Linux Step By Steps

How to build a VPN server on eDesktop 2.4

Contributor:    Vu Pham

This procedure is tested on Caldera eDesktop 2.4 with one NIC card, pppd-2.3.8, pptpd-1.0.2 with the assumption that the internal network will use network 192.168.253/24.
  1. Download the pptpd server from : http://poptop.lineo.com/ .
     
  2. Unzip and compile by using ./configure and make install.
     
  3. Create the file /etc/pptpd.conf with the following lines
    #set the local VPN server address to 192.168.253.1
    localip 192.168.253.1
    #the ip pool for VPN clients in the same internal network of the VPN server. See note on step 8.
    remoteip 192.168.253.101-150
     
  4. Create the file /etc/ppp/ppp.conf with the following lines
    # /etc/ppp/options - options for pppd
    debug
    name vpn-server-name
    auth
    require-chap
    proxyarp # see note on step 8.
     
  5. Choose a user name/password for logging in by VPN clients, put this name and its password into /etc/ppp/chap-secrets:
    #client server secret address
    vpn-user vpn-server-name vpnpassword *

  6. Turn on IP Forwarding by using coastool or by setting /proc/sys/net/ipv4/ip_forward to 1.
     
  7. Set the first NIC card address to 192.168.253.1 . (Note: this ip address may or may not match the one of the VPN server as declaring in step 3).
     
  8. Set the second ip address of the nic card to a real ip address. This real ip address is the one that the VPN clients will need to authenticate their vpn connections. The following command may be added to /etc/rc.d/rc.local
    ifconfig eth0:1 real-ip-address netmask netmask-for-real-ip-address

    Note: if the real ip address is the first one on the nic card ( eth0 ), and the internal ip address the 2nd one ( eth0:1 ), proxyarp will not work, and the following error will be logged in syslog file

    Jan 26 11:56:03 java pppd[6664]: found interface eth0:1 for proxy arp
    Jan 26 11:56:03 java pppd[6664]: ioctl(SIOCSARP): No such device(19)

    ProxyARP helps all other local machines on the same LAN with the VPN server (the machines with ip addresses 192.168.253.x in our example) can be seen by VPN clients as if the VPN clients on the same local network.
     

  9. Create a rc file S99vpn in /etc/rc.d/rc3.d to start the daemon, and don?t forget to change its mode to be executable.
    #!/bin/sh
    /usr/local/sbin/pptpd
     
  10. Make an entry in /etc/syslog.conf for facility daemon, and level debug.
     
  11. If necessary we may build a dns server for the internal network so that we can access the internal systems by name rather than by ip address. If so, we need to add the following entry into /etc/ppp/options:
    ms-dns internal-dns-server
    ms-dns external-dns-server
     

    BACK TO NETWORKING