297 lines
5.0 KiB
HTML
297 lines
5.0 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Server: Configure pppd
|
|
</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
|
|
"><LINK
|
|
REL="HOME"
|
|
TITLE="VPN HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Implementation"
|
|
HREF="implemenetation.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Server: Configure Networking"
|
|
HREF="x425.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Server: Configure sshd
|
|
"
|
|
HREF="x492.html"></HEAD
|
|
><BODY
|
|
CLASS="sect1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>VPN HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x425.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 5. Implementation</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="x492.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="sect1"
|
|
><H1
|
|
CLASS="sect1"
|
|
><A
|
|
NAME="AEN459">5.5. Server: Configure <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
></H1
|
|
><P
|
|
> Now we will configure pppd on the server to handle VPN connections. If
|
|
you are already using this server to handle dialup users or even dialing
|
|
out yourself, then you should note that these changes may affect those
|
|
services. I go over how to avoid conflicts at the end of this section.
|
|
</P
|
|
><DIV
|
|
CLASS="sect2"
|
|
><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN463">5.5.1. <TT
|
|
CLASS="filename"
|
|
>/etc/ppp/</TT
|
|
></H2
|
|
><P
|
|
> This directory may contain a number of files. You probably already
|
|
have a file called <TT
|
|
CLASS="filename"
|
|
>options</TT
|
|
>. This file holds all of the global
|
|
options for <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
>. These options cannot be overridden by <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
> on the
|
|
command line.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect2"
|
|
><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN470">5.5.2. <TT
|
|
CLASS="filename"
|
|
>/etc/ppp/options</TT
|
|
></H2
|
|
><P
|
|
> Your <TT
|
|
CLASS="filename"
|
|
>options</TT
|
|
> file should contain at least the following:
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> ipcp-accept-local
|
|
ipcp-accept-remote
|
|
proxyarp
|
|
noauth
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> The first two lines tell <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
> to accept what the other end specifies
|
|
for IP addresses. This is necessary when hooking up remote offices, but can
|
|
be disabled if you are only connecting home users. It's okay to leave it on, as
|
|
it does not prevent the server from assigning addresses, it only says it that
|
|
it's okay to accept what the client asks for.
|
|
</P
|
|
><P
|
|
> The third line is very important. From the <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
> man page:
|
|
</P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="screen"
|
|
> proxyarp
|
|
Add an entry to this system's ARP [Address Resolu-
|
|
tion Protocol] table with the IP address of the
|
|
peer and the Ethernet address of this system. This
|
|
will have the effect of making the peer appear to
|
|
other systems to be on the local ethernet.
|
|
</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><P
|
|
> This is important because if it is not done, local traffic will not be able
|
|
to get back through the tunnel.
|
|
</P
|
|
><P
|
|
> The last line is just as important. This tells <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
> to allow
|
|
connections without username and password. This is safe since authentication
|
|
is already handled by <B
|
|
CLASS="command"
|
|
>sshd</B
|
|
>.
|
|
</P
|
|
></DIV
|
|
><DIV
|
|
CLASS="sect2"
|
|
><H2
|
|
CLASS="sect2"
|
|
><A
|
|
NAME="AEN485">5.5.3. Avoiding conflicts</H2
|
|
><P
|
|
> If you are handling other services with <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
>, you should
|
|
consider that the configurations for these other services may not be the
|
|
same as what the VPN system needs. <B
|
|
CLASS="command"
|
|
>pppd</B
|
|
> is designed such that
|
|
the options in the main options file <TT
|
|
CLASS="filename"
|
|
>/etc/ppp/options</TT
|
|
> cannot be
|
|
overridden by options specified at runtime. This is done for security
|
|
reasons. In order to avoid conflict, determine which options cause the
|
|
conflict, and move them from the main file into a separate options file
|
|
that is loaded when the appropriate application of <TT
|
|
CLASS="filename"
|
|
>pppd</TT
|
|
> is run.
|
|
</P
|
|
></DIV
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x425.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="x492.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Server: Configure Networking</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="implemenetation.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Server: Configure <B
|
|
CLASS="command"
|
|
>sshd</B
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |