VPN settings linux - Online documentation - ONE WAY satellite internet
***********************************************************************
*** Documentation for establishing a LINUX VPN with BizarNet ***
*** Linux ***
*** Made By Ago Caba (agocs@sksyu.net) ***
***********************************************************************
TXT VERSION
This setup works for 2.2 kernels
1. Setting up the sat card
Software you need:
1. http://www.linuxtv.org/download/dvb/dvbd3.tar.bz2
2. http://www.linuxtv.org/download/dvb/siemens_dvb-0.8.2.tar.gz
Extract the driver (2.) into folder /root/sat/0.8.2/ and the dvbd (1.) also into /root/sat/0.8.2
Compile them:
cd /root/sat/0.8.2/DVB/driver
make
cd /root/sat/0.8.2/dvbd3/
make
cp dvbd /usr/sbin/
If compile fails you must upgrade your libs and gcc
Create following scripts:
</root/sat/makeinsmod>
#!/bin/sh
echo -n "Loading dvb kernel modules..."
(
cd /root/sat/0.8.2/DVB/driver/
make insmod >/dev/null 2>&1
)
echo "done !"
</root/sat/makermmod>
#!/bin/sh
echo -n "UnLoading dvb kernel modules..."
(
cd /root/sat/0.8.2/DVB/driver/
make rmmod >/dev/null 2>&1
)
echo "done !"
</root/sat/W6>
#!/usr/bin/perl
open(IN,"/bin/ps ax|");
@lines=<IN>;
close(IN);
@lines = grep(/dvbd/, @lines);
if(@lines){
system("killall -9 dvbd >/dev/null 2>&1");
}
open(IN,"/sbin/ifconfig|");
@lines=<IN>;
close(IN);
@lines = grep(/dvb0/, @lines);
if(@lines){
system("/root/linuxsat/sat/Smakermmod >/dev/null 2>&1");
sleep(2);
}
system("/root/linuxsat/sat/Smakeinsmod >/dev/null 2>&1");
sleep(2);
system("/usr/sbin/dvbd -q");
</etc/dvbd.conf>
international
dvb_ifname dvb0
power 1
symbolrate 27500000
frequency 11727000
ttk 1
diseqc 0
AFC 0
polarisation 1
filter_0 330
Now, after starting /root/sat/W6 you should see dvb0 in your interface list (ifconfig).
Set up the system so /root/sat/W6 starts on boot-up.
Setting up the VPN client
You need the following features enabled in kernel
* CONFIG_PPP
* CONFIG_FIREWALL
* CONFIG_IP_FORWARD
* CONFIG_IP_FIREWALL
* CONFIG_IP_ROUTER
* CONFIG_IP_MASQUERADE
* CONFIG_IP_MASQUERADE_ICMP
The software you need:
http://prdownloads.sourceforge.net/pptpclient/pptp-linux-1.1.0-1.tar.gz
BizarNet doesn't use mppe coding so you don't need
http://prdownloads.sourceforge.net/pptpclient/ppp-mppe-2.4.0-4.tar.gz
Extract the pptpclient into /root/pptp-linux-1.1.0-1/
Compile it:
cd /root/pptp-linux-1.1.0-1/pptp-linux-1.1.0/
make
cp pptp /usr/sbin/
Now create the pptp tunnel using /root/pptp-linux-1.1.0-1/pptp-command
1.) start
2.) stop
3.) setup
4.) quit
What task would you like to do?: 3
ls: /etc/pptp.d: No such file or directory
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 4
Add a NEW PPTP Tunnel.
1.) Other
Which configuration would you like to use?: 1
Tunnel Name:bizar
Server IP: <The IP adress of the server>
What route(s) would you like to add when the tunnel comes up?
This is usually a route to your internal network behind the PPTP server.
You can use TUNNEL_DEV and DEF_GW as in /etc/pptp.d/ config file
TUNNEL_DEV is replaced by the device of the tunnel interface.
