PPTP Notes

January 22nd, 2007

PPTP install guide for Gentoo Linux

Step 1) Kernel Device Drivers --> Networking Support --> Networking options --> <M> IP: GRE tunnels over IP

Kernel 2.6.15+:

Device Drivers ---> Network device support ---> <M> PPP (point-to-point protocol) support <M> PPP support for async serial ports <M> PPP support for sync tty ports <M> PPP Deflate compression <M> PPP BSD-Compress compression <M> PPP MPPE compression (encryption) (EXPERIMENTAL) Cryptographic options ---> [*] Cryptographic API [*] HMAC support <M> MD5 digest algorithm <M> SHA1 digest algorithm #this one is required <M> SHA256 digest algorithm <M> SHA384 and SHA512 digest algorithms <M> DES and Triple DES EDE cipher algorithms ####this one is commonplace too (recommended) <M> ARC4 cipher algorithm #this one is required

Step 3)

Add the following modules to /etc/modules.autoload.d/kernel-2.6













Step 4) Emerge! :)

emerge net-dialup/pptpd

Step 5) Recompile the kernel, edit bootloader configuration, and reboot!

Step 6) configuration

We'll add more to this once we refine our configuration. However, the core files are /etc/pptpd.conf and the files in /etc/ppp/

Note: /etc/ppp/chap-secrets stores passwords in CLEAR TEXT! CONSIDER YOURSELF WARNED. chmod 0600 /etc/ppp/chap-secrets to ensure some level of security. :x

Step 7) Firewall Configuration

These are the lines we used for our firewall (see our office topology to better understand if these will work in your situation):

iptables -A INPUT -p tcp -i ${WAN} --dport 1723 -j ACCEPT

iptables -A INPUT -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

iptables -A INPUT -p 47 -j ACCEPT

NOTE: Adjust -i ${WAN} for the interface you'd like connections to come in on.

Step 8) Start PPTP

/etc/init.d/pptpd start

Step 9) Attempt to connect with a remote machine!

Windows XP: Network Connections -> Create a new connection -> Next -> Connect to the network at my workplace -> Virtual Private Network connection -> Company Name (input: Savonix) -> If you have another connection setup, this screen will ask you if you'd like to automatically dial an inital connection. You should not have to do this in most cases unless your machine is configured for corporate use. Select "Do not dial the inital connection" -> Hostname -> This will finish it up. -> The connection will be in your Network places, select it and enter in your provided UserID and password then hit connect! -> Welcome to our network.


  • /etc/ppp/chap-secrets stores passwords in plain text. This is not good for many reasons. One option could
  • You could authenticate pptp clients via radius, which has a myriad of plugins to user storage facilities, such as MySQL.
  • Another alternative to this, would be to use Apache + mod_dav + ssl to provide cross-platform secure file shares. See Apache Documentation.

External Links

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022