From c25c40dfa96dfeb022b203280c607c1f1835417b Mon Sep 17 00:00:00 2001 From: Robert Göhler Date: Sun, 24 Jan 2021 22:14:00 +0100 Subject: Migrate new file structure to crux (#435) * order workflows and add submodule * rename gitmodules file * delete docs/.gitignore * add vyos custom linter * correct __pycache__ in gitignore * add test-coverage.py * move draw.io folder * arrange changelog, install history and about * arrange: firewall * arrange: highavailability * arrange: loadbalancing * arrange: nat * arrange: services * sort configexamples and configuration interfaces * wireles: rename wireless * rearrange: Protocols and Policy * rearrange: Firewall and Zone Policy * rearrange: Interfaces * rearrange: Interfaces * rearrange: dynamic DNS * hostinfo: add page to index * rearrange: appendix * venv: add Pipfile * rearrange: contributing * index: remove debugging * rearrange: fix all figure and refs * rearrange: commandtree * fix: cli, openvpn, install headline level * protocols: change headline * firewall: move mss clamping * ip: separate ipv4 and ipv6 * arp: move to static page * igmp: rename multicast page * Update to year 2021 --- docs/configuration/vpn/pptp.rst | 47 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 docs/configuration/vpn/pptp.rst (limited to 'docs/configuration/vpn/pptp.rst') diff --git a/docs/configuration/vpn/pptp.rst b/docs/configuration/vpn/pptp.rst new file mode 100644 index 00000000..72b3feb0 --- /dev/null +++ b/docs/configuration/vpn/pptp.rst @@ -0,0 +1,47 @@ +.. _pptp: + +PPTP-Server +----------- + +The Point-to-Point Tunneling Protocol (PPTP_) has been implemented in VyOS only for backwards compatibility. +PPTP has many well known security issues and you should use one of the many other new VPN implementations. + +As per default and if not otherwise defined, mschap-v2 is being used for authentication and mppe 128-bit (stateless) for encryption. +If no gateway-address is set within the configuration, the lowest IP out of the /24 client-ip-pool is being used. For instance, in the example below it would be 192.168.0.1. + +server example +^^^^^^^^^^^^^^ + +.. code-block:: none + + set vpn pptp remote-access authentication local-users username test password 'test' + set vpn pptp remote-access authentication mode 'local' + set vpn pptp remote-access client-ip-pool start '192.168.0.10' + set vpn pptp remote-access client-ip-pool stop '192.168.0.15' + set vpn pptp remote-access gateway-address '10.100.100.1' + set vpn pptp remote-access outside-address '10.1.1.120' + + +client example (debian 9) +^^^^^^^^^^^^^^^^^^^^^^^^^ + +Install the client software via apt and execute pptpsetup to generate the configuration. + + +.. code-block:: none + + apt-get install pptp-linux + pptpsetup --create TESTTUNNEL --server 10.1.1.120 --username test --password test --encrypt + pon TESTTUNNEL + +The command pon TESTUNNEL establishes the PPTP tunnel to the remote system. + + +All tunnel sessions can be checked via: + +.. code-block:: none + + run sh pptp-server sessions + ifname | username | calling-sid | ip | type | comp | state | uptime + --------+----------+-------------+--------------+------+------+--------+---------- + ppp0 | test | 10.1.1.99 | 192.168.0.10 | pptp | mppe | active | 00:00:58 -- cgit v1.2.3