Thursday, July 9, 2009

VPN disconnects on Debian Linux "Lenny"

I use VPN to work from home. My office workstation runs Windows Vista Professional (alas!) but I prefer to work in Linux.

I have Debian "Lenny" running at home, and I did apt-get install rdesktop pptpclient (as root) to get the programs I need.

I followed the directions at http://pptpclient.sourceforge.net/howto-debian.phtml#configure_by_hand
I called the connection "work".
I also followed the directions at http://pptpclient.sourceforge.net/routing.phtml#client-to-lan
and added a file called "work" in the /etc/ppp/ip-up.d/ directory, with the contents of the file (copied from the client-to-lan page copied and modified):
#!/bin/sh
if [ "${PPP_IPPARAM}" = "work" ]; then
/sbin/route add -net 192.168.10.0/24 dev ${IFNAME}

/sbin/iptables --insert OUTPUT 1 \
--source 0.0.0.0/0.0.0.0 \
--destination 192.168.10.0/24 \
--jump ACCEPT --out-interface ${IFNAME}

/sbin/iptables --insert INPUT 1 \
--source 192.168.10.0/24 \
--destination 0.0.0.0/0.0.0.0 \
--jump ACCEPT --in-interface ${IFNAME}

/sbin/iptables --insert FORWARD 1 \
--source 0.0.0.0/0.0.0.0 \
--destination 192.168.10.0/24 \
--jump ACCEPT --out-interface ${IFNAME}

/sbin/iptables --insert FORWARD 1 \
--source 192.168.10.0/24 \
--destination 0.0.0.0/0.0.0.0 --jump ACCEPT

/sbin/iptables --table nat --append POSTROUTING \
--out-interface ${IFNAME} --jump MASQUERADE

/sbin/iptables --append FORWARD --protocol tcp --tcp-flags SYN,RST SYN \
--jump TCPMSS --clamp-mss-to-pmtu
fi
To run it, I open a terminal as root and do:
pon work
Wait a few seconds, do ifconfig and make sure "ppp0" is listed as a connection, then
/etc/ppp/ip-up.d/work to route the network traffic appropriately.
Then in my menu Applications -> Internet -> Remotedesktop Client I opened a connection to my machine.

I ran into two problems. First, the /etc/ppp/ip-up.d/work file didn't seem to run, so I took the if and fi out. That fixed that, and I could ping and connect to machines at work.
Second, my connection would drop a few times an hour. I read around the pptp client site until I saw a suggestion to drop the MTU (which I learned means "maximum transmission unit", or maximum packet size) to 1400. So I inserted a new second line to the file above,
/sbin/ifconfig ppp0 mtu 1400

After that, everything worked fine. Next, I'm going to work on making DNS operate across the VPN. For right now, I cheat and log in to servers at work with fixed IP addresses, and then use pings from those machines to locate any DHCP machine I can't find.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)