extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2025-01-02 19:49:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

Hack out a lot of old stuff from the PPTP doc

Browse Source 
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5305 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2007-01-26 02:09:13 +00:00
parent b80ffb431e
commit 4a051c0dae
1 changed files with 9 additions and 218 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

227
docs/PPTP.xml
View File

@ -45,61 +45,6 @@
License</ulink></quote>.</para>
</legalnotice>
<revhistory>
<revision>
<revnumber>1.5</revnumber>
<date>2007-01-17</date>
<authorinitials>TE</authorinitials>
<revremark>Updated zones files to 3.x format</revremark>
</revision>
<revision>
<revnumber>1.4</revnumber>
<date>2004-11-02</date>
<authorinitials>TE</authorinitials>
<revremark>Added link to Greg Kops's tutorial.</revremark>
</revision>
<revision>
<revnumber>1.3</revnumber>
<date>2004-05-22</date>
<authorinitials>TE</authorinitials>
<revremark>Warning about PPTP conntrack patch and GRE
tunnels.</revremark>
</revision>
<revision>
<revnumber>1.2</revnumber>
<date>2004-04-15</date>
<authorinitials>TE</authorinitials>
<revremark>Revised instructions regarding PPTP conntrack
patch.</revremark>
</revision>
<revision>
<revnumber>1.1</revnumber>
<date>2003-12-23</date>
<authorinitials>TE</authorinitials>
<revremark>Added note about PPTP module support in Bering
1.2</revremark>
</revision>
</revhistory>
<abstract>
<para>Shorewall easily supports PPTP in a number of
configurations.</para>
@ -107,63 +52,13 @@
</articleinfo>
<warning>
<para><emphasis role="bold">This document is no longer maintained. Any
volunteers?</emphasis></para>
<para><emphasis role="bold">I have not used PPTP in years and as a
consequence, this document is no longer maintained (any volunteers?). As
far as I know, the information regarding Shorewall configuration is still
valid but the configurations shown for for the other components may no
longer work.</emphasis></para>
</warning>
<section>
<title>Overview</title>
<note>
<para>I am no longer attempting to maintain MPPE patches for current
Linux kernel's and pppd. I recommend that you refer to the following
URLs for information about installing MPPE into your kernel and
pppd.</para>
</note>
<para>The <ulink url="http://pptpclient.sourceforge.net">Linux PPTP client
project</ulink> has a nice GUI for configuring and managing VPN
connections where your Linux system is the PPTP client. This is what I
currently use. I am no longer running PoPToP but rather I use the PPTP
Server included with XP Professional (see <ulink
url="PPTP.htm#ServerBehind">PPTP Server running behind your
Firewall</ulink> below).</para>
<variablelist>
<varlistentry>
<term><ulink
url="http://pptpclient.sourceforge.net">http://pptpclient.sourceforge.net</ulink></term>
<listitem>
<para>Everything you need to run a PPTP client.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><ulink
url="http://www.poptop.org">http://www.poptop.org</ulink></term>
<listitem>
<para>The <quote>kernelmod</quote> package can be used to quickly
install MPPE into your kernel without rebooting.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><ulink
url="http://devel.elucid8design.com/el8/devel/tutorials/pptp.php">http://devel.elucid8design.com/el8/devel/tutorials/pptp.php</ulink></term>
<listitem>
<para>A nice tutorial for installing a PPTP server on Fedora.</para>
</listitem>
</varlistentry>
</variablelist>
<para>I am leaving the instructions for building MPPE-enabled kernels and
pppd in the text below for those who may wish to obtain the relevant
current patches and <quote>roll their own</quote>.</para>
</section>
<section>
<title>Preliminary Reading</title>
@ -174,102 +69,6 @@
<section id="ServerFW">
<title>PPTP Server Running on your Firewall</title>
<para>I will try to give you an idea of how to set up a PPTP server on
your firewall system. This isn't a detailed HOWTO but rather an example of
