• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

HOWTO: use PPTP tunnel without adding a default route to it

Started by mthode, May 28, 2010, 03:57:03 PM

Previous topic - Next topic

mthode

Kernel config:
zgrep IP_MULTIPLE_TABLES < /proc/config.gz
that needs to return 'IP_MULTIPLE_TABLES=y'

PPTP config:
/etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client server secret IP addresses
user_name label SECRET_PASS *

The user_name is your user name from HE.
The label is whatever you want to call your tunnel.
SECRET_PASS is the pass you set for the tunnel from HE.

/etc/ppp/peers/[label]   (use the name of whatever you called your tunnel)
pty "pptp tunnel_server --nolaunchpppd"
name user_name
remotename he.net
file /etc/ppp/options.label

The tunnel_server is the server you connect to at HE.
The user_name is your user name from HE.
The remote name is the name of your tunnel.
The file option is the file you use for your tunnel specific settings.  Change the label to what you used up in /etc/ppp/chap-secrets.

/etc/ppp/options.label
lock
noauth
persist
nodefaultroute
mtu 1400
mru 1400
nobsdcomp
nodeflate
lcp-echo-failure 30
lcp-echo-interval 10


Add the following to /etc/ppp/ip-up
echo "1 admin" >> /etc/iproute2/rt_tables
ip route add default dev ppp0 table admin
ip rule add from your_ip_from_he table admin

The your_ip_from_he needs to be the IP that HE is routing to you.

Add the following to /etc/ppp/ip-down
ip rule del from your_ip_from_he table admin
ip route del default dev ppp0 table admin
sed "/1 admin/d" /etc/iproute2/rt_tables

The your_ip_from_he needs to be the IP that HE is routing to you.


After all this is done, all you need to do is the following
pon label
poff label
The label is whatever you called your tunnel in /etc/ppp/chap-secrets and the peers file.

*edit: corrected title and added some options

jimb

#1
Yep.  Policy routing is the only way I can really think of doing this.  But I think life would be easier if they gave the PPTP server a different IPv4 than the tunnel server.    :-\

homeipv6

#2
Thanks. This really helpful.
In Red Hat based distros VPN and IPv6 tunnel can be configured with files:

/etc/sysconfig/network-scripts/ifcfg-ppp0:
TYPE=Modem
DEVICE=ppp0
BOOTPROTO=dialup
ONBOOT=no
USERCTL=yes
PEERDNS=no
DEFROUTE=no
PERSIST=yes
DEMAND=no
PAPNAME="USERNAME%12345"
PPPOPTIONS='novj novjccomp nobsdcomp nodeflate lcp-max-failure 0'
IPV6INIT=no
WVDIALSECT=Default
IDLETIMEOUT=600
MTU=1460
MRU=1460
NM_CONTROLLED=no


/etc/sysconfig/network-scripts/route-ppp0:
default table default dev ppp0

/etc/sysconfig/network-scripts/rule-ppp0:
from PPTP_Client_IPv4_Address table default

/etc/ppp/peers/ppp0:
pty "/usr/sbin/pptp PPTP_Server_IPv4_Hostname --nobuffer --loglevel 0 --nolaunchpppd"

/etc/ppp/chap-secrets:
# Secrets for authentication using CHAP
# client         server       secret     IP addresses
USERNAME%12345   *            VPN_Password


/etc/sysconfig/network-scripts/ifcfg-sit1:
TYPE=sit
DEVICETYPE=sit
DEVICE=sit1
BOOTPROTO=none
ONBOOT=no
USERCTL=yes
IPV6INIT=yes
IPV6TUNNELIPV4=IPv6_Tunnel_Server_IPv4_address
IPV6TUNNELIPV4LOCAL=PPTP_Client_IPv4_Address
IPV6ADDR=IPv6_Tunnel_Client_IPv6_address
IPV6_DEFAULTDEV=sit1
IPV6_MTU=1480
NM_CONTROLLED=no


