• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HOWTO: use PPTP tunnel without adding a default route to it

Started by mthode, May 28, 2010, 03:57:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

mthode

May 28, 2010, 03:57:03 PM Last Edit: June 02, 2016, 12:44:40 PM by broquea
Kernel config:
Code Select
zgrep IP_MULTIPLE_TABLES < /proc/config.gz
that needs to return 'IP_MULTIPLE_TABLES=y'

PPTP config:
/etc/ppp/chap-secrets
Code Select
# Secrets for authentication using CHAP
# client server secret IP addresses
user_name label SECRET_PASS *
The user_name is your user name from HE.
The label is whatever you want to call your tunnel.
SECRET_PASS is the pass you set for the tunnel from HE.

/etc/ppp/peers/[label]   (use the name of whatever you called your tunnel)
Code Select
pty "pptp tunnel_server --nolaunchpppd"
name user_name
remotename he.net
file /etc/ppp/options.label
The tunnel_server is the server you connect to at HE.
The user_name is your user name from HE.
The remote name is the name of your tunnel.
The file option is the file you use for your tunnel specific settings.  Change the label to what you used up in /etc/ppp/chap-secrets.

/etc/ppp/options.label
Code Select
lock
noauth
persist
nodefaultroute
mtu 1400
mru 1400
nobsdcomp
nodeflate
lcp-echo-failure 30
lcp-echo-interval 10

Add the following to /etc/ppp/ip-up
Code Select
echo "1 admin" >> /etc/iproute2/rt_tables
ip route add default dev ppp0 table admin
ip rule add from your_ip_from_he table admin
The your_ip_from_he needs to be the IP that HE is routing to you.

Add the following to /etc/ppp/ip-down
Code Select
ip rule del from your_ip_from_he table admin
ip route del default dev ppp0 table admin
sed "/1 admin/d" /etc/iproute2/rt_tables
The your_ip_from_he needs to be the IP that HE is routing to you.


After all this is done, all you need to do is the following
Code Select
pon label
Code Select
poff label
The label is whatever you called your tunnel in /etc/ppp/chap-secrets and the peers file.

*edit: corrected title and added some options

jimb

#1
May 28, 2010, 05:13:44 PM Last Edit: May 28, 2010, 05:17:22 PM by jimb
Yep.  Policy routing is the only way I can really think of doing this.  But I think life would be easier if they gave the PPTP server a different IPv4 than the tunnel server.    :-\

homeipv6

#2
May 28, 2010, 08:01:26 PM Last Edit: September 12, 2010, 01:26:05 PM by homeipv6
Thanks. This really helpful.
In Red Hat based distros VPN and IPv6 tunnel can be configured with files:

/etc/sysconfig/network-scripts/ifcfg-ppp0:
Code Select
TYPE=Modem
DEVICE=ppp0
BOOTPROTO=dialup
ONBOOT=no
USERCTL=yes
PEERDNS=no
DEFROUTE=no
PERSIST=yes
DEMAND=no
PAPNAME="USERNAME%12345"
PPPOPTIONS='novj novjccomp nobsdcomp nodeflate lcp-max-failure 0'
IPV6INIT=no
WVDIALSECT=Default
IDLETIMEOUT=600
MTU=1460
MRU=1460
NM_CONTROLLED=no

/etc/sysconfig/network-scripts/route-ppp0:
Code Select
default table default dev ppp0

/etc/sysconfig/network-scripts/rule-ppp0:
Code Select
from PPTP_Client_IPv4_Address table default

/etc/ppp/peers/ppp0:
Code Select
pty "/usr/sbin/pptp PPTP_Server_IPv4_Hostname --nobuffer --loglevel 0 --nolaunchpppd"

/etc/ppp/chap-secrets:
Code Select
# Secrets for authentication using CHAP
# client         server       secret     IP addresses
USERNAME%12345   *            VPN_Password

/etc/sysconfig/network-scripts/ifcfg-sit1:
Code Select
TYPE=sit
DEVICETYPE=sit
DEVICE=sit1
BOOTPROTO=none
ONBOOT=no
USERCTL=yes
IPV6INIT=yes
IPV6TUNNELIPV4=IPv6_Tunnel_Server_IPv4_address
IPV6TUNNELIPV4LOCAL=PPTP_Client_IPv4_Address
IPV6ADDR=IPv6_Tunnel_Client_IPv6_address
IPV6_DEFAULTDEV=sit1
IPV6_MTU=1480
NM_CONTROLLED=no

Start VPN and tunnel:
Code Select
ifup ppp0
ifup sit1

Stop VPN and tunnel:
Code Select
ifdown sit1
ifdown ppp0

pptp package should be installed before
Code Select
yum install pptp

evadim

#3
June 27, 2010, 02:43:27 PM Last Edit: July 10, 2011, 02:41:45 AM by evadim
And "Gentoo way" settings:

Code Select
emerge pptpclient
pptpclient depend on ppp and ppp ebuild check kernel options

after install/reconfigure kernel, edit conf.d/net:
Quote from: /etc/conf.d/net
link_ppp0="pty 'pptp  Server IPv4 Hostname --nolaunchpppd --loglevel 0 --nobuffer'"
username_ppp0="user%123456"
password_ppp0="password"
pppd_ppp0="
lock
noauth
persist
nodefaultroute
nobsdcomp
nodeflate
lcp-echo-failure 30
lcp-echo-interval 10
"
rules_ppp0="from Client IPv4 Address table he"
routes_ppp0="default dev ppp0 table he"

modules_he="iptunnel"

depend_he() {
       need net.ppp0
       }

iptunnel_he="mode sit remote Server IPv4 address local Client IPv4 Address ttl 255 dev ppp0"
config_he="Client IPv6 address"
routes_he="::/0 dev he"

create interfaces:
Code Select
# cd /etc/init.d
# ln -s net.lo net.ppp0
# ln -s net.lo net.he


create table
Code Select

echo "200 he" >> /etc/iproute2/rt_tables

done. start tunnel:
Code Select
/etc/init.d/net.he start

test connection:
Code Select
ping6 www.kame.net

UPD: hook was integrated into baselayout2.

jimb

#4
June 27, 2010, 04:36:46 PM
Did they go to baselayout2 yet?  Still masked for me.  Or maybe it's masked unless it's a fresh install or something.  Haven't really looked into this.

evadim

#5
July 01, 2010, 01:17:47 PM
Quote from: jimb on June 27, 2010, 04:36:46 PM
Did they go to baselayout2 yet?  Still masked for me.  Or maybe it's masked unless it's a fresh install or something.  Haven't really looked into this.
No, still masked, but only ~, not hardmasked. Many people upgraded to baselayout2, i upgrade notebook to get fast boot. In the other side - if get hooks from baselayout1 net.example & convert(or not...)
option="foobar"
to
option=( "foobar" )
everything should work

sysgeek

#6
September 07, 2010, 06:35:04 PM
Here is how I'm currently doing my pptp connection and then forwarding my ipv6 traffic through it. I wrote a perl script to automate it as much as possible. :)

Quote
#!/usr/bin/perl

# PPTP Variables
$pptpTunName    = "pptp";
$pptpServer     = "<HE.net pptp server - change me>";
$pptpUsername   = "<HE.net pptp username - change me>";
$pptpPassword   = "<HE.net pptp password - change me>";
$pppIfName   = "ppp0";
# SIT Tunnel Variables
$sitIfName      = "tun0";
$sitRemote      = "<HE.net 6in4 tunnel server - change me>";
$sitLocal       = "<HE.net 6in4 local address - change me>";
$sitIpv6Addr    = "<Local tunnel IPv6 address - change me>";

if($ARGV[0] eq "start") {
       startTun();
} elsif($ARGV[0] eq "stop") {
       stopTun();
} elsif($ARGV[0] eq "restart") {
       stopTun();
       startTun();
} elsif($ARGV[0] eq "setup") {
       pptpSetup();
} elsif($ARGV[0] eq "delete") {
       pptpDelete();
} else {
       commandOptions();
}

sub commandOptions {
       print "$0 [start | stop | restart | setup | delete]\n";
}
sub pptpSetup {
       print "Creating PPTP dial peer.\n";
       `/usr/sbin/pptpsetup --create $pptpTunName --server $pptpServer --username $pptpUsername --password $pptpPassword`;
}
sub pptpDelete {
       print "Deleting PPTP dial peer.\n";
       `/usr/sbin/pptpsetup --delete $pptpTunName`;
}
sub startTun {
       print "Building PPTP enabled IPv6 Tunnel.\n";
       `/usr/sbin/pppd call $pptpTunName`;
       `sleep 1`;
       `ip tunnel add $sitIfName mode sit remote $sitRemote local $sitLocal ttl 255 dev $pppIfName`;
       `ip link set $sitIfName up`;
       `ip addr add $sitIpv6Addr dev $sitIfName`;
       `ip route add ::/0 dev $sitIfName`;
}
sub stopTun {
       print "Tearing down PPTP enabled IPv6 Tunnel.\n";
       `ip route del ::/0 dev $sitIfName`;
       `ip addr del $sitIpv6Addr dev $sitIfName`;
       `ip link set $sitIfName down`;
       `ip tunnel del $sitIfName`;
       `killall pppd`;
}

evadim

#7
July 10, 2011, 02:45:54 AM
Small update to my post about Gentoo, because of stabilisation of OpenRC and Baselayout2.
Print
Go Up Pages1
User actions