyCA ?

Craig

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss