I wrote this howto because many of the howto's available do not correctly explain how to configure Fedora for a MS VPN. The following steps should get you up and running. Before we start you'll need to know a few things about your vpn server. The VPN's name, The DNS on the network you're connecting to, and the gateway for the VPN.
You'll need two rpms available from the pptp-client project . Install the pptp-linux rpm and the ppp rpm from this site. This document uses the latest versions of these files as of this writing.
[root@localhost root]# rpm -Uvh ppp-2.4.2_cvs_20040102-1.i386.rpm
[root@localhost root]# rpm -Uvh pptp-linux-1.4.0-1.i386.rpm
Next you'll need to compile a mppe kernel module for your kernel. The necessary files can be found at the Poptop page. You can download precompiled rpms for your kernel, or download the latest tarball of the kernelmod. I recommend getting the tarball. The tarball contains a simple script that will generate rpms for your kernel. This is ideal especially with the speed that fedora releases new kernels. This way you won't be waiting on them to produce a new rpm.
Download the latest kernelmod, and uncompress the tarball.
[root@localhost root]# tar -xzvf kernelmod-0.7.1.tar.gz
Enter the newly created directory and run the kernelmod.sh script.
[root@localhost root]# cd kernelmod
[root@localhost kernelmod]# ./kernelmod.sh
The script compiles and installs a kernel module for mppe support. It will also give you the option of creating an rpm for use on other machines.
Now that you have everything installed you need to create the necessary config files for your vpn connection. Let's start by creating the tunnel file. This is the file that contains the bulk of the information for your vpn. Tunnel files are stored in /etc/ppp/peers/. The name can be whatever you want it to be. In this exmaple I'll just call it tunnel. Create the file /etc/ppp/peers/tunnel. The contents should look like this. * note words in curly braces {} should be substituted with your information.
******/etc/ppp/peers/tunnel***
remotename {domain}
*********eof*****************
linkname {domain}
ipparam {domain}
pty "pptp {vpn.somedomain.com} --nolaunchpppd"
name {domain}\\{username}
usepeerdns
ipcp-accept-remote
require-mschap-v2
noauth
file /etc/ppp/options.pptp
refuse-eap
Next create the /etc/ppp/chap-secrets file.This file should not be readable by anyone but root because it contains your password to the vpn in plain text. You shoud chmod 600 the file to set the permissions.
*********/etc/ppp/chap-secrets***
{domain}\\{username} {domain} {password}
*********eof*********************
[root@localhost ppp]# chmod 600 chap-secrets
Now that everything is configured you should be ready to start your vpn connection. Make sure you have an ip and can ping your vpn server before trying to start the connection. Below shows how to start the connection. Once started you need to set your default gateway to the vpn gateway, and update your /etc/resolv.conf to the correct DNS server for the vpn.
[root@localhost root]# pppd pty 'pptp {vpn.somedomain.com} --nolaunchpppd' call tunnel
[root@localhost root]# route add default gateway {vpn gateway}
Here is a quick way to create the new /etc/resolv.conf
[root@localhost root]# cat /dev/null >> /etc/resolv.conf
[root@localhost root]# echo "nameserver {vpn DNS}" >>/etc/resolv.conf
[root@localhost root]# echo "search {domain}" >>/etc/resolv.conf
At this point you should have a connection to the vpn. /sbin/ifconfig should show your new ip on dev ppp0. I plan on posting a script I've wrote that automates all of this very soon.
-Daniel Owen
FN Site Search
FN Blog Login