{"id":65,"date":"2017-10-02T12:06:48","date_gmt":"2017-10-02T05:06:48","guid":{"rendered":"http:\/\/blog.littlega.com\/?p=65"},"modified":"2017-10-02T12:06:48","modified_gmt":"2017-10-02T05:06:48","slug":"how-to-connect-to-pptp-from-command-line","status":"publish","type":"post","link":"https:\/\/blog.littlega.com\/?p=65","title":{"rendered":"How to Connect to PPTP from Command Line"},"content":{"rendered":"<h3>Compatibility note<\/h3>\n<p>I\u00e2\u20ac\u2122ve tested instructions and pptp on:<br \/>\n[a] CentOS \/ RHEL \/ Fedora Core Linux running 2.6.15+ kernel<br \/>\n[b] Ubuntu and Debian Linux running 2.6.15+ kernel<br \/>\n[c] FreeBSD etc<\/p>\n<p>I\u2019ve found that pptp client is 100% compatible with the following servers\/products:<br \/>\n[a] Microsoft Windows VPN Server<br \/>\n[b] Linux PPTP Server<br \/>\n[c] Cisco PIX etc<\/p>\n<h3>How do I install PPTP client under Linux?<\/h3>\n<p>By default most distro installs PPTP client called PPTP-linux which is the client for the proprietary Microsoft Point-to-Point Tunneling. Use apt-get or yum command to install pptp client:<br \/>\n<code>$ sudo apt-get install pptp-linux network-manager-pptp<\/code><br \/>\nFedora Core user can install client using rpm command:<br \/>\n<code># rpm -Uvh http:\/\/pptpclient.sourceforge.net\/yum\/stable\/fc6\/pptp-release-current.noarch.rpm<br \/>\n# yum --enablerepo=pptp-stable install pptpconfig<br \/>\n<\/code><\/p>\n<p>[a]<strong>\u00a0network-manager-pptp<\/strong>\u00a0or\u00a0<strong>pptpconfig<\/strong>\u00a0\u2013 A gui network management framework (PPTP plugin) for network-admin tool (frontend)<br \/>\n[b]\u00a0<strong>pptp-linux<\/strong>\u00a0\u2013 Point-to-Point Tunneling Protocol (PPTP) command line client<\/p>\n<h3>How do I configure client using command line (cli)?<\/h3>\n<p>You need to edit \/ create following configuration files<\/p>\n<ul>\n<li><strong>\/etc\/ppp\/chap-secrets<\/strong>\u00a0\u2013 Add your login name \/ password for authentication using CHAP. Pppd stores secrets for use in authentication in secrets files.<\/li>\n<li><strong>\/etc\/ppp\/peers\/myvpn-name<\/strong>\u00a0\u2013 A dialup connection authenticated with PAP \/ CHAP configuration file. You need to add your dialup server name and other information in this file.<\/li>\n<\/ul>\n<h3>Sample configuration data<\/h3>\n<ol>\n<li>PPTP server name: pptp.vpn.nixcraft.com<\/li>\n<li>VPN User Name : vivek<\/li>\n<li>VPN Password: VpnPassword<\/li>\n<li>Connection name: delhi-idc-01<\/li>\n<\/ol>\n<p>Open \/etc\/ppp\/chap-secrets file:<br \/>\n<code># vi \/etc\/ppp\/chap-secrets<\/code><br \/>\nOR<br \/>\n<code>$ sudo vi \/etc\/ppp\/chap-secrets<\/code><br \/>\nAppend line as follows:<br \/>\n<code>vivek PPTP VpnPassword *<\/code><\/p>\n<p>Save and close the file.<\/p>\n<p>Create a connection file called \/etc\/ppp\/peers\/delhi-idc-01 (replace delhi-idc-01 with your connection name such as office or vpn):<br \/>\n<code># vi \/etc\/ppp\/peers\/delhi-idc-01<\/code><br \/>\nAppend configuration data as follows:<br \/>\n<code>pty \"pptp pptp.vpn.nixcraft.com --nolaunchpppd\"<br \/>\nname vivek<br \/>\nremotename PPTP<br \/>\nrequire-mppe-128<br \/>\nfile \/etc\/ppp\/options.pptp<br \/>\nipparam delhi-idc-01<br \/>\n<\/code><\/p>\n<p>Close and save the file. Where,<\/p>\n<ul>\n<li><strong>pty \u201cpptp pptp.vpn.nixcraft.com \u2013nolaunchpppd\u201d<\/strong>: Specifies that the command script is to be used to communicate rather than a specific terminal device. Pppd will allocate itself a pseudo-tty master\/slave pair and use the slave as its terminal device. The script will be run in a child process with the pseudo-tty master as its standard input and output. An explicit device name may not be given if this option is used. (Note: if the record option is used in conjunction with the pty option, the child process will have pipes on its standard input and output.). In this case we are using pptp client to establishes the client side of a Virtual Private Network (VPN) using the Point-to-Point Tunneling Protocol (PPTP). pptp.vpn.nixcraft.com is my host name (or IP address) for the PPTP server. \u2013nolaunchpppd option means do not launch pppd but use stdin as the network connection. Use this flag when including pptp as a pppd connection process using the pty option.<\/li>\n<li><strong>name vivek<\/strong>: VPN username<\/li>\n<li><strong>remotename PPTP<\/strong>: Set the assumed name of the remote system for authentication purposes to name. If you don\u2019t know name ask to network administrator<\/li>\n<li><strong>require-mppe-128<\/strong>: Require the use of MPPE, with 128-bit encryption. You must encrypt traffic using encryption.<\/li>\n<li><strong>file \/etc\/ppp\/options.pptp<\/strong>: Read and apply all pppd options from options.pptp file. Options used by PPP when a connection is made by a PPTP client.<\/li>\n<li><strong>ipparam delhi-idc-01<\/strong>\u00a0: Provides an extra parameter to the ip-up, ip-pre-up and ip-down scripts (optional).<\/li>\n<\/ul>\n<h3>Route traffic via ppp0<\/h3>\n<p>To route traffic via PPP0 interface add following route command to \/etc\/ppp\/ip-up.d\/route-traffic<br \/>\n<code># vi \/etc\/ppp\/ip-up.d\/route-traffic<\/code><br \/>\nAppend following sample code (modify NET an IFACE as per your requirments):<br \/>\n<code>#!\/bin\/bash<br \/>\nNET=\"10.0.0.0\/8\" # set me<br \/>\nIFACE=\"ppp0\" # set me<br \/>\n#IFACE=$1<br \/>\nroute add -net ${NET} dev ${IFACE}<\/code><\/p>\n<p>\/sbin\/iptables -F<br \/>\n\/sbin\/iptables -X<br \/>\n\/sbin\/iptables -t nat -F<br \/>\n\/sbin\/iptables -t nat -X<br \/>\n\/sbin\/iptables -t mangle -F<br \/>\n\/sbin\/iptables -t mangle -X<br \/>\n\/sbin\/iptables -P INPUT ACCEPT<br \/>\n\/sbin\/iptables -P OUTPUT ACCEPT<br \/>\n\/sbin\/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE<br \/>\n\/sbin\/iptables -A FORWARD -i ppp0 -o enp0s3 -m state &#8211;state RELATED,ESTABLISHE$<br \/>\n\/sbin\/iptables -A FORWARD -i enp0s3 -o ppp0 -j ACCEPT<br \/>\nip route del default dev enp0s3<br \/>\nip route add default dev ppp0<\/p>\n<p><code><\/code><br \/>\nSave and close the file:<br \/>\n<code># chmod +x \/etc\/ppp\/ip-up.d\/route-traffic<\/code><\/p>\n<h3>Task: connect to PPTP server<\/h3>\n<p>Now you need to dial out to your office VPN server. This is the most common use of pppd. This can be done with a command such as:<br \/>\n<code># pppd call delhi-idc-01<\/code><br \/>\nIf everything is went correctly you should be online and ppp0 should be up. Remote server will assign IP address and other routing information. Here is the message from my \/var\/log\/messages file:<br \/>\n<code># tail -f \/var\/log\/messages<\/code><br \/>\nOutput:<\/p>\n<pre>Jun 11 23:38:00 vivek-desktop pppd[30088]: pppd 2.4.4 started by root, uid 0\r\nJun 11 23:38:00 vivek-desktop pppd[30088]: Using interface ppp0\r\nJun 11 23:38:00 vivek-desktop pppd[30088]: Connect: ppp0 &lt;--&gt; \/dev\/pts\/4\r\nJun 11 23:38:03 vivek-desktop pppd[30088]: CHAP authentication succeeded\r\nJun 11 23:38:03 vivek-desktop kernel: [37415.524398] PPP MPPE Compression module registered\r\nJun 11 23:38:03 vivek-desktop pppd[30088]: MPPE 128-bit stateless compression enabled\r\nJun 11 23:38:05 vivek-desktop pppd[30088]: local  IP address 10.5.3.44\r\nJun 11 23:38:05 vivek-desktop pppd[30088]: remote IP address 10.0.5.18<\/pre>\n<h3>Task: Disconnect PPTP server vpn connection<\/h3>\n<p>Simply kill pppd service, enter:<br \/>\n<code># killall pppd<\/code><br \/>\nOR<br \/>\n<code># kill {pppd-PID}<\/code><\/p>\n<p>&nbsp;<\/p>\n<p>AUTO Start<\/p>\n<p>nano \/etc\/network\/interfaces<\/p>\n<p>auto ppp0<br \/>\niface ppp0 inet ppp<br \/>\nprovider delhi-idc-01<br \/>\npre-up pppd call delhi-idc-01<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Compatibility note I\u00e2\u20ac\u2122ve tested instructions and pptp  &hellip; <a href=\"https:\/\/blog.littlega.com\/?p=65\" class=\"more-link\">\u0e2d\u0e48\u0e32\u0e19\u0e40\u0e1e\u0e34\u0e48\u0e21\u0e40\u0e15\u0e34\u0e21 <span class=\"screen-reader-text\">How to Connect to PPTP from Command Line<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-65","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/blog.littlega.com\/index.php?rest_route=\/wp\/v2\/posts\/65","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.littlega.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.littlega.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.littlega.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.littlega.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=65"}],"version-history":[{"count":1,"href":"https:\/\/blog.littlega.com\/index.php?rest_route=\/wp\/v2\/posts\/65\/revisions"}],"predecessor-version":[{"id":66,"href":"https:\/\/blog.littlega.com\/index.php?rest_route=\/wp\/v2\/posts\/65\/revisions\/66"}],"wp:attachment":[{"href":"https:\/\/blog.littlega.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=65"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.littlega.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=65"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.littlega.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=65"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}