DEF_GW is replaced by the existing default gateway.
The syntax to use is the same as the route(8) command.
Enter a blank line to stop.
route: <Hit Enter here>
Local Name and Remote Name should match a configured CHAP or PAP secret.
Local Name is probably your NT domain\username.
NOTE: Any backslashes (\) must be doubled (\\).
Local Name: <your password>
Remote Name [PPTP]: <Hit Enter here>
Adding bizar- X.X.X.X - passwd - PPTP
Added tunnel bizar
1.) Manage CHAP secrets
2.) Manage PAP secrets
3.) List PPTP Tunnels
4.) Add a NEW PPTP Tunnel
5.) Delete a PPTP Tunnel
6.) Configure resolv.conf
7.) Select a default tunnel
8.) Quit
?: 8
create the file /etc/options.pptp
lock
#debug
#logfd 2
nodetach
require-pap
noauth
empty the /etc/ppp/options file if it exists
create /etc/ppp/pap-secrets containig:
<Username> * <password> *
Create /etc/ppp/ip-up
#!/usr/bin/perl system("/sbin/route add -net 62.41.25.0/24 gw <IP of your default gateway> 2>&1 >/dev/null");
system("/sbin/route del default 2>&1 >/dev/null");
system("/sbin/route add default gw EuroARGV[4] 2>&1 >/dev/null");
Create /etc/ppp/ip-down
#!/usr/bin/perlsystem("/sbin/route del -net 62.41.25.0/24 gw <IP of your default gateway> 2>&1 >/dev/null");
system("/sbin/route del default 2>&1 >/dev/null");
system("/sbin/route add default gw <IP of your default gateway> 2>&1 >/dev/null");
Now create script
</root/pptp-linux-1.1.0-1/pptp-keepalive>
#!/usr/bin/perl$pptpC="/root/pptp-linux-1.1.0-1/pptp-command start bizar";
my EuroLOG=1;
my Euroerrfile = ">>pptpKA.err";
my EuroLogfile = ">>pptpKA.log";
my EuroUip="www.google.com";
sub ErrLog
{
open(ERR,$errfile);
my Europar = localtime;
print ERR join (": ",$par,$_[0]);
close(ERR);
return(0);
}
sub Log{
if ($LOG){
open(ERR,$Logfile);
my Europar = localtime;
print ERR join (": ",$par,$_[0]);
close(ERR);
return(0);
}
}
Log("pptp-keepalive started !\n");
while(1){
# We'll test if vpn is up
open(IN,"/sbin/ifconfig|grep ppp0|");
@lines=<IN>;
close(IN);
@lines = grep(/ppp0/, @lines);
if(!@lines){
#restart the pptp client
Log("ppp0 was not found, starting pptp !\n");
system("/usr/bin/killall -HUP pppd >/dev/null 2>&1");
system("/usr/bin/killall -9 pptp >/dev/null 2>&1");
system("/usr/bin/killall -9 pptp-command >/dev/null 2>&1");
system("$pptpC >/dev/null 2>&1");
}
# We'll test if outside world is ping-able
open(IN,"ping -n -c 1 -w 20 EuroUip|");
@lines=<IN>;
close(IN);
@lines = grep(/100\% packet loss/, @lines);
if(@lines){
#reloading the drivers
system("/root/sat/W6 >/dev/null 2>&1");
}
sleep(10);
}
Set up the system so /root/pptp-linux-1.1.0-1/pptp-keepalive starts on boot-up
Now you can test the pptp with command
/root/pptp-linux-1.1.0-1/pptp-keepalive &
After a while you should see ppp0 in your interface list.
You'll have to modify the pptp-keepalive script if your linux box is connected to the net with ppp.
Change the line:
system("/usr/bin/killall -HUP pppd >/dev/null 2>&1");
so it will hang up only pppd used by pptp.
Thanks to:
Ago Caba
SKSYU.NET system admin
|