How to build a VPN server on eDesktop
Contributor: Vu Pham
- This procedure is tested on Caldera eDesktop 2.4 with one
NIC card, pppd-2.3.8, pptpd-1.0.2 with the assumption that
the internal network will use network 192.168.253/24.
- Download the pptpd server from : http://poptop.lineo.com/ .
- Unzip and compile by using ./configure and make
- Create the file /etc/pptpd.conf with the following
#set the local VPN server address to
#the ip pool for VPN clients in the same
internal network of the VPN server. See note on step
- Create the file /etc/ppp/ppp.conf with the following
# /etc/ppp/options - options for
proxyarp # see note on step 8.
Choose a user name/password for logging in by VPN clients,
put this name and its password into /etc/ppp/chap-secrets:
- Turn on IP Forwarding by using coastool or by setting
/proc/sys/net/ipv4/ip_forward to 1.
- Set the first NIC card address to 192.168.253.1 . (Note:
this ip address may or may not match the one of the VPN
server as declaring in step 3).
Set the second ip address of the nic card to a real ip
address. This real ip address is the one that the VPN
clients will need to authenticate their vpn connections.
The following command may be added to
ifconfig eth0:1 real-ip-address netmask
Note: if the real ip address is the first one on the
nic card ( eth0 ), and the internal ip address the
2nd one ( eth0:1 ), proxyarp will not work, and
the following error will be logged in syslog file
Jan 26 11:56:03 java pppd: found interface
eth0:1 for proxy arp
Jan 26 11:56:03 java pppd: ioctl(SIOCSARP): No
ProxyARP helps all other local machines on the same LAN
with the VPN server (the machines with ip addresses
192.168.253.x in our example) can be seen by VPN clients as
if the VPN clients on the same local network.
- Create a rc file S99vpn in /etc/rc.d/rc3.d to start the
daemon, and don?t forget to change its mode to be
- Make an entry in /etc/syslog.conf for facility
daemon, and level debug.
If necessary we may build a dns server for the internal
network so that we can access the internal systems by name
rather than by ip address. If so, we need to add the
following entry into /etc/ppp/options: