New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Linux PPTPd server
Hello, I'm going to setup a PPTPd server on my CentOS box. I have a question regarding the localip/remoteip setting in the pptpd.conf.
localip should be the IP of the server right? What about the remoteip range? Should it be the same as my local IP range I have at home (192.168.1.0/24)?
Thanks!
Comments
There have recently been attacks on pptpd by which an attacker can replay your entire session. I'd recently changed to IPSEC/L2TP, for which you can find a tutorial here:
https://raymii.org/cms/p_IPSEC_L2TP_VPN_on_ubuntu_12.04
Regarding your question, the remote IP range should not be one that is in use at either sides of the VPN, so if you use 192.168.x.x you want your VPN to give 172.16.1.x. Or vise versa, maybe even 10.0.0.0/8
huh? can you explain for the mentally-challenged ppl?
http://www.vpsdash.com/?p=157
you can use any rang you want
I use this(10.0.0.1-200)
you can even add two or three lines with different IPs
I f you need more help you can ask me
@netomx Wikipedia has a nice writeup but basicly if you use pptpd with mschapv2 (there is the flaw) and if someone records your session they can brute-force the mschapv2 authentication and use that to decrypt the recorded session. It does requires a MITM attack to record the session.
http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security
The way I describe in the tutorial is also using mschap, but also explains using linux (PAM) authentication via system users. The best way however is using a public/private keys to authenticate. It is a little harder to setup, and, iPhones do not support that. Android and the rest does.
I'm planning to also do a tutorial on the PKI stuff related to ipsec/l2tp.
PPTP is known to have vulnerabilities for a very long time, however I am yet to find a case where was really bruteforced or something, you need someone to be after you badly to try that. If you are in that sitaution, PPTP is your last worry.
M
Managed to get this to work with PPTP. One strange problem though, I'm unable to connect to the MSN Messenger network. Any ideas why?
Yeah I have issues where a few websites refuse to load (usually connect.facebook.net and twitter and most CDNs) and yeah I did set ms-dns servers!
(have you?)
Yup. Maybe it's a MTU problem?
If you set your MTU to about 1400 it should fix the problem.
@Cirium where do you set this?
I believe you can set it inside the pptpd ip-up config file.
Don't set the remote range to being the same as what you use at home. other then that any other private range works.
@Cirium I did some googling and can't seem to find anything relating to this, could you lend a hand?
Thanks
nvm I forgot to restart the network!