As I'm located in Ireland, I use a PPTP tunnel to a UK ISP in order to access BBC
iPlayer. I use my-private-network.co.uk for this service. Just like for the PPPoE service, create a new file in the directory /etc/ppp/peers
Username and password are stored in /etc/ppp/chap-secrets
Additional options are stored in /etc/ppp/options.pptp
Create a new startup script to set up the firewall rules and add specific routes. This script configures the iptables firewall and adds a route to BBC via the PPTP tunnel.
root@voyage:/etc/ppp/ip-up.d# cat MPN-UK
#!/bin/sh
"Running /etc/ppp/ip-up.d/MPN-UK..."
if [ "${PPP_IPPARAM}" = "MPN-UK" ]; then
/sbin/route add -net 212.0.0.0/8 dev ${IFNAME}
iptables -I OUTPUT 1 -d 212.0.0.0/8 -o ${IFNAME} -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
echo "NAT"
iptables -t nat -A POSTROUTING -o ${IFNAME} -j MASQUERADE
fi
Check the routing table
root@voyage:/etc/ppp/peers#
cat MPN-UK
pty
"pptp harry.my-private-network.co.uk --nolaunchpppd"
name
xxxxxx
remotename
PPTP
require-mppe-128
file
/etc/ppp/options.pptp
ipparam
MPN-UK
persist #automatically restart connection if it goes down
Username and password are stored in /etc/ppp/chap-secrets
root@voyage:/etc/ppp#
cat /etc/ppp/chap-secrets
"eircom@eircom.net"
* "broadband1"
"pptp_username"
PPTP "pptp_password" *
Additional options are stored in /etc/ppp/options.pptp
root@voyage:/etc/ppp#
cat options.pptp
lock
noauth
refuse-pap
refuse-eap
refuse-chap
refuse-mschap
nobsdcomp
nodeflate
Manually start MPN-UK PPPTP tunnel
root@voyage:~#
pon MPN-UK
Create a new startup script to set up the firewall rules and add specific routes. This script configures the iptables firewall and adds a route to BBC via the PPTP tunnel.
root@voyage:/etc/ppp/ip-up.d# cat MPN-UK
#!/bin/sh
"Running /etc/ppp/ip-up.d/MPN-UK..."
if [ "${PPP_IPPARAM}" = "MPN-UK" ]; then
/sbin/route add -net 212.0.0.0/8 dev ${IFNAME}
iptables -I OUTPUT 1 -d 212.0.0.0/8 -o ${IFNAME} -j ACCEPT
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
echo "NAT"
iptables -t nat -A POSTROUTING -o ${IFNAME} -j MASQUERADE
fi
Check the routing table
root@voyage:/etc/ppp/ip-up.d# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 ppp0
no.rdns-yet.uks * 255.255.255.255 UH 0 0 0 ppp0
b-ras2.srl.dubl * 255.255.255.255 UH 0 0 0 ppp0
192.168.11.0 * 255.255.255.0 U 0 0 0 br0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0
212.0.0.0 * 255.0.0.0 U 0 0 0 ppp1
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 ppp0
no.rdns-yet.uks * 255.255.255.255 UH 0 0 0 ppp0
b-ras2.srl.dubl * 255.255.255.255 UH 0 0 0 ppp0
192.168.11.0 * 255.255.255.0 U 0 0 0 br0
192.168.12.0 * 255.255.255.0 U 0 0 0 eth0
212.0.0.0 * 255.0.0.0 U 0 0 0 ppp1
No comments:
Post a Comment