how I have set up a working PPTP server on my own firewall.</para>
<para>The steps involved are:</para>
<orderedlist>
<listitem>
<para><xref linkend="PatchPppd" /></para>
</listitem>
<listitem>
<para><xref linkend="PatchKernel" /></para>
</listitem>
<listitem>
<para><xref linkend="Samba" /></para>
</listitem>
<listitem>
<para><xref linkend="ConfigPppd" /></para>
</listitem>
<listitem>
<para><xref linkend="ConfigPptpd" /></para>
</listitem>
<listitem>
<para><xref linkend="ConfigFw" /></para>
</listitem>
</orderedlist>
<section id="PatchPppd">
<title>Patching and building pppd</title>
<para>To run pppd on a 2.4 kernel, you need the pppd 2.4.1 or later. The
primary site for releases of pppd is <ulink
url="ftp://ftp.samba.org/pub/ppp">ftp://ftp.samba.org/pub/ppp</ulink>.</para>
<para>You will need the following patches:</para>
<simplelist>
<member><ulink
url="http://www.shorewall.net/pub/shorewall/pptp/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz">http://www.shorewall.net/pub/shorewall/pptp/ppp-2.4.1-openssl-0.9.6-mppe-patch.gz</ulink></member>
<member><ulink
url="http://www.shorewall.net/pub/shorewall/pptp/ppp-2.4.1-MSCHAPv2-fix.patch.gz">http://www.shorewall.net/pub/shorewall/pptp/ppp-2.4.1-MSCHAPv2-fix.patch.gz</ulink></member>
</simplelist>
<para>You may also want the following patch if you want to require
remote hosts to use encryption:</para>
<simplelist>
<member><ulink
url="ftp://ftp.shorewall.net/pub/shorewall/pptp/require-mppe.diff">ftp://ftp.shorewall.net/pub/shorewall/pptp/require-mppe.diff</ulink></member>
</simplelist>
<para>Un-tar the pppd source and uncompress the patches into one
directory (the patches and the ppp-2.4.1 directory are all in a single
parent directory):</para>
<programlisting>cd ppp-2.4.1
patch -p1 &lt; ../ppp-2.4.0-openssl-0.9.6-mppe.patch
patch -p1 &lt; ../ppp-2.4.1-MSCHAPv2-fix.patch
(Optional) patch -p1 &lt; ../require-mppe.diff
./configure
make</programlisting>
<para>You will need to install the resulting binary on your firewall
system. To do that, I NFS mount my source filesystem and use <quote>make
install</quote> from the ppp-2.4.1 directory.</para>
</section>
<section id="PatchKernel">
<title>Patching and building your Kernel</title>
<para>You will need one of the following patches depending on your
kernel version:</para>
<simplelist>
<member>http://www.shorewall.net/pub/shorewall/pptp/linux-2.4.4-openssl-0.9.6a-mppe-patch.gz</member>
<member>http://www.shorewall/net/pub/shorewall/pptp/linux-2.4.16-openssl-0.9.6b-mppe-patch.gz</member>
</simplelist>
<para>Uncompress the patch into the same directory where your top-level
kernel source is located and:</para>
<programlisting>cd &lt;your GNU/Linux source top-level directory&gt;
patch -p1 &lt; ../linux-2.4.16-openssl-0.9.6b-mppe.patch</programlisting>
<para>Now configure your kernel. Here is my ppp configuration:</para>
<graphic fileref="images/ppp.jpg" />
</section>
<section id="Samba">
<title>Configuring Samba</title>
@ -487,10 +286,10 @@ pptpserver net 0.0.0.0/0</programlisting>
<para><filename>/etc/shorewall/zones</filename>:</para>
<programlisting>#ZONE DISPLAY COMMENTS
net Internet The Internet
loc Local Local Network
vpn VPN Remote Users</programlisting>
<programlisting>#ZONE TYPE
net ipv4
loc ipv4
vpn ipv4</programlisting>
<para><filename>/etc/shorewall/interfaces</filename>:</para>
@ -617,14 +416,6 @@ loadmodule ip_nat_proto_gre</programlisting>
<section id="ClientFW">
<title>PPTP Client Running on your Firewall</title>
<para>The PPTP GNU/Linux client is available at <ulink
url="http://sourceforge.net/projects/pptpclient/">http://sourceforge.net/projects/pptpclient/</ulink>.
Rather than use the configuration script that comes with the client, I
built my own. I also build my own kernel <link linkend="PatchKernel">as
described above</link> rather than using the mppe package that is
available with the client. My /etc/ppp/options file is mostly unchanged
from what came with the client (see below).</para>
<para>The key elements of this setup are as follows:</para>
<orderedlist>