Overblog Suivre ce blog
Editer l'article Administration Créer mon blog
1 octobre 2013 2 01 /10 /octobre /2013 02:02

We'll see here how to setup PPTP for real use, covering issues like Wan access, port forwarding, and PPTP passthrough. We'll use a Cisco Small Business RV110W as a VPN server, Debian 7.5 LXDE as VPN client, and a DLink DIR-626L to test PPTP Passthrough.

 

[ Last Edited June 21 2014 ]

 

1. Debian PPTP Client Setup

We first install the required packages :

sudo apt-get update
sudo apt-get upgrade

sudo apt-get install pptp-linux
sudo apt-get install network-manager-pptp
sudo apt-get install network-manager-pptp-gnome

 

( If you're not using LXDE or gnome, the network-manager packages might be different )

 

2. Simple Lan PPTP Setup

We'll first see the simplest topology, a local Lan Access :

 

VPN 3 : PPTP setup

We setup the RV 110-W for PPTP :

Menu Tab : VPN Client TAB

. Allow the PPTP Server

. Choose VPN Server IP and leased IP range if needed

. Allow MPPE encryption

. Create client with password

[ reminder : use a real 128 bits entropy password, ie 20 characters long using numbers, lower-case letters, higher-case letters, special characters ]

VPN 3 : PPTP setup

We then setup the VPN tunnel in Debian by left-clicking on the network-manager :

VPN 3 : PPTP setup

We fill-in the gateway, user/password, and enable MPPE in advanced options.

IPv4 settings can be left on automatic ( VPN ) :

VPN 3 : PPTP setup

Here we have our VPN tunnel set :

VPN 3 : PPTP setup

3. Simple Lan PPTP Setup with exit router

Here we have a little more complexe situation, where PC1 ( Client ) has to exit through a first router ( DIR 626 L ) before reaching the VPN Server :

 

VPN 3 : PPTP setup

There is nothing new to actually setup here, as the DIR 626-L handles the situation quite brilliantly. No firewall-opening needed, neither the need to tick the DIR 626-L PPTP Pass-through.

The DIR 626-L PPTP Pass-through option will only be needed if multiple concurrent PPTP sessions are initiated from the DIR 626-L Lan.

 

4. Lan PPTP Setup with entry Router

Here we have to pass-in a first router ( DIR 626-L ) before reaching the PPTP server :

 

 

VPN 3 : PPTP setup

Things get a little more complicated here, but still quite easy : we just need the DIR 626-L to forward TCP port 1723 to the VPN Server :

VPN 3 : PPTP setup

5. PPTP Server reachable from Wan

The last topology will allow access from Wan :

 

VPN 3 : PPTP setup

We need our Internet Gateway to handle-in the PPTP protocol ( ie TCP port 1723 and GRE protocol ). We have three options here :

1. The Internet Gateway is PPTP friendly

We just have to forward port 1723 ( and protocol GRE = IP protocol 47 eventually ).

2. The Internet gateway can be bridged

If the Internet Gateway can be bridged ( ie its router can be deactivated, so that it performs like a bridge ), any protocol / port will freely flow-by

3. We put the PPTP Server in a DMZ

We setup our Internet gateway so that the PPTP Server IP is in DMZ

Partager cet article

Repost 0
Published by computer outlines - dans VPN
commenter cet article

commentaires

Présentation

  • : Computer Outlines Blog
  • : Blog mainly focused over IPv6, Windows Server, and Networking in general.
  • Contact

Recherche

Liens