Print

[mthode]

Kernel config:

Code: [Select]

zgrep IP_MULTIPLE_TABLES < /proc/config.gzthat needs to return 'IP_MULTIPLE_TABLES=y'

PPTP config:
/etc/ppp/chap-secrets

Code: [Select]

# Secrets for authentication using CHAP
# client server secret IP addresses
user_name label SECRET_PASS *The user_name is your user name from HE.
The label is whatever you want to call your tunnel.
SECRET_PASS is the pass you set for the tunnel from HE.

/etc/ppp/peers/[label]   (use the name of whatever you called your tunnel)

Code: [Select]

pty "pptp tunnel_server --nolaunchpppd"
name user_name
remotename he.net
file /etc/ppp/options.labelThe tunnel_server is the server you connect to at HE.
The user_name is your user name from HE.
The remote name is the name of your tunnel.
The file option is the file you use for your tunnel specific settings.  Change the label to what you used up in /etc/ppp/chap-secrets.

/etc/ppp/options.label

Code: [Select]

lock
noauth
persist
nodefaultroute
mtu 1400
mru 1400
nobsdcomp
nodeflate
lcp-echo-failure 30
lcp-echo-interval 10
Add the following to /etc/ppp/ip-up

Code: [Select]

echo "1 admin" >> /etc/iproute2/rt_tables
ip route add default dev ppp0 table admin
ip rule add from your_ip_from_he table adminThe your_ip_from_he needs to be the IP that HE is routing to you.

Add the following to /etc/ppp/ip-down

Code: [Select]

ip rule del from your_ip_from_he table admin
ip route del default dev ppp0 table admin
sed "/1 admin/d" /etc/iproute2/rt_tablesThe your_ip_from_he needs to be the IP that HE is routing to you.


After all this is done, all you need to do is the following

Code: [Select]

pon label

Code: [Select]

poff labelThe label is whatever you called your tunnel in /etc/ppp/chap-secrets and the peers file.

*edit: corrected title and added some options

[jimb]

Yep.  Policy routing is the only way I can really think of doing this.  But I think life would be easier if they gave the PPTP server a different IPv4 than the tunnel server.   

[homeipv6]

Thanks. This really helpful.
In Red Hat based distros VPN and IPv6 tunnel can be configured with files:

/etc/sysconfig/network-scripts/ifcfg-ppp0:

Code: [Select]

TYPE=Modem
DEVICE=ppp0
BOOTPROTO=dialup
ONBOOT=no
USERCTL=yes
PEERDNS=no
DEFROUTE=no
PERSIST=yes
DEMAND=no
PAPNAME="USERNAME%12345"
PPPOPTIONS='novj novjccomp nobsdcomp nodeflate lcp-max-failure 0'
IPV6INIT=no
WVDIALSECT=Default
IDLETIMEOUT=600
MTU=1460
MRU=1460
NM_CONTROLLED=no
/etc/sysconfig/network-scripts/route-ppp0:

Code: [Select]

default table default dev ppp0
/etc/sysconfig/network-scripts/rule-ppp0:

Code: [Select]

from PPTP_Client_IPv4_Address table default
/etc/ppp/peers/ppp0:

Code: [Select]

pty "/usr/sbin/pptp PPTP_Server_IPv4_Hostname --nobuffer --loglevel 0 --nolaunchpppd"
/etc/ppp/chap-secrets:

Code: [Select]

# Secrets for authentication using CHAP
# client         server       secret     IP addresses
USERNAME%12345   *            VPN_Password
/etc/sysconfig/network-scripts/ifcfg-sit1:

Code: [Select]

TYPE=sit
DEVICETYPE=sit
DEVICE=sit1
BOOTPROTO=none
ONBOOT=no
USERCTL=yes
IPV6INIT=yes
IPV6TUNNELIPV4=IPv6_Tunnel_Server_IPv4_address
IPV6TUNNELIPV4LOCAL=PPTP_Client_IPv4_Address
IPV6ADDR=IPv6_Tunnel_Client_IPv6_address
IPV6_DEFAULTDEV=sit1
IPV6_MTU=1480
NM_CONTROLLED=no
Start VPN and tunnel:

Code: [Select]

ifup ppp0
ifup sit1
Stop VPN and tunnel:

Code: [Select]

ifdown sit1
ifdown ppp0
pptp package should be installed before

Code: [Select]

yum install pptp

[evadim]

