LinuxMCE Forums
General => Users => Topic started by: donpaul on August 27, 2009, 06:30:03 am
-
Has anyone installed pptpd on their core yet? With pptpd, we can use the iPhone (or any client) to vpn into the core. Really nice for using the web orbiter remotely. I set it up in 5 minutes, and it works great.
For those interested:
# Get the server installed.
sudo apt-get install pptpd
# Edit /etc/pptpd.conf file to setup the IP address for connected clients. Enable localip and remoteip to something like
localip 192.168.80.150
remoteip 192.168.80.151-155
# Use /etc/resolv.conf to find the DNS of the system, and edit /etc/ppp/pptpd-options to enable ms-dns – something like
ms-dns 192.168.80.1
# Set the VPN account by editing /etc/ppp/chap-secrets. Replace user and password with whatever you like.
user pptpd password *
# Restart the server by executing
sudo /etc/init.d/pptpd restart
# Open port 1723 to the core (Advanced > Network > Firewall Rules)
# Setup VPN in the iPhone by General > Network > VPN > PPTP. Enable Auto encryption level. Keep RSA SecurID off. Configure with the user and password you set up.
It should work now.
-
donpaul, maybe you should create a script that does this automatically for the users (on the LinuxMCE side). In the interim, please create a wiki for this.
-
donpaul, maybe you should create a script that does this automatically for the users (on the LinuxMCE side). In the interim, please create a wiki for this.
LOL... I knew that was coming ;-)
-
:) ... when will the script be completed?
-
:) ... when will the script be completed?
Soon... I have to say, PPTP on the core has me very excited!
Video feeds over PPTP to a PC or iPhone
Orbiter over PPTP on a PC or iPhone
Free SIP call from anywhere in the world, over PPTP
Stream movies/Music over PPTP to PC or iPhone
-
Translate your excitement into a script... lol.
-
just a script? dlewis, we want this integrated into the web admin ;-))
br, Hari
-
donpaul,
Im not sure I follow how this allows you to stream music and make calls via SIP from an iphone. What apps are you using?
-
hari, good point... This would actually be better suited if it had a tie into the we admin...
krys, I assume for the SIP calls, he's using some sort of SIP client on the iPhone and just entering his SIP credentials directly... Similarly for the music stream. Just point the music app to the directory to pull the music.
-
Here you go
On the core:
dcerouter:~# cd /usr/pluto/bin ; sudo wget http://donpaul.info/Setup_PPTP.sh.gz ; sudo gunzip Setup_PPTP.sh.gz
It will set everything up the first time you run it. Run it a subsequent time to create a new user.
./Setup_PPTP.sh [i]username [/i][i]password[/i]
Let me know if you run into a problem.
Yes, I will create a wiki once the script works for someone else.
Once the script is tested, please submit it to the devs to be uploaded to svn.
-
hari, good point... This would actually be better suited if it had a tie into the we admin...
krys, I assume for the SIP calls, he's using some sort of SIP client on the iPhone and just entering his SIP credentials directly... Similarly for the music stream. Just point the music app to the directory to pull the music.
Correct.
-
Correct to the web admin tie in? ;)
-
Correct to the web admin tie in? ;)
I wish I had the php knowledge to tie it in to the web admin. I am more than willing to assist someone who has the php knowledge... and time.
-
Ok, took a stab at learning some php today, this is what I have so far. Hopefully I will have a finished product and a patch in the next few days. Click the link, set a password, and whoa-la... pptp is installed and the user has access.
(http://donpaul.info/PPTP.png)
-
Nice! Please provide the files for users to test. Once we've tested it fully, we can submit it to SVN.
-
I'm very interested in this. I could test it as early as this weekend, definitely before Wednesday. Provide the changes, make a wiki page about it. If you need some web space to share anything out, I can provide that for you via PM.
Looks like very nice work so far.
-
I am making good progress. I made changes to a few php files and created a new one. I am testing everything now, but it's looking good so far.
-
thanks donpaul.
-
Is there a way to open a firewall port to the core through php or a script? That is the only automated piece I am trying to figure out.
-
check out the firewall rules php site.
-
That's exactly what I eventually did. I'm all done, works like a charm. I have made patch files.
http://donpaul.info/PPTP_Patch.tar.gz
untar to /var/www/pluto-admin
For those that need it:
cd /var/www/pluto-admin ; wget http://donpaul.info/PPTP_Patch.tar.gz ; gunzip PPTP_Patch.tar.gz ; tar -xvf PPTP_Patch.tar
You'll also need the new script
http://donpaul.info/Setup_PPTP.sh.gz
For those that need it:
cd /usr/pluto/bin ; wget http://donpaul.info/Setup_PPTP.sh.gz ; gunzip Setup_PPTP.sh.gz
This is tested on 7.10, and it works for me. Let me know if there are any problems.
