LinuxMCE Forums

General => Users => Topic started by: donpaul on August 27, 2009, 06:30:03 am

Title: PPTP VPN - iPhone VPN access
Post by: donpaul on August 27, 2009, 06:30:03 am
Has anyone installed pptpd on their core yet? With pptpd, we can use the iPhone (or any client) to vpn into the core. Really nice for using the web orbiter remotely. I set it up in 5 minutes, and it works great.

For those interested:

# Get the server installed.

sudo apt-get install pptpd

# Edit /etc/pptpd.conf file to setup the IP address for connected clients. Enable localip and remoteip to something like

localip 192.168.80.150
remoteip 192.168.80.151-155

# Use /etc/resolv.conf to find the DNS of the system, and edit /etc/ppp/pptpd-options to enable ms-dns – something like

ms-dns 192.168.80.1

# Set the VPN account by editing /etc/ppp/chap-secrets. Replace user and password with whatever you like.
user pptpd password *

# Restart the server by executing

sudo /etc/init.d/pptpd restart

# Open port 1723 to the core (Advanced > Network > Firewall Rules)

# Setup VPN in the iPhone by General > Network > VPN > PPTP. Enable Auto encryption level. Keep RSA SecurID off. Configure with the user and password you set up.

It should work now.

Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 27, 2009, 02:41:38 pm
donpaul, maybe you should create a script that does this automatically for the users (on the LinuxMCE side). In the interim, please create a wiki for this.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 27, 2009, 04:15:52 pm
donpaul, maybe you should create a script that does this automatically for the users (on the LinuxMCE side). In the interim, please create a wiki for this.

LOL... I knew that was coming ;-)
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 27, 2009, 04:28:25 pm
:) ... when will the script be completed?
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 27, 2009, 04:37:39 pm
:) ... when will the script be completed?

Soon... I have to say, PPTP on the core has me very excited!

Video feeds over PPTP to a PC or iPhone
Orbiter over PPTP on a PC or iPhone
Free SIP call from anywhere in the world, over PPTP
Stream movies/Music over PPTP to PC or iPhone

Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 27, 2009, 04:45:39 pm
Translate your excitement into a script... lol.
Title: Re: PPTP VPN - iPhone VPN access
Post by: hari on August 27, 2009, 05:08:20 pm
just a script? dlewis, we want this integrated into the web admin ;-))

br, Hari
Title: Re: PPTP VPN - iPhone VPN access
Post by: krys on August 27, 2009, 05:23:53 pm
donpaul,
Im not sure I follow how this allows you to stream music and make calls via SIP from an iphone. What apps are you using?
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 27, 2009, 05:25:29 pm
hari, good point... This would actually be better suited if it had a tie into the we admin...

krys, I assume for the SIP calls, he's using some sort of SIP client on the iPhone and just entering his SIP credentials directly... Similarly for the music stream. Just point the music app to the directory to pull the music.
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 27, 2009, 05:26:14 pm
Here you go

On the core:

Code: [Select]
dcerouter:~# cd /usr/pluto/bin ; sudo wget http://donpaul.info/Setup_PPTP.sh.gz ; sudo gunzip Setup_PPTP.sh.gz
It will set everything up the first time you run it. Run it a subsequent time to create a new user.

Code: [Select]
./Setup_PPTP.sh [i]username [/i][i]password[/i]
Let me know if you run into a problem.

Yes, I will create a wiki once the script works for someone else.

Once the script is tested, please submit it to the devs to be uploaded to svn.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 27, 2009, 05:58:37 pm
hari, good point... This would actually be better suited if it had a tie into the we admin...

krys, I assume for the SIP calls, he's using some sort of SIP client on the iPhone and just entering his SIP credentials directly... Similarly for the music stream. Just point the music app to the directory to pull the music.

