Linux, VPN and WindowsXP

I was forced to build some VPN (virtual private network)… I examined all my available documentation, did all RTFM and consulted with some gurus from local unix newsgroup.

I selected first available VPN type: PPTP. I am using Linux Debian stable on local servers. As server is running for a long time, the system was “old” stable version. So simple command “apt-get install pptd” didn’t work. There were lots of problems and missing components. So I selected other method- in some trash I picked up old Fujitsu Siemens computer. It very small, pizza box size computer with Pentium III cpu with integrated video, lan, sound and etc. I added two additional realtek ethernet boards to make “router” look cooler. If everything will be working fine, I’ll transfer stuff to real server.

VPN windows settings
Here are just illustration: screenshots of WindowsXP VPN configuration screens.

I downloaded and installed latest stable Debian. It was “etch”. All devices were installed without any problem. I installed only “base system” as I like to install all needed stuff by myself.

apt-get install mc iptraf lynx ssh

I like these programs, so I installed them. Especially “mc” as I love old style, norton-alike file manager.

Now, when we have mc, we can explore /etc/apt/sources.list and add some lines:

deb http://firewall-jay.sourceforge.net/debian/ ./

Now we can install somae basic, user friendly firewall. And we don’t need to learn iptables. It is a pitty, that jay’s firewall is abandoned product.

apt-get install firewall-jay

Do not forget to run:

firewall-config.pl

After all these procedures we can install that damn pptd… But suddenly I noticed, that eth1 is not working properly. I replaced with another realtek card and … resource conflict. I was very angry and removed all realtek cards and replaced them all with trusted old 3Com… Rebooted system and my Linux invented… eth3. Need to repear this ghost LAN interfaces. But work day is finished… I took computer to home. Thanks it is so small. At home I was too lazy to begin searching for problems, so I just reinstalled system and everything is fine. I installed ppdp, configured it and it seams to be working. So I decided to transfer everything… I think I was too tired and I made main mistake in remote server administration…

I replaced apt sources in main server…

apt-get update

apt-get dist-upgrade
reboot

Everything is working. Maybe because I was not too far from server. Next day I experimented with variuos settings of VPN… And I can’t connent to VPN from LAN, but from home I can connect it without any problem. All days I was fucking with RTFM and experimenting. It was late and I again transfered my experiments to home. Everything is working fine, but without encryption. Here is my config files:

/etc/pptpd.conf file:
ppp /usr/sbin/pppd
option /etc/ppp/pptpd-options
debug
localip 192.168.2.253
remoteip 192.168.2.214-225

/etc/ppp/pptpd-options file:
name pptpd
logfile /var/log/pptpd.log
refuse-pap
refuse-chap
refuse-mschap
refuse-eap
require-mschap-v2
# require-mppe-40
# require-mppe-128
proxyarp
nodefaultroute
lock
nobsdcomp

/etc/ppp/chap-secrets file:
vartotojas pptpd "slaptazodis" *

Now I trnasfered all my /dev/brains to encoding problems. After reading some manuals and web pages I decided, that my default 2.4 kernel didn’t support encoding. I need to insert kernel module or just replace kernel with new one. Any from 2.6 series. I was too tired and made same mistake again…

apt-get install kernel-image-2.6-18-686 (or something like this)
reboot (I forgot to made woodoo movements)

and… nothing. I can not reach main company server anymore. It was fine, that it is summer time, I evenings are sunny. I jumped to my car and went back to my workplace. I switch on monitor, and see login promt. Everything is working. Login, root, password, ping to internal interfaces- they replied. Ping to DNS and nothing… After some experiments I found that new kernel enumerated all my eth in other way, so all cards mixed up. So all IP’s, firewall rules and all other stuff mixed up. I quickly rebooted system back to old kernel… routing is working, everything is fine… but I noticed some error on screen that MySQL is not working. I checked the logs- they are empty. What a hell is going on? … /var/ is full! This is my error, I filled var with various stuff and forgot to cleanup.

Now I sit at home and think how to make my life brighter. Maybe replace realtek cards with 3Com in main router? ­čÖé

BTW, if you like webmin, here is small instruction how to install it to Debian system. (dont forget to install: apt-get install apache2 and php before):

Just add this line to sources.list:
deb http://download.webmin.com/download/repository sarge contrib

and

apt-get install webmin

The End.

About Administrator

I am owner of this site.
This entry was posted in Anything. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *