Step 1) Kernel Device Drivers --> Networking Support --> Networking options --> <M> IP: GRE tunnels over IP
Kernel 2.6.15+:
Device Drivers ---> Network device support ---> <M> PPP (point-to-point protocol) support <M> PPP support for async serial ports <M> PPP support for sync tty ports <M> PPP Deflate compression <M> PPP BSD-Compress compression <M> PPP MPPE compression (encryption) (EXPERIMENTAL) Cryptographic options ---> [*] Cryptographic API [*] HMAC support <M> MD5 digest algorithm <M> SHA1 digest algorithm #this one is required <M> SHA256 digest algorithm <M> SHA384 and SHA512 digest algorithms <M> DES and Triple DES EDE cipher algorithms ####this one is commonplace too (recommended) <M> ARC4 cipher algorithm #this one is required
Step 3)
Add the following modules to /etc/modules.autoload.d/kernel-2.6
ppp_synctty
ppp_async
crc_ccitt
ppp_async
ppp_generic
ppp_synctty
ppp_async
slhc
arc4
md5
sha1
ppp_mppe
Step 4) Emerge! :)
emerge net-dialup/pptpd
Step 5) Recompile the kernel, edit bootloader configuration, and reboot!
Step 6) configuration
We'll add more to this once we refine our configuration. However, the core files are /etc/pptpd.conf and the files in /etc/ppp/
Note: /etc/ppp/chap-secrets stores passwords in CLEAR TEXT! CONSIDER YOURSELF WARNED. chmod 0600 /etc/ppp/chap-secrets to ensure some level of security. :x
Step 7) Firewall Configuration
These are the lines we used for our firewall (see our office topology to better understand if these will work in your situation):
iptables -A INPUT -p tcp -i ${WAN} --dport 1723 -j ACCEPT
iptables -A INPUT -p 47 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p 47 -j ACCEPT
NOTE: Adjust -i ${WAN} for the interface you'd like connections to come in on.
Step 8) Start PPTP
/etc/init.d/pptpd start
Step 9) Attempt to connect with a remote machine!
Windows XP: Network Connections -> Create a new connection -> Next -> Connect to the network at my workplace -> Virtual Private Network connection -> Company Name (input: Savonix) -> If you have another connection setup, this screen will ask you if you'd like to automatically dial an inital connection. You should not have to do this in most cases unless your machine is configured for corporate use. Select "Do not dial the inital connection" -> Hostname stoughton.savonix.com -> This will finish it up. -> The connection will be in your Network places, select it and enter in your provided UserID and password then hit connect! -> Welcome to our network.
Notes
External Links
http://www.frontios.com/freeradius.html
http://www.phparchitecture.com/howto_show.php?id=3
http://www.maclive.net/sid/132