Correct.
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 27, 2009, 06:00:59 pm
Correct to the web admin tie in? ;)
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 27, 2009, 06:11:05 pm
Correct to the web admin tie in? ;)

I wish I had the php knowledge to tie it in to the web admin. I am more than willing to assist someone who has the php knowledge... and time.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 28, 2009, 06:56:03 am
Ok, took a stab at learning some php today, this is what I have so far. Hopefully I will have a finished product and a patch in the next few days. Click the link, set a password, and whoa-la... pptp is installed and the user has access.

(http://donpaul.info/PPTP.png)
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 28, 2009, 01:00:21 pm
Nice! Please provide the files for users to test. Once we've tested it fully, we can submit it to SVN.
Title: Re: PPTP VPN - iPhone VPN access
Post by: jimbodude on August 28, 2009, 03:37:28 pm
I'm very interested in this.  I could test it as early as this weekend, definitely before Wednesday.  Provide the changes, make a wiki page about it.  If you need some web space to share anything out, I can provide that for you via PM.

Looks like very nice work so far.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 28, 2009, 05:00:12 pm
I am making good progress. I made changes to a few php files and created a new one. I am testing everything now, but it's looking good so far.
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 28, 2009, 05:03:56 pm
thanks donpaul.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 28, 2009, 06:28:41 pm
Is there a way to open a firewall port to the core through php or a script? That is the only automated piece I am trying to figure out.
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on August 28, 2009, 06:37:33 pm
check out the firewall rules php site.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on August 28, 2009, 10:12:13 pm
That's exactly what I eventually did. I'm all done, works like a charm. I have made patch files.

http://donpaul.info/PPTP_Patch.tar.gz

untar to /var/www/pluto-admin

For those that need it:
Code: [Select]
cd /var/www/pluto-admin ; wget http://donpaul.info/PPTP_Patch.tar.gz ; gunzip PPTP_Patch.tar.gz ; tar -xvf PPTP_Patch.tar
You'll also need the new script

http://donpaul.info/Setup_PPTP.sh.gz

For those that need it:
Code: [Select]
cd /usr/pluto/bin ; wget http://donpaul.info/Setup_PPTP.sh.gz ; gunzip Setup_PPTP.sh.gz
This is tested on 7.10, and it works for me. Let me know if there are any problems.
Title: Re: PPTP VPN - iPhone VPN access
Post by: jimbodude on September 01, 2009, 05:23:27 am
I applied this patch to 0810.  It runs fine.  I haven't tested the functionality of the VPN yet - the client is giving me trouble.  I'll try to get back to it tomorrow.

I've attached the svn diff for the web admin changes.  Drop the sh into /usr/pluto/bin and apply this patch to /var/www/lmce-admin

Some comments:
- The process for the initial set up of PPTP and adding users is ridiculously easy - good work.
- Instructions on setting up the iPhone are vague at best.  A link to a wiki page which describes multiple clients would be better
- The process to delete PPTP users is less than ideal.  Is there a way to detect what users are PPTP users and add a "remove PPTP access" link on the Users page? Or at least a "Delete" button instead of having to type "delete" as a password...
- I didn't look too deeply into the inner workings.  I'm assuming there's no encryption - is that true?
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on September 04, 2009, 04:28:18 pm
I tried to figure out a way to add a delete button or link, but I could not get it working. I can add a delete to the script easily, but can't figure out the php part. Still working on it and will update the patch if I get it working.

The iPhone instructions can be removed if it isn't helpful, but the iPhone is very easy to configure and works great. I am working on a wiki page.

PPTP is an encrypted tunnel.

I applied this patch to 0810.  It runs fine.  I haven't tested the functionality of the VPN yet - the client is giving me trouble.  I'll try to get back to it tomorrow.

