From 4a051c0dae8d04462eba0ed32e3090c659870dc9 Mon Sep 17 00:00:00 2001 From: teastep Date: Fri, 26 Jan 2007 02:09:13 +0000 Subject: [PATCH] Hack out a lot of old stuff from the PPTP doc git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb --- docs/PPTP.xml | 227 ++------------------------------------------------ 1 file changed, 9 insertions(+), 218 deletions(-) diff --git a/docs/PPTP.xml b/docs/PPTP.xml index e9a2791bc..7d56ad0d5 100644 --- a/docs/PPTP.xml +++ b/docs/PPTP.xml @@ -45,61 +45,6 @@ License. - - - 1.5 - - 2007-01-17 - - TE - - Updated zones files to 3.x format - - - - 1.4 - - 2004-11-02 - - TE - - Added link to Greg Kops's tutorial. - - - - 1.3 - - 2004-05-22 - - TE - - Warning about PPTP conntrack patch and GRE - tunnels. - - - - 1.2 - - 2004-04-15 - - TE - - Revised instructions regarding PPTP conntrack - patch. - - - - 1.1 - - 2003-12-23 - - TE - - Added note about PPTP module support in Bering - 1.2 - - - Shorewall easily supports PPTP in a number of configurations. @@ -107,63 +52,13 @@ - This document is no longer maintained. Any - volunteers? + I have not used PPTP in years and as a + consequence, this document is no longer maintained (any volunteers?). As + far as I know, the information regarding Shorewall configuration is still + valid but the configurations shown for for the other components may no + longer work. -
- Overview - - - I am no longer attempting to maintain MPPE patches for current - Linux kernel's and pppd. I recommend that you refer to the following - URLs for information about installing MPPE into your kernel and - pppd. - - - The Linux PPTP client - project has a nice GUI for configuring and managing VPN - connections where your Linux system is the PPTP client. This is what I - currently use. I am no longer running PoPToP but rather I use the PPTP - Server included with XP Professional (see PPTP Server running behind your - Firewall below). - - - - http://pptpclient.sourceforge.net - - - Everything you need to run a PPTP client. - - - - - http://www.poptop.org - - - The kernelmod package can be used to quickly - install MPPE into your kernel without rebooting. - - - - - http://devel.elucid8design.com/el8/devel/tutorials/pptp.php - - - A nice tutorial for installing a PPTP server on Fedora. - - - - - I am leaving the instructions for building MPPE-enabled kernels and - pppd in the text below for those who may wish to obtain the relevant - current patches and roll their own. -
-
Preliminary Reading @@ -174,102 +69,6 @@
PPTP Server Running on your Firewall - I will try to give you an idea of how to set up a PPTP server on - your firewall system. This isn't a detailed HOWTO but rather an example of - how I have set up a working PPTP server on my own firewall. - - The steps involved are: - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Patching and building pppd - - To run pppd on a 2.4 kernel, you need the pppd 2.4.1 or later. The - primary site for releases of pppd is ftp://ftp.samba.org/pub/ppp. - - You will need the following patches: - - - http://www.shorewall.net/pub/shorewall/pptp/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz - - http://www.shorewall.net/pub/shorewall/pptp/ppp-2.4.1-MSCHAPv2-fix.patch.gz - - - You may also want the following patch if you want to require - remote hosts to use encryption: - - - ftp://ftp.shorewall.net/pub/shorewall/pptp/require-mppe.diff - - - Un-tar the pppd source and uncompress the patches into one - directory (the patches and the ppp-2.4.1 directory are all in a single - parent directory): - - cd ppp-2.4.1 -patch -p1 < ../ppp-2.4.0-openssl-0.9.6-mppe.patch -patch -p1 < ../ppp-2.4.1-MSCHAPv2-fix.patch -(Optional) patch -p1 < ../require-mppe.diff -./configure -make - - You will need to install the resulting binary on your firewall - system. To do that, I NFS mount my source filesystem and use make - install from the ppp-2.4.1 directory. -
- -
- Patching and building your Kernel - - You will need one of the following patches depending on your - kernel version: - - - http://www.shorewall.net/pub/shorewall/pptp/linux-2.4.4-openssl-0.9.6a-mppe-patch.gz - - http://www.shorewall/net/pub/shorewall/pptp/linux-2.4.16-openssl-0.9.6b-mppe-patch.gz - - - Uncompress the patch into the same directory where your top-level - kernel source is located and: - - cd <your GNU/Linux source top-level directory> -patch -p1 < ../linux-2.4.16-openssl-0.9.6b-mppe.patch - - Now configure your kernel. Here is my ppp configuration: - - -
-
Configuring Samba @@ -487,10 +286,10 @@ pptpserver net 0.0.0.0/0 /etc/shorewall/zones: - #ZONE DISPLAY COMMENTS -net Internet The Internet -loc Local Local Network -vpn VPN Remote Users + #ZONE TYPE +net ipv4 +loc ipv4 +vpn ipv4 /etc/shorewall/interfaces: @@ -617,14 +416,6 @@ loadmodule ip_nat_proto_gre
PPTP Client Running on your Firewall - The PPTP GNU/Linux client is available at http://sourceforge.net/projects/pptpclient/. - Rather than use the configuration script that comes with the client, I - built my own. I also build my own kernel as - described above rather than using the mppe package that is - available with the client. My /etc/ppp/options file is mostly unchanged - from what came with the client (see below). - The key elements of this setup are as follows: