Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Linux PPTPd server
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Linux PPTPd server

emilvemilv Member
edited October 2012 in Help

Hello, I'm going to setup a PPTPd server on my CentOS box. I have a question regarding the localip/remoteip setting in the pptpd.conf.

localip should be the IP of the server right? What about the remoteip range? Should it be the same as my local IP range I have at home (192.168.1.0/24)?

Thanks!

Comments

  • There have recently been attacks on pptpd by which an attacker can replay your entire session. I'd recently changed to IPSEC/L2TP, for which you can find a tutorial here:

    https://raymii.org/cms/p_IPSEC_L2TP_VPN_on_ubuntu_12.04

    Regarding your question, the remote IP range should not be one that is in use at either sides of the VPN, so if you use 192.168.x.x you want your VPN to give 172.16.1.x. Or vise versa, maybe even 10.0.0.0/8

    Thanked by 1emilv
  • netomxnetomx Moderator, Veteran

    @Raymii said: can replay your entire session

    huh? can you explain for the mentally-challenged ppl?

  • @emilv said: local IP range I have at home (192.168.1.0/24)?

    you can use any rang you want
    I use this(10.0.0.1-200)
    you can even add two or three lines with different IPs
    I f you need more help you can ask me

  • @netomx Wikipedia has a nice writeup but basicly if you use pptpd with mschapv2 (there is the flaw) and if someone records your session they can brute-force the mschapv2 authentication and use that to decrypt the recorded session. It does requires a MITM attack to record the session.

    http://en.wikipedia.org/wiki/Point-to-Point_Tunneling_Protocol#Security

    The way I describe in the tutorial is also using mschap, but also explains using linux (PAM) authentication via system users. The best way however is using a public/private keys to authenticate. It is a little harder to setup, and, iPhones do not support that. Android and the rest does.

    I'm planning to also do a tutorial on the PKI stuff related to ipsec/l2tp.

    Thanked by 1netomx
  • MaouniqueMaounique Host Rep, Veteran

    PPTP is known to have vulnerabilities for a very long time, however I am yet to find a case where was really bruteforced or something, you need someone to be after you badly to try that. If you are in that sitaution, PPTP is your last worry.
    M

  • Managed to get this to work with PPTP. One strange problem though, I'm unable to connect to the MSN Messenger network. Any ideas why?

  • Yeah I have issues where a few websites refuse to load (usually connect.facebook.net and twitter and most CDNs) and yeah I did set ms-dns servers!

    (have you?)

    Thanked by 1netomx
  • Yup. Maybe it's a MTU problem?

  • CiriumCirium Member
    edited October 2012

    If you set your MTU to about 1400 it should fix the problem.

  • @Cirium where do you set this?

  • I believe you can set it inside the pptpd ip-up config file.

  • Don't set the remote range to being the same as what you use at home. other then that any other private range works.

  • @Cirium I did some googling and can't seem to find anything relating to this, could you lend a hand?

    Thanks

  • nvm I forgot to restart the network!

Sign In or Register to comment.