PoPToP, a Secure and Free VPN Solution
PoPToP is the PPTP VPN server for Linux. Ports exist for Solaris, OpenBSD, FreeBSD and others. PoPToP allows Linux servers to function seamlessly in PPTP VPN environments, enabling administrators to leverage the considerable benefits of both Microsoft and Linux. The current release version of PoPToP supports Windows 95, 98, NT and Windows 2000 PPTP clients, as well as the Linux PPTP client.
PoPToP is a PPTP access concentrator (PAC) that employs an enhanced GRE (generic routing encapsulation—protocol 47) mechanism for carrying PPP packets, and a control channel (port 1723) for PPTP control messages. The basic operation of PoPToP is to wrap PPP packets up in IP and send them across the public Internet infrastructure. At the other end of the connection, the PPP packets are stripped from their IP packets and handed to the PPP daemon. The operation is almost identical to a dial-in session, except the PPP packets are wrapped in IP and sent over an IP network as opposed to a generic phone line and modem configuration.
PoPToP can be set up to work with a patched PPP daemon to support MSCHAPv2 authentication and RC4-compatible 40-128-bit encryption. A Linux server running PoPToP can effectively replace a Windows NT PPTP VPN server. However, PoPToP does not support PNS operation, so it does not replace a Windows NT server when PNS is required.
Another advantage of PoPToP (and PPTP in general) is that it is transparent to the encryption and authentication mechanism. Porting an alternate encryption algorithm (such as Blowfish) to a PPP compressor module would not be a difficult task. The only issue with developing your own encryption and authentication mechanism is the simple fact that you will break generic Windows client support. However, the Linux PPTP client is available under the GNU GPL and will work seamlessly with any PPP changes.
Finally, PoPToP is simple. It has a tiny memory footprint and has undergone performance tweaks. This makes PoPToP very attractive to embedded platforms and edge networks. When teamed up with the Linux PPTP client, solution providers can offer cheap VPN solutions with their own defined security protocols.
PoPToP was originally pioneered by Moreton Bay (http://www.moretonbay.com/) in February 1999 for their eLIA (embedded Linux Internet appliance) platform. It was released under the GNU GPL in April 1999, and has since found widespread acceptance on standard Linux servers and firewalls in both large production sites and small business and home networks. PoPToP is in the current Debian “potato” code freeze and SuSE 6.2.
Setting up PoPToP with a standard PPP daemon (without MSCHAPv2 or RC4-compatible encryption) is a painless task. Below is a quick setup guide.
Grab the latest stable version of PoPToP from www.moretonbay.com/vpn/download_pptp.html.
Log in as root to install and run PoPToP.
If you downloaded the PoPToP v1.0.0 tar file and stored it in /usr/local/src/, type the following commands:
cd /usr/local/src/ tar zxvf pptpd-1.0.0.tgz cd pptpd-1.0.0 ./configure make make install
If you downloaded the PoPToP RPM (pptpd-1.0.0-1.i386.rpm), type the following:
rpm --install pptpd-1.0.0-1.i386.rpm
PoPToP's binaries are placed in /usr/local/sbin. Check to make sure pptpd and pptpctrl are there before continuing.
Set up PoPToP configuration files. Example configuration files are shown in Listings 1 and 2. This configuration will use CHAP as the authentication mechanism. The user login is “billy” and the password is “bob”.
Now that the configuration files are set up, you are ready to launch PoPToP. Simply type pptpd.
Any standard Windows client with PPTP VPN installed should now be able to connect to your PoPToP-enabled VPN Linux server. On Windows 98, you can install it via Control Panel-->Add Remove Programs-->Windows Setup-->Communications-->Virtual Private Networking.
Remote access for employees no longer needs to be an expensive process. VPNs can easily replace dedicated lines or remote access servers without compromising security. PPTP is one VPN technology that is ready now. Although criticized in the past for its security flaws, recent enhancements to the authentication and encryption protocols have made PPTP an attractive solution to business. PoPToP is the PPTP VPN solution for Linux that can take advantage of MSCHAPv2 and RC4-compatible 40-128-bit encryption available to the countless Windows client machines. PoPToP is easily installed and is free. PoPToP is simple, and due to its small memory footprint, very attractive to embedded platforms and edge networks.
Matt Ramsay (firstname.lastname@example.org) is a full-time, low-level Linux application hacker living in sunny Brisbane, Australia. In addition to PoPToP, he has also developed and released under the GNU GPL a “micro” DHCP server for Linux. His main professional focus is writing small and fast applications for embedded Linux systems.
|Designing Electronics with Linux||May 22, 2013|
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
- RSS Feeds
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Designing Electronics with Linux
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- A Topic for Discussion - Open Source Feature-Richness?
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- What's the tweeting protocol?
- Kernel Problem
7 hours 51 min ago
- BASH script to log IPs on public web server
12 hours 18 min ago
15 hours 54 min ago
- Reply to comment | Linux Journal
16 hours 26 min ago
- All the articles you talked
18 hours 50 min ago
- All the articles you talked
18 hours 53 min ago
- All the articles you talked
18 hours 54 min ago
23 hours 19 min ago
- Keeping track of IP address
1 day 1 hour ago
- Roll your own dynamic dns
1 day 6 hours ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?