Pptpd Setup for Eveonline

From Federal Burro of Information
Revision as of 05:45, 3 February 2020 by David (talk | contribs)
Jump to navigationJump to search

vpn for fun and profit

pptp server:

  • AWS linux box.
  • ubuntu 18
  • t2.micro ( 10$ / month )
  • terraform to automate the up / down / config of the AWS resources, including a DNS record

client:

  • windows 10

user-data:

#!/bin/bash
# inspiration
# ref https://www.howtogeek.com/51237/setting-up-a-vpn-pptp-server-on-debian/

apt-get -y install pptpd

cat << EOA > /etc/pptpd.conf
localip 10.10.23.1
remoteip 10.10.23.120-140
debug
EOA

cat << EOF > /etc/ppp/pptpd-options
ms-dns 10.10.23.1
nobsdcomp
noipx
mtu 1490
mru 1490
debug
EOF

cat << EOD > /etc/ppp/chap-secrets
user   *   password   *
EOD

cat << CATS >> /etc/ppp/options
asyncmap 0
auth
crtscts
debug
dump
lock
hide-password
modem
lcp-echo-interval 30
lcp-echo-failure 4
noipx
+mschap-v2
nodefaultroute
CATS

/bin/systemctl restart pptpd.service

cat << EOH > /etc/sysctl.d/10-forwarding.conf
net.ipv4.ip_forward=1
EOH

sysctl -p

echo "*.debug                         -/var/log/debug.log" >>  /etc/rsyslog.d/50-default.conf

/bin/systemctl restart rsyslog.service

IP=$(/sbin/ip -o -4 addr list eth0 | awk '{print $4}' | cut -d/ -f1)

/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  • I chose 10.10.23.0/24 arbitrarily, you can choose what ever cidr you want.
  • I added debug to pptpd config and pppd config for make great log files.
  • +mschap-v2 is non default and required for windows 10.
  • change user and password in chap-secrets to something secure.

Setup the pptp connection on the windows server:

Note that setting "nodefaultroute" in the pppd options file has no effect as the windows client controls this. Change the settings on the connection adpater's properties. uncheck "Use default gateway on remote network"

once the link is up add a route to eve manually. run cmd as admin and do this:

netstat -rn

Look for the interface id of you ppp connection, then use the route add command here:

route add 87.237.34.200 mask 255.255.255.255 0.0.0.0 IF XX

87.237.34.200 tranquility.servers.eveonline.com