PPTP VPN - iPhone VPN access

jimbodude · August 28, 2009, 03:37:28 PM

I'm very interested in this. I could test it as early as this weekend, definitely before Wednesday. Provide the changes, make a wiki page about it. If you need some web space to share anything out, I can provide that for you via PM.

Looks like very nice work so far.

donpaul · August 28, 2009, 05:00:12 PM

I am making good progress. I made changes to a few php files and created a new one. I am testing everything now, but it's looking good so far.

dlewis · August 28, 2009, 05:03:56 PM

thanks donpaul.

donpaul · August 28, 2009, 06:28:41 PM

Is there a way to open a firewall port to the core through php or a script? That is the only automated piece I am trying to figure out.

dlewis · August 28, 2009, 06:37:33 PM

check out the firewall rules php site.

donpaul · August 28, 2009, 10:12:13 PM

That's exactly what I eventually did. I'm all done, works like a charm. I have made patch files.

http://donpaul.info/PPTP_Patch.tar.gz

untar to /var/www/pluto-admin

For those that need it:

Code Select

cd /var/www/pluto-admin ; wget http://donpaul.info/PPTP_Patch.tar.gz ; gunzip PPTP_Patch.tar.gz ; tar -xvf PPTP_Patch.tar

You'll also need the new script

http://donpaul.info/Setup_PPTP.sh.gz

For those that need it:

Code Select

cd /usr/pluto/bin ; wget http://donpaul.info/Setup_PPTP.sh.gz ; gunzip Setup_PPTP.sh.gz

This is tested on 7.10, and it works for me. Let me know if there are any problems.

jimbodude · September 01, 2009, 05:23:27 AM

I applied this patch to 0810. It runs fine. I haven't tested the functionality of the VPN yet - the client is giving me trouble. I'll try to get back to it tomorrow.

I've attached the svn diff for the web admin changes. Drop the sh into /usr/pluto/bin and apply this patch to /var/www/lmce-admin

Some comments:
- The process for the initial set up of PPTP and adding users is ridiculously easy - good work.
- Instructions on setting up the iPhone are vague at best. A link to a wiki page which describes multiple clients would be better
- The process to delete PPTP users is less than ideal. Is there a way to detect what users are PPTP users and add a "remove PPTP access" link on the Users page? Or at least a "Delete" button instead of having to type "delete" as a password...
- I didn't look too deeply into the inner workings. I'm assuming there's no encryption - is that true?

donpaul · September 04, 2009, 04:28:18 PM

I tried to figure out a way to add a delete button or link, but I could not get it working. I can add a delete to the script easily, but can't figure out the php part. Still working on it and will update the patch if I get it working.

The iPhone instructions can be removed if it isn't helpful, but the iPhone is very easy to configure and works great. I am working on a wiki page.

PPTP is an encrypted tunnel.

Quote from: jimbodude on September 01, 2009, 05:23:27 AM
I applied this patch to 0810. It runs fine. I haven't tested the functionality of the VPN yet - the client is giving me trouble. I'll try to get back to it tomorrow.

I've attached the svn diff for the web admin changes. Drop the sh into /usr/pluto/bin and apply this patch to /var/www/lmce-admin

Some comments:
- The process for the initial set up of PPTP and adding users is ridiculously easy - good work.
- Instructions on setting up the iPhone are vague at best. A link to a wiki page which describes multiple clients would be better
- The process to delete PPTP users is less than ideal. Is there a way to detect what users are PPTP users and add a "remove PPTP access" link on the Users page? Or at least a "Delete" button instead of having to type "delete" as a password...
- I didn't look too deeply into the inner workings. I'm assuming there's no encryption - is that true?

jimbodude · September 04, 2009, 05:01:23 PM

You should be able to just mirror what you're already doing. Add a button for "delete" in your form, when you're processing the data from the forum in the PHP script, check the value of the submit, if its "delete" then ignore everything else and run the delete script.

I wouldn't say the iPhone instructions aren't helpful, just maybe a bit misleading since its the only device listed, and maybe a bit sparse since there could be screenshots of the iPhone and more PPTP devices could also be interesting. Also, the configuration process might change in a future iPhone version - never know. Just a link to a wiki page would do it - move the iPhone instructions there. Then everyone gets the most up to date information all the time.

Sorry, I guess I'm not up on the PPTP spec... Thanks for the correction.

donpaul · December 06, 2009, 04:11:00 AM

I made changes to the VPN config/scripts, and I have verified that it works in 8.10b2. Drop the script in /usr/pluto/bin and apply the patches.

dlewis · December 06, 2009, 07:06:53 PM

Could you re-open the ticket and add it to the beta2 site to be put into the next build? Thanks!

rages · December 08, 2009, 01:53:25 PM

Hello,

this project could also be used by this VNC client for Android in your opinion?
http://code.google.com/p/android-vnc-viewer/wiki/Documentation

Emanuele

donpaul · December 08, 2009, 04:30:08 PM

VNC and VPN are completely separate products.

rages · December 09, 2009, 08:39:08 AM

Sorry for my stupid question

Emanuele

pw44 · March 26, 2010, 09:28:03 PM

Hi donpaul,

Don't forget that for using from the external interface, you will also need the following rules, so protocol 47 (GRE) can be passed.

iptables -A INPUT -p 47 -j ACCEPT
iptables -A OUTPUT -p 47 -j ACCEPT

TIA,

Paulo

LinuxMCE Forums

News:

PPTP VPN - iPhone VPN access

jimbodude

donpaul

dlewis

donpaul

dlewis

donpaul

jimbodude

donpaul

jimbodude

donpaul

dlewis

rages

donpaul

rages

pw44