The university I'm as of this writing studying at gives me the opportunity to work within their network from home. The only thing one has to establish is a VPN (Virtual Private Network) connection. Under Windows this is child's play. You fire up your connection wizard and by clicking next, next (and next...) you have it setup in a couple of seconds. Since I'm not using Windows if not absolutely necessary I found out that setting the same thing up under Linux can get tricky. The advantage on the other hand is that after the configuration you're going to understand how everything works.

This article is based on chapter 28.9 from Michael Kofler's awesome Linux book (8th edition for students). This article only deals with setting up a VPN connection from a client to a VPN server using the PPTP tunneling protocol. PPTP is one of the most wide spread VPN protocols since it is also favorised by Microsoft. Another protocol would be IPSec for instance that is supported by Cisco's VPN client software. Please note that this article won't tell you what VPN is how it and the underlying protocols work.

First of all, you have to install two packages with the following commands. The first installs the PPTP-Server (yes we need it, because a daemon in the background is going to manage our tunnel) and the second installs the PPTP-Client needed to connect to a VPN server.

sudo apt-get install pptpd
sudo apt-get install pptp-linux

After this we have to configure our new tunnel. For this we need to create/modify the following three files (you need to be root):

• /etc/ppp/pptpd-options (this is the global config file for all VPN connections - you may delete it)
• /etc/ppp/peers/vpn (create this file - maybe with a better name - and put all connection specific configurations here)
• /etc/ppp/chap-secrets (this file contains user and password data for the VPN connections)

Either comment-out (put a # in front of) each line of /etc/ppp/pptpd-options or simply delete it. It usually has a lot of default settings that we don't need and want. After that create a file for your specific VPN connection (I called it /etc/ppp/peers/vpn) and modify it according to Figure 1 and your needs. That is, you have to modify the second (the VPN server I want to connect to is vpn.fhwn.ac.at) and third line (put your VPN login username here). The option noauth means that we don't require the VPN server to authenticate itself to our side/client.

Figure 1: The content of my /etc/ppp/peers/vpn file

After this the connection configuration of PPTP is done. Now we only need to store our username and password in a file called /etc/ppp/chap-secrets that is used for authentiation. The content of my chap-secrets file is shown in Figure 2. Please note that here the CHAP (Challenge-handshake authentication protocol) is used by the VPN server. If your server uses a different authentication protocol (e.g. PAP) you have to edit another file.

Figure 2: The content of my /etc/ppp/chap-secrets file

When you finished the above steps, it's time to test the VPN configuration. The following command tries to establish a VPN connection:

sudo pppd call vpn

Figure 3 shows the execution of this command on my box. As you can see, there is a new interface called ppp0 available after the command has been executed.

Figure 3: Connecting to the VPN server

Unfortunately we are not finished yet. We are connected to the VPN but can't connect to any of the other machines within the network. The problem is that there is no route telling our box that every packet sent to a private IP address (from the VPN) should be sent over the new VPN tunnel. Figure 4 shows you how to fix the problem. We have to add a new route to the static routing table of our box. In my case this is done with the following command:

sudo route add -net 10.10.0.0 netmask 255.255.0.0 dev ppp0

Figure 4: Adding a new static IP route for the VPN

Right after adding the route everything should work fine. If you want to disconnect from the VPN you just have to execute the following command:

sudo killall pppd

I hope that this guide worked for you. If not you could try to add the debug command line parameter when calling pppd. This should make pppd output a lot of information on what is happening. You can then use this information and look for a solution on the PPTP Diagnosis Howto page. Good luck!