Hacktopia

While being the simplest of the VPN serveer to set up for linx it is also the least secure.  While it is the least secure it is still much better then using nothing.  A quick search for pptpd will give you PoPToP.

PPTPD is good because is comes as part of the base install for many common operation systems like Windows, OS X, and even the IPhone/Ipod.

In past versions of debian you had to to much more work to get pptp to encript your data like installing kernel modules.  Since kernel 2.6.15-rc1 everything is included by default so all you should do is install pptpd, but lets just run a quick check to make sure.  If you get a failure follow these instructions in order to get MPEE workingDebian MPPE HOWTO.

server:/var/log# modprobe ppp-compress-18 && echo success
success

server:/# aptitude  search pptpd
i   pptpd                                                              – PoPToP Point to Point Tunneling Server

Start by installing it by simply isuing the fowling command.

mini:/# aptitude  install pptpd

The first file you will want to edit is /etc/pptpd.conf. You need to put in the ip range of the clients will be assigned and the virtural ip of the PPTP server.  Mare sure you pick a ip range that is not already used!  The remote IP range below will allow 49 hosts to connect.

localip 10.80.0.1
remoteip 10.80.0.2-50

Next we want to set up the pptpd server options.

username@server:~$ cat /etc/ppp/pptpd-options
name hostname.TLD

refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128

ms-dns 192.168.1.1

proxyarp
nodefaultroute
lock
nobsdcomp
noipx
mtu 1490
mru 1490
#plugin radius.so

I have the plugin radius.so commented out because that is only necessary for when you are using radius to authenicate the clients.  I will be going over how to set that up in a feture post.  In the mean time we will leave it commented out.

Next we have to set up the user accounts.  The user accounts are set up in a file called /etc/ppp/chap-secrets.  The format is pretty self explanatory but I will go over it any way,  the first filed is the user name that the client will enter into their pptp client, the second filed would be the ip of the PPTP server, just leave it as * for now, forth field is the password the client will have to enter, and the list and final field is the ip adress that the client will be coming from, since you most likely will have no idea where the client will be comign from just leave it as *.  Yes I know password is a really bad password, it is just a example.

server:/etc/ppp# cat chap-secrets
# Secrets for authentication using CHAP
# client    server    secret            IP addresses
username     *     password

Now run

mini:/etc/ppp# /etc/init.d/pptpd start
Starting PPTP Daemon: pptpd.

to start the server up.

You should see some entries in /var/log/syslog like the ones below indicating a secessful start.

Jan  7 22:31:58 mini pptpd[13512]: MGR: Manager process started
Jan  7 22:31:58 mini pptpd[13512]: MGR: Maximum of 49 connections available

Dont forget to put in the proper firewall rules and system settings to foward any necessary traffic.  I will inclue a link to the directions in a fiture post.

So you just go a external USB drive and you want to use it on you Windows box.  Well Windows is just not that smart to read osx formatted partitions.

Start by pluging it in, yaha.  Below is a snip it from dmesg that shows the usb drive being recognized when plunged in.

cfdisk example output

cfdisk 2.12r

Disk Drive: /dev/sdb
Size: 120034123776 bytes, 120.0 GB
Heads: 255   Sectors per Track: 63   Cylinders: 14593

Name              Flags            Part Type       FS Type                  [Label]               Size (MB)
———————————————————————————————————————-
sdb1                                Primary        NTFS volume set                                120031.52

[Bootable]  [ Delete ]  [  Help  ]  [Maximize]  [ Print  ]  [  Quit  ]  [  Type  ]  [ Units  ]
[ Write  ]

Notice that the dmesg output says sdb so the device path will be /dev/sdb, and the first partition will be /dev/sdb1.

sb 5-5: new high speed USB device using ehci_hcd and address 4
usb 5-5: configuration #1 chosen from 1 choice
Initializing USB Mass Storage driver…
scsi2 : SCSI emulation for USB Mass Storage devices
usbcore: registered new driver usb-storage
USB Mass Storage support registered.
usb-storage: device found at 4
usb-storage: waiting for device to settle before scanning
Vendor: Ext Hard  Model:  Disk             Rev:
Type:   Direct-Access                      ANSI SCSI revision: 04
SCSI device sdb: 234441648 512-byte hdwr sectors (120034 MB)
sdb: Write Protect is off
sdb: Mode Sense: 10 00 00 00
sdb: assuming drive cache: write through
SCSI device sdb: 234441648 512-byte hdwr sectors (120034 MB)
sdb: Write Protect is off
sdb: Mode Sense: 10 00 00 00
sdb: assuming drive cache: write through
sdb: [mac] sdb1 sdb2
sd 2:0:0:0: Attached scsi disk sdb
usb-storage: device scan complete
SCSI device sdb: 234441648 512-byte hdwr sectors (120034 MB)
sdb: Write Protect is off
sdb: Mode Sense: 10 00 00 00
sdb: assuming drive cache: write through
sdb: sdb1
SCSI device sdb: 234441648 512-byte hdwr sectors (120034 MB)
sdb: Write Protect is off
sdb: Mode Sense: 10 00 00 00
sdb: assuming drive cache: write through
sdb: sdb1

First you have to delete the osx partition.  I suggest using cfdisk.  It is one of my favorite disk formatting command line gui programs.  fdisk /dev/device also works but is a little trickier to use.

The commands below show how to format the drive

server:~# mkdosfs -n “external disk” /dev/sdb1
mkdosfs 2.11 (12 Mar 2005)

Now go and mount the newly created the file system.

mount /dev/sdb1 /mnt/usb

Now you can unmount it so that it is safe to remove the usb device.

server:/mnt# umount /mnt/usb

server:/mnt# mount
/dev/sda1 on / type ext3 (rw,errors=remount-ro)
tmpfs on /lib/init/rw type tmpfs (rw,nosuid,mode=0755)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
procbususb on /proc/bus/usb type usbfs (rw)
udev on /dev type tmpfs (rw,mode=0755)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=620)
mini:/mnt#

Now you can disconnect the usb drive.

usb 5-5: USB disconnect, address 4

server:~# mkdosfs -n “external disk” /dev/sdb1
mkdosfs 2.11 (12 Mar 2005)

In both linux and Solaris and possibly other UNIX’es you can change your DNS servers simply by editing your /etc/resolv.conf

It should look like below.

search domain.com otherdomain.com
nameserver 192.168.0.1
nameserver 192.168.0.2

The nameserver’s or DNS server will try to be connected to in order from top to bottom. The search domains do not matter if they are at the top or bottom. Search domains are usefull if you dont want to have to type in the whole FQDN (Fully Qualified Domain Name). So instead of typing in “ping sparky.domain.com” you can shorten it to “ping sparky”.