I've attached the svn diff for the web admin changes.  Drop the sh into /usr/pluto/bin and apply this patch to /var/www/lmce-admin

Some comments:
- The process for the initial set up of PPTP and adding users is ridiculously easy - good work.
- Instructions on setting up the iPhone are vague at best.  A link to a wiki page which describes multiple clients would be better
- The process to delete PPTP users is less than ideal.  Is there a way to detect what users are PPTP users and add a "remove PPTP access" link on the Users page? Or at least a "Delete" button instead of having to type "delete" as a password...
- I didn't look too deeply into the inner workings.  I'm assuming there's no encryption - is that true?
Title: Re: PPTP VPN - iPhone VPN access
Post by: jimbodude on September 04, 2009, 05:01:23 pm
You should be able to just mirror what you're already doing.  Add a button for "delete" in your form, when you're processing the data from the forum in the PHP script, check the value of the submit, if its "delete" then ignore everything else and run the delete script.

I wouldn't say the iPhone instructions aren't helpful, just maybe a bit misleading since its the only device listed, and maybe a bit sparse since there could be screenshots of the iPhone and more PPTP devices could also be interesting.  Also, the configuration process might change in a future iPhone version - never know.  Just a link to a wiki page would do it - move the iPhone instructions there.  Then everyone gets the most up to date information all the time.

Sorry, I guess I'm not up on the PPTP spec...  Thanks for the correction.
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on December 06, 2009, 04:11:00 am
I made changes to the VPN config/scripts, and I have verified that it works in 8.10b2. Drop the script in /usr/pluto/bin and apply the patches.
Title: Re: PPTP VPN - iPhone VPN access
Post by: dlewis on December 06, 2009, 07:06:53 pm
Could you re-open the ticket and add it to the beta2 site to be put into the next build? Thanks!
Title: Re: PPTP VPN - iPhone VPN access
Post by: rages on December 08, 2009, 01:53:25 pm
Hello,

this project could also be used by this VNC client for Android in your opinion?
http://code.google.com/p/android-vnc-viewer/wiki/Documentation (http://code.google.com/p/android-vnc-viewer/wiki/Documentation)



Emanuele
Title: Re: PPTP VPN - iPhone VPN access
Post by: donpaul on December 08, 2009, 04:30:08 pm
VNC and VPN are completely separate products.
Title: Re: PPTP VPN - iPhone VPN access
Post by: rages on December 09, 2009, 08:39:08 am
Sorry for my stupid question  :P


Emanuele
Title: Re: PPTP VPN - iPhone VPN access
Post by: pw44 on March 26, 2010, 09:28:03 pm
Hi donpaul,

Don't forget that for using from the external interface, you will also need the following rules, so protocol 47 (GRE) can be passed.

iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT


TIA,

Paulo

Title: Re: PPTP VPN - iPhone VPN access
Post by: pw44 on April 14, 2010, 09:29:12 pm
Hia,
today i did an apt-get update & upgrade, and webadmin was updated. The patch for pptp created by donpaul is gone.
Question: will the pptp patch be implemented in webadmin or will it be necessary to be applied each time webadmin is updated?
TIA,
Paulo
Title: Re: PPTP VPN - iPhone VPN access
Post by: fearingsept on September 08, 2010, 09:26:58 pm
Hello All,
I wanted to setup VPN on my core. I checked the Wiki and did find some instructions but I do not find them to be very clear. I was wondering if it would be possible for someone to provide some step by step instructions for setting up VPN on the core, including links to the files needed, Where to place files and then what commands to run in terminal to apply the VPN so I can see the VPN options in the Admin site?

Title: Re: PPTP VPN - iPhone VPN access
Post by: Kooma on September 08, 2010, 09:38:02 pm
I've heard about this google thingie, but still.. What would one gain with this vpn used with the LMCE?
I'm using https/ssh set up by the info at http://wiki.linuxmce.org/index.php/HTTPS. Hope it's safe, at least it's fun.
Title: Re: PPTP VPN - iPhone VPN access
Post by: pw44 on September 09, 2010, 12:12:00 am
What would one gain with this vpn used with the LinuxMCE?

My answers:
1) having my mobile phone as an extension of telephony system (asterisk) everywhere in the world.
2) being able to work in your computer from anywhere in the world.

More reasons? ;D