netbsd-docs: NetBSD Guide and VPN

Subject: NetBSD Guide and VPN
To: None <netbsd-docs@netbsd.org>
From: Aleksey Cheusov <cheusov@tut.by>
List: netbsd-docs
Date: 03/14/2006 01:55:41
Hi all.
I'm new to NetBSD and I'd like to say
that was really impressed of NetBSD Guide.
Very nice manual for NetBSD newbies like me!
IMHO it is better than FreeBSD's handbook.

But one important thing is missing.
This is how to make a VPN using PPTP protocol.
This is important for me because
my ISP provides Internet through two VPN servers
accesible from my local network.
In thruth, I spent lots of time to configure internet.

The following is how I did it.
Hope this will be useful at least for those who use google.
I'm not expert in network technologoies,
fix me if I'll not right.

My ISP provides two VPN servers (PPTP), say, VPN_HOST1 and VPN_HOST2
having IPv4  adresses VPN_HOST_IP1 and VPN_HOST_IP2.
No MPPE was needed for me. My user name and password for authentication
are USERNAME_FOR_AUTH and PASSWORD_FOR_AUTH.

1) I've downloaded PPTP client from its home page
http://sourceforge.net/projects/pptpclient

  PPTP client from pkgsrc ($pkgsrc/net/pptp) did not work for me
  probably because it is very old :-(

2) configure/make/make install it,
   pptp executable appeared in /usr/local/sbin/pptp.

3) Created /etc/ppp/options file containing
   common options for two VPN servers.

   lock noauth nobsdcomp nodeflate
   name <USERNAME_FOR_AUTH>
   #### require-mppe-128
   #### debug
   usepeerdns
   defaultroute
   persist

4) Created file containing my username and password for authentication.
   /etc/ppp/chap-secrets:
      <USERNAME_FOR_AUTH> * <PASSWORD_FOR_AUTH> *

4) Created two individual files with options specific to each
   VPN server.

   /etc/ppp/peers/vpn1:
     file /etc/ppp/options
     pty "/usr/local/sbin/pptp <VPN_HOST_IP1> --nolaunchpppd"
   /etc/ppp/peers/vpn2:
     file /etc/ppp/options
     pty "/usr/local/sbin/pptp <VPN_HOST_IP2> --nolaunchpppd"

5) Run '/usr/sbin/pppd call vpn1'
   and check the output of 'ifconfig -a'
   whether ppp0 interface is up.

6) IP addresses of DNS server were appeared in /etc/ppp/resolv.conf
   Because DNS servers are not changed in my case,
   I added these line to /etc/resolv.conf permanently.
   cat /etc/ppp/resolv.conf >> /etc/resolv.conf

7) Then I got 'pon' and 'poff' scripts from Debian/Linux ppp package,
   that make my life much easier. Copy them /usr/local/bin.

8) A few magic with 'sudo' to make possible to connect/disconnect
   from internet by ordinary user.

8) Send e-mail to you about my success ;-)

IMHO all these steps are not so trivial and should be documented
anywhere.

-- 
Best regards, Aleksey Cheusov.