-
I applied this patch to 0810. It runs fine. I haven't tested the functionality of the VPN yet - the client is giving me trouble. I'll try to get back to it tomorrow.
I've attached the svn diff for the web admin changes. Drop the sh into /usr/pluto/bin and apply this patch to /var/www/lmce-admin
Some comments:
- The process for the initial set up of PPTP and adding users is ridiculously easy - good work.
- Instructions on setting up the iPhone are vague at best. A link to a wiki page which describes multiple clients would be better
- The process to delete PPTP users is less than ideal. Is there a way to detect what users are PPTP users and add a "remove PPTP access" link on the Users page? Or at least a "Delete" button instead of having to type "delete" as a password...
- I didn't look too deeply into the inner workings. I'm assuming there's no encryption - is that true?
-
I tried to figure out a way to add a delete button or link, but I could not get it working. I can add a delete to the script easily, but can't figure out the php part. Still working on it and will update the patch if I get it working.
The iPhone instructions can be removed if it isn't helpful, but the iPhone is very easy to configure and works great. I am working on a wiki page.
PPTP is an encrypted tunnel.
I applied this patch to 0810. It runs fine. I haven't tested the functionality of the VPN yet - the client is giving me trouble. I'll try to get back to it tomorrow.
I've attached the svn diff for the web admin changes. Drop the sh into /usr/pluto/bin and apply this patch to /var/www/lmce-admin
Some comments:
- The process for the initial set up of PPTP and adding users is ridiculously easy - good work.
- Instructions on setting up the iPhone are vague at best. A link to a wiki page which describes multiple clients would be better
- The process to delete PPTP users is less than ideal. Is there a way to detect what users are PPTP users and add a "remove PPTP access" link on the Users page? Or at least a "Delete" button instead of having to type "delete" as a password...
- I didn't look too deeply into the inner workings. I'm assuming there's no encryption - is that true?
-
You should be able to just mirror what you're already doing. Add a button for "delete" in your form, when you're processing the data from the forum in the PHP script, check the value of the submit, if its "delete" then ignore everything else and run the delete script.
I wouldn't say the iPhone instructions aren't helpful, just maybe a bit misleading since its the only device listed, and maybe a bit sparse since there could be screenshots of the iPhone and more PPTP devices could also be interesting. Also, the configuration process might change in a future iPhone version - never know. Just a link to a wiki page would do it - move the iPhone instructions there. Then everyone gets the most up to date information all the time.
Sorry, I guess I'm not up on the PPTP spec... Thanks for the correction.
-
I made changes to the VPN config/scripts, and I have verified that it works in 8.10b2. Drop the script in /usr/pluto/bin and apply the patches.
-
Could you re-open the ticket and add it to the beta2 site to be put into the next build? Thanks!
-
Hello,
this project could also be used by this VNC client for Android in your opinion?
http://code.google.com/p/android-vnc-viewer/wiki/Documentation (http://code.google.com/p/android-vnc-viewer/wiki/Documentation)
Emanuele
-
VNC and VPN are completely separate products.
-
Sorry for my stupid question :P
Emanuele
-
Hi donpaul,
Don't forget that for using from the external interface, you will also need the following rules, so protocol 47 (GRE) can be passed.
iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT
TIA,
Paulo
-
Hia,
today i did an apt-get update & upgrade, and webadmin was updated. The patch for pptp created by donpaul is gone.
Question: will the pptp patch be implemented in webadmin or will it be necessary to be applied each time webadmin is updated?
TIA,
Paulo
-
Hello All,
I wanted to setup VPN on my core. I checked the Wiki and did find some instructions but I do not find them to be very clear. I was wondering if it would be possible for someone to provide some step by step instructions for setting up VPN on the core, including links to the files needed, Where to place files and then what commands to run in terminal to apply the VPN so I can see the VPN options in the Admin site?
-
I've heard about this google thingie, but still.. What would one gain with this vpn used with the LMCE?
I'm using https/ssh set up by the info at http://wiki.linuxmce.org/index.php/HTTPS. Hope it's safe, at least it's fun.
-
What would one gain with this vpn used with the LinuxMCE?
My answers:
1) having my mobile phone as an extension of telephony system (asterisk) everywhere in the world.
2) being able to work in your computer from anywhere in the world.
More reasons? ;D