LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/VPN-HOWTO/x459.html

297 lines
5.0 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Server: Configure pppd
</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="VPN HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Implementation"
HREF="implemenetation.html"><LINK
REL="PREVIOUS"
TITLE="Server: Configure Networking"
HREF="x425.html"><LINK
REL="NEXT"
TITLE="Server: Configure sshd
"
HREF="x492.html"></HEAD
><BODY
CLASS="sect1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>VPN HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="x425.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. Implementation</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="x492.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="sect1"
><H1
CLASS="sect1"
><A
NAME="AEN459">5.5. Server: Configure <B
CLASS="command"
>pppd</B
></H1
><P
>&#13;Now we will configure pppd on the server to handle VPN connections. If
you are already using this server to handle dialup users or even dialing
out yourself, then you should note that these changes may affect those
services. I go over how to avoid conflicts at the end of this section.
</P
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN463">5.5.1. <TT
CLASS="filename"
>/etc/ppp/</TT
></H2
><P
>&#13;This directory may contain a number of files. You probably already
have a file called <TT
CLASS="filename"
>options</TT
>. This file holds all of the global
options for <B
CLASS="command"
>pppd</B
>. These options cannot be overridden by <B
CLASS="command"
>pppd</B
> on the
command line.
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN470">5.5.2. <TT
CLASS="filename"
>/etc/ppp/options</TT
></H2
><P
>&#13;Your <TT
CLASS="filename"
>options</TT
> file should contain at least the following:
</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;ipcp-accept-local
ipcp-accept-remote
proxyarp
noauth
</PRE
></FONT
></TD
></TR
></TABLE
><P
>&#13;The first two lines tell <B
CLASS="command"
>pppd</B
> to accept what the other end specifies
for IP addresses. This is necessary when hooking up remote offices, but can
be disabled if you are only connecting home users. It's okay to leave it on, as
it does not prevent the server from assigning addresses, it only says it that
it's okay to accept what the client asks for.
</P
><P
>&#13;The third line is very important. From the <B
CLASS="command"
>pppd</B
> man page:
</P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="screen"
>&#13;proxyarp
Add an entry to this system's ARP [Address Resolu-
tion Protocol] table with the IP address of the
peer and the Ethernet address of this system. This
will have the effect of making the peer appear to
other systems to be on the local ethernet.
</PRE
></FONT
></TD
></TR
></TABLE
><P
>&#13;This is important because if it is not done, local traffic will not be able
to get back through the tunnel.
</P
><P
>&#13;The last line is just as important. This tells <B
CLASS="command"
>pppd</B
> to allow
connections without username and password. This is safe since authentication
is already handled by <B
CLASS="command"
>sshd</B
>.
</P
></DIV
><DIV
CLASS="sect2"
><H2
CLASS="sect2"
><A
NAME="AEN485">5.5.3. Avoiding conflicts</H2
><P
>&#13;If you are handling other services with <B
CLASS="command"
>pppd</B
>, you should
consider that the configurations for these other services may not be the
same as what the VPN system needs. <B
CLASS="command"
>pppd</B
> is designed such that
the options in the main options file <TT
CLASS="filename"
>/etc/ppp/options</TT
> cannot be
overridden by options specified at runtime. This is done for security
reasons. In order to avoid conflict, determine which options cause the
conflict, and move them from the main file into a separate options file
that is loaded when the appropriate application of <TT
CLASS="filename"
>pppd</TT
> is run.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="x425.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="x492.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Server: Configure Networking</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="implemenetation.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Server: Configure <B
CLASS="command"
>sshd</B
></TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink