Linux PPTP

Routing is key in Linux for PPTP (handled by the ip-up and ip-down scripts). Unfortunately no site out there seems to have the routing down correct to not only route all traffic through the VPN but also use the DNS servers served by the VPN. So we gave it a go and came up with a working hack. This was done on Slackware, but should work on others (you may need path adjustments). Please read the /etc/ppp/ip-up and /etc/ppp/ip-down and don't just blndly copy and paste, you need to change things for your network! The ip-up and ip-down scripts are not a one size fits all thing, but we hope they'll give you enough to go on to get it working for your specific needs. They change your routing table to route all traffic through the ppp0 interface except the connection to the VPN server and your local networks and then change it back to your original routing again when ppp0 is brought down. They also change /etc/resolv.conf to be the VPN dns when up and your own again when down. If you need help regarding your specific network(s), please contact helpdesk and include the output of the command netstat -ran Information you need to complete this: Your Network It's Netmask Your default gateway Your VPN server name Your VPN IP address Your VPN DNS servers Your login and password You may or may not need to create this dir: mkdir /etc/ppp/peers /etc/ppp/peers/cotse (replace italicized words with your information) pty "pptp vpnipaddress --nolaunchpppd" name yourcotseaccount remotename vpnservername require-mschap-v2 require-mppe-128 file /etc/ppp/options.pptp ipparam cotse /etc/ppp/chap-secrets (replace italicized words with your information) # Secrets for authentication using CHAP # client server secret IP addresses yourcotseaccount * vpnpassword /etc/ppp/options.pptp lock noauth refuse-eap refuse-chap refuse-mschap nobsdcomp nodeflate /etc/ppp/ip-up #!/bin/sh # Edit variables below to match your network and vpn info VPNIP=208.53.131.110 VPNDNS1=208.53.131.243 VPNDNS2=208.53.131.111 DEFAULTNET=192.168.0.0 DEFAULTMASK=255.255.255.0 DEFAULTGW=192.168.0.1 # Change routing for VPN /sbin/route add -net ${DEFAULTNET} netmask ${DEFAULTMASK} gw ${DEFAULTGW} /sbin/route add -host ${VPNIP} gw ${DEFAULTGW} /sbin/route del default /sbin/route add default gw 10.10.10.1 # Change DNS resolvers if [ -f /etc/resolv.bak ]; then echo "/etc/resolv.bak exists!" else cp /etc/resolv.conf /etc/resolv.bak echo "nameserver ${VPNDNS1}" > /etc/resolv.conf echo "nameserver ${VPNDNS2}" >> /etc/resolv.conf fi /etc/ppp/ip-down (if you want to stop all traffic if the VPN drops, this is where you'd do it.) #!/bin/sh # Edit variables below to match your network and vpn info PRIMARY=eth0 VPNIP=208.53.131.110 DEFAULTNET=192.168.0.0 DEFAULTMASK=255.255.255.0 DEFAULTGW=192.168.0.1 # Change back routing /sbin/route delete -net ${DEFAULTNET} netmask ${DEFAULTMASK} /sbin/route del default /sbin/route add -net ${DEFAULTNET} netmask ${DEFAULTMASK} ${PRIMARY} /sbin/route add default gw ${DEFAULTGW} /sbin/route delete -host ${VPNIP} # Change DNS resolvers back. if [ -f /etc/resolv.bak ]; then mv /etc/resolv.bak /etc/resolv.conf else echo "/etc/resolv.bak missing!" fi Start pptp with this: pppd call cotse dump debug logfd 2 nodetach CTRL-C to terminate connection If you launch it with: pppd call cotse It will quietly fork off. You can issue a kill to the pid for ppp to stop it.