Start VPN and tunnel:
ifup ppp0
ifup sit1


Stop VPN and tunnel:
ifdown sit1
ifdown ppp0


pptp package should be installed before
yum install pptp

evadim

And "Gentoo way" settings:

emerge pptpclient
pptpclient depend on ppp and ppp ebuild check kernel options

after install/reconfigure kernel, edit conf.d/net:
Quote from: /etc/conf.d/net
link_ppp0="pty 'pptp  Server IPv4 Hostname --nolaunchpppd --loglevel 0 --nobuffer'"
username_ppp0="user%123456"
password_ppp0="password"
pppd_ppp0="
lock
noauth
persist
nodefaultroute
nobsdcomp
nodeflate
lcp-echo-failure 30
lcp-echo-interval 10
"
rules_ppp0="from Client IPv4 Address table he"
routes_ppp0="default dev ppp0 table he"

modules_he="iptunnel"

depend_he() {
       need net.ppp0
       }

iptunnel_he="mode sit remote Server IPv4 address local Client IPv4 Address ttl 255 dev ppp0"
config_he="Client IPv6 address"
routes_he="::/0 dev he"

create interfaces:
# cd /etc/init.d
# ln -s net.lo net.ppp0
# ln -s net.lo net.he


create table

echo "200 he" >> /etc/iproute2/rt_tables

done. start tunnel:
/etc/init.d/net.he start

test connection:
ping6 www.kame.net

UPD: hook was integrated into baselayout2.

jimb

Did they go to baselayout2 yet?  Still masked for me.  Or maybe it's masked unless it's a fresh install or something.  Haven't really looked into this.

evadim

Quote from: jimb on June 27, 2010, 04:36:46 PM
Did they go to baselayout2 yet?  Still masked for me.  Or maybe it's masked unless it's a fresh install or something.  Haven't really looked into this.
No, still masked, but only ~, not hardmasked. Many people upgraded to baselayout2, i upgrade notebook to get fast boot. In the other side - if get hooks from baselayout1 net.example & convert(or not...)
option="foobar"
to
option=( "foobar" )
everything should work

sysgeek

Here is how I'm currently doing my pptp connection and then forwarding my ipv6 traffic through it. I wrote a perl script to automate it as much as possible. :)

Quote
#!/usr/bin/perl

# PPTP Variables
$pptpTunName    = "pptp";
$pptpServer     = "<HE.net pptp server - change me>";
$pptpUsername   = "<HE.net pptp username - change me>";
$pptpPassword   = "<HE.net pptp password - change me>";
$pppIfName   = "ppp0";
# SIT Tunnel Variables
$sitIfName      = "tun0";
$sitRemote      = "<HE.net 6in4 tunnel server - change me>";
$sitLocal       = "<HE.net 6in4 local address - change me>";
$sitIpv6Addr    = "<Local tunnel IPv6 address - change me>";

if($ARGV[0] eq "start") {
       startTun();
} elsif($ARGV[0] eq "stop") {
       stopTun();
} elsif($ARGV[0] eq "restart") {
       stopTun();
       startTun();
} elsif($ARGV[0] eq "setup") {
       pptpSetup();
} elsif($ARGV[0] eq "delete") {
       pptpDelete();
} else {
       commandOptions();
}

sub commandOptions {
       print "$0 [start | stop | restart | setup | delete]\n";
}
sub pptpSetup {
       print "Creating PPTP dial peer.\n";
       `/usr/sbin/pptpsetup --create $pptpTunName --server $pptpServer --username $pptpUsername --password $pptpPassword`;
}
sub pptpDelete {
       print "Deleting PPTP dial peer.\n";
       `/usr/sbin/pptpsetup --delete $pptpTunName`;
}
sub startTun {
       print "Building PPTP enabled IPv6 Tunnel.\n";
       `/usr/sbin/pppd call $pptpTunName`;
       `sleep 1`;
       `ip tunnel add $sitIfName mode sit remote $sitRemote local $sitLocal ttl 255 dev $pppIfName`;
       `ip link set $sitIfName up`;
       `ip addr add $sitIpv6Addr dev $sitIfName`;
       `ip route add ::/0 dev $sitIfName`;
}
sub stopTun {
       print "Tearing down PPTP enabled IPv6 Tunnel.\n";
       `ip route del ::/0 dev $sitIfName`;
       `ip addr del $sitIpv6Addr dev $sitIfName`;
       `ip link set $sitIfName down`;
       `ip tunnel del $sitIfName`;
       `killall pppd`;
}

evadim

Small update to my post about Gentoo, because of stabilisation of OpenRC and Baselayout2.