And "Gentoo way" settings:

Code: [Select]

emerge pptpclientpptpclient depend on ppp and ppp ebuild check kernel options

after install/reconfigure kernel, edit conf.d/net:

link_ppp0="pty 'pptp  Server IPv4 Hostname --nolaunchpppd --loglevel 0 --nobuffer'"
username_ppp0="user%123456"
password_ppp0="password"
pppd_ppp0="
lock
noauth
persist
nodefaultroute
nobsdcomp
nodeflate
lcp-echo-failure 30
lcp-echo-interval 10
"
rules_ppp0="from Client IPv4 Address table he"
routes_ppp0="default dev ppp0 table he"

modules_he="iptunnel"

depend_he() {
        need net.ppp0
        }

iptunnel_he="mode sit remote Server IPv4 address local Client IPv4 Address ttl 255 dev ppp0"
config_he="Client IPv6 address"
routes_he="::/0 dev he"

create interfaces:

Code: [Select]

# cd /etc/init.d
# ln -s net.lo net.ppp0
# ln -s net.lo net.he

create table

Code: [Select]

echo "200 he" >> /etc/iproute2/rt_tables
done. start tunnel:

Code: [Select]

/etc/init.d/net.he start
test connection:

Code: [Select]

ping6 www.kame.net
UPD: hook was integrated into baselayout2.

[jimb]

Did they go to baselayout2 yet?  Still masked for me.  Or maybe it's masked unless it's a fresh install or something.  Haven't really looked into this.

[evadim]

Did they go to baselayout2 yet?  Still masked for me.  Or maybe it's masked unless it's a fresh install or something.  Haven't really looked into this.

No, still masked, but only ~, not hardmasked. Many people upgraded to baselayout2, i upgrade notebook to get fast boot. In the other side - if get hooks from baselayout1 net.example & convert(or not...)
option="foobar"
to
option=( "foobar" )
everything should work

[sysgeek]

Here is how I'm currently doing my pptp connection and then forwarding my ipv6 traffic through it. I wrote a perl script to automate it as much as possible.

#!/usr/bin/perl

# PPTP Variables
$pptpTunName    = "pptp";
$pptpServer     = "<HE.net pptp server - change me>";
$pptpUsername   = "<HE.net pptp username - change me>";
$pptpPassword   = "<HE.net pptp password - change me>";
$pppIfName   = "ppp0";
# SIT Tunnel Variables
$sitIfName      = "tun0";
$sitRemote      = "<HE.net 6in4 tunnel server - change me>";
$sitLocal       = "<HE.net 6in4 local address - change me>";
$sitIpv6Addr    = "<Local tunnel IPv6 address - change me>";

if($ARGV[0] eq "start") {
        startTun();
} elsif($ARGV[0] eq "stop") {
        stopTun();
} elsif($ARGV[0] eq "restart") {
        stopTun();
        startTun();
} elsif($ARGV[0] eq "setup") {
        pptpSetup();
} elsif($ARGV[0] eq "delete") {
        pptpDelete();
} else {
        commandOptions();
}

sub commandOptions {
        print "$0 [start | stop | restart | setup | delete]\n";
}
sub pptpSetup {
        print "Creating PPTP dial peer.\n";
        `/usr/sbin/pptpsetup --create $pptpTunName --server $pptpServer --username $pptpUsername --password $pptpPassword`;
}
sub pptpDelete {
        print "Deleting PPTP dial peer.\n";
        `/usr/sbin/pptpsetup --delete $pptpTunName`;
}
sub startTun {
        print "Building PPTP enabled IPv6 Tunnel.\n";
        `/usr/sbin/pppd call $pptpTunName`;
        `sleep 1`;
        `ip tunnel add $sitIfName mode sit remote $sitRemote local $sitLocal ttl 255 dev $pppIfName`;
        `ip link set $sitIfName up`;
        `ip addr add $sitIpv6Addr dev $sitIfName`;
        `ip route add ::/0 dev $sitIfName`;
}
sub stopTun {
        print "Tearing down PPTP enabled IPv6 Tunnel.\n";
        `ip route del ::/0 dev $sitIfName`;
        `ip addr del $sitIpv6Addr dev $sitIfName`;
        `ip link set $sitIfName down`;
        `ip tunnel del $sitIfName`;
        `killall pppd`;
}

[evadim]

Small update to my post about Gentoo, because of stabilisation of OpenRC and Baselayout2.