Products Partners Download Buy Network About Community Help  

User Guide Overview

Installing/Upgrading Introduction System Requirements Compatibility RAID Support Starting the Install/Upgrade Configuration Options Partitioning and RAID Troubleshooting

Post-Installation - First Boot Network Configuration Web-based Administration System Registration

Network Settings Bandwidth DHCP Server Hosts and DNS Server IP Settings LAN Configuration Multi-WAN Network Tools UPnP Wireless

Firewall 1 to 1 NAT Advanced DMZ Group Manager Incoming Outgoing Peer-to-Peer Port Forwarding

Security Intrusion Detection Intrusion Prevention

Accounts Users Groups Organization Administrators

System Backup and Restore Date Encrypted File Systems Language Running Services Shutdown and Restart SMTP Relay SSL Certificate Manager Webconfig

Backup LAN Backup/Recovery

Database Database

E-mail Antispam Antispam - Dspam Antispam - Training Antivirus Aliases Archive Filters / Greylist Maildrop POP and IMAP SMTP Mail Server Webmail

File and Print Services Flexshare FTP Server Print Server Windows Networking

Filtering and Proxying Access Control Ad and Pop-up Blocker Content Filter Web Proxy

Groupware Groupware Setup

VPN Desktop-to-LAN / PPTP LAN-to-LAN / IPsec OpenVPN

Web Photo Gallery Web Server

Reports Current Status Dashboard Overview Intrusion Detection Logs SMTP Mail Statistics Web Proxy Web Server


Contact Us
  Sales Enquiry
  Tech Support

 

Modules - VPN Server - PPTP

Contents

Overview

VPN Server - PPTP Information
Description Virtual Private Network PPTP server.
Package Name cc-pptpd
Configuration Page Network > VPN > PC-to-LAN


The PPTP server is a secure and cost effective way to provide road warrior VPN connectivity. The PPTP VPN client is built-in to Windows 98, ME, 2000, and XP. No extra software is required and ClarkConnect provides full password and data encryption.

Installation

If you did not select this module to be included during the installation process, you must first install the module.

Configuration

Configuring the PPTP Server

Local IP and Remote IP

You must select a range of LAN IP addresses for the PPTP VPN connections. This range should be on the same network as your local area network. By default, the DHCP Server on ClarkConnect only uses IP addresses above x.x.x.100. All addresses below this number are reserved for static use. We strongly suggest you use this sub-100 static range for PPTP.

Encryption Key Size

Most PPTP VPN clients support the stronger 128-bit encryption key. However, some VPN clients (especially handheld computers and mobile phones) can only support 40-bit encryption. Change the encryption key size to meet your needs.

Domain

The default domain used by the PPTP client.

WINS Server

The Microsoft Networking WINS server used by the PPTP client. Depending on your network configuration, you may need to specify the WINS settings in VPN client configuration.

DNS Server

The DNS server used by the PPTP client.

Usernames and Passwords

PPTP users must have a valid account with the PPTP option enabled. See the Users Configuration page for more information.

Configuring Microsoft Windows

Configuring Windows 95/98

  • Install the Virtual Private Networking client from the Windows 98 CD. Use the Add/Remove Programs tool in the Control Panel. Click on the Windows Setup tab, and select Communications from the list. Click on the Details button and make sure Virtual Private Networking is selected (see screenshot). You may need to reboot your system after changing this setting.
  • The PPTP Client in Windows 98 is part of the Dial-up networking tools. It may seem strange using dial-up networking over another dial-up connection (or in some cases over broadband)... but that is the way it is.
  • Go to dial-up networking by clicking on My Computer on your desktop.
  • Click on Make New Connection.
  • Name the connection and select the Microsoft VPN Adapter.
  • Continue with the wizard and enter the IP or Hostname of the PPTP server.
  • You are not quite done yet. Right-click on the VPN connection you just created.
  • Select the Server Types tab.
  • Make sure Require encrypted password, Require data encryption are selected (see screenshot).
  • Disable the NetBEUI and IPX/SPX protocols (unless you really need them).
  • Click on the TCP/IP Settings button.
  • Use the default gateway on the remote network (see screenshot). This may not be necessary in some situations.


Configuring Windows XP

The PPTP client is built-in to Windows XP.

  • Go to the Control Panel.
  • Click on Network Internet Connections (this step may not be necessary.
  • Click on Network Connections.
  • Click on Create a New Connection to start the configuration wizard (see screenshot).

Image:ss_pptpd_xp_config0.png

  • Select connect to the network at my workplace.
  • Select Virtual Private Network connection.
  • Add a connection name, and dial settings, and hostname.
  • Click on the Properties button (or right-click on the new connection, and select Properties from the menu.
  • Select the Security
  • Make sure Require data encryption is selected.

Image:ss_pptpd_xp_config2.png

  • Select the Networking tab.
  • From the Type of VPN drop box, select PPTP VPN.

Image:ss_pptpd_xp_config1.png

Troubleshooting

Error 619, PPTP and Firewalls

PPTP requires special software when passing through gateways/firewalls. If you are having trouble connecting to a PPTP server, make sure any gateways/firewalls between your desktop and the ClarkConnect server support PPTP passthrough mode. If you see the following in the /var/log/messages log file on the ClarkConnect system, then it is likely a PPTP passthrough issue on the client side of the connection: 

PTY read or GRE write failed


Note: you can view log files via the web-based administration tool -- go to Reports > Logs in the menu.

Another quick way to diagnose the issue is by connecting to the PPTP server while connected directly to the local network. With a direct connection to the ClarkConnect PPTP server, you can eliminate the potential for the PPTP passthrough issue.

PPTP Passthrough

If you are connecting a desktop from behind a ClarkConnect gateway to a remote PPTP server, then you need to have PPTP passthrough software installed and enabled on the firewall. This software is included in ClarkConnect Office and Professional 2.x, and all Editions of ClarkConnect 3.1 or higher.

However, we do not recommend running PPTP Passthrough and a PPTP server simultaneously. By default, the ClarkConnect gateway will automatically disable PPTP Passthrough when the firewall is configured to allow PPTP server connections. If you would like to run PPTP Passthrough and a PPTP server simultaneously, follow the Force PPTP Passthrough documentation.

Two PPTP Connections to the Same Server

The PPTP protocol does not allow two VPN connections from the same remote IP address. In other words, if you have two people behind a gateway (for example, ClarkConnect) connecting to the same PPTP server, then the connection should fail. Note: it is fine to have two people behind a gateway connecting to different PPTP servers.

Some PPTP servers and gateways (including ClarkConnect) do make an exception for this shortcoming. However, some PPTP servers may strictly follow the standard below:

"The PPTP RFC specifies in section 3.1.3 that there may only be one control channel connection between two systems. This should mean that you can only masquerade one PPTP session at a time with a given remote server, but in practice the MS implementation of PPTP does not enforce this, at least not as of NT 4.0 Service Pack 4. If the PPTP server you're trying to connect to only permits one connection at a time, it's following the protocol rules properly. Note that this does not affect a masqueraded server, only multiple masqueraded clients attempting to contact the same remote server."

Links

Retrieved from "http://wiki.clarkconnect.com/docs/Modules_-_VPN_Server_-_PPTP"

This page has been accessed 23,970 times. This page was last modified on 21 August 2008, at 20:00.


 
   
Copyright © 2000-2007, Point Clark Networks
Company | Contact | Legal | Help | Login