PPTP

As I’m located in Ireland, I use a PPTP tunnel to a UK ISP in order to access BBC iPlayer. I use my-private-network.co.uk (MPN-UK) for this service. Just like for the PPPoE service, create a new file in the directory /etc/ppp/peers

root@voyage:/etc/ppp/peers# cat MPN-UK

pty "pptp harry.my-private-network.co.uk --nolaunchpppd"

name xxxxxx

remotename PPTP

require-mppe-128

file /etc/ppp/options.pptp

ipparam MPN-UK

persist     #automatically restart connection if it goes down

Username and password are stored in /etc/ppp/chap-secrets

root@voyage:/etc/ppp# cat /etc/ppp/chap-secrets

"eircom@eircom.net" * "broadband1"

"pptp_username" PPTP "pptp_password" *

Additional options are stored in /etc/ppp/options.pptp

root@voyage:/etc/ppp# cat options.pptp

lock

noauth

refuse-pap

refuse-eap

refuse-chap

refuse-mschap

nobsdcomp

nodeflate

Manually start MPN-UK PPPTP tunnel

root@voyage:~# pon MPN-UK

Create a new startup script to set up the firewall rules and add specific routes. This script configures the iptables firewall and adds a route to BBC via the PPTP tunnel. The routes are determined by looking at the requests sent by the PC on the iplayer website.

root@voyage:/etc/ppp/ip-up.d# cat MPN-UK
#!/bin/sh
"Running /etc/ppp/ip-up.d/MPN-UK..."

if [ "${PPP_IPPARAM}" = "MPN-UK" ]; then

/sbin/route add -net 212.0.0.0/8 dev ${IFNAME}
/sbin/route add -net 179.79.206.0/23 dev ${IFNAME}
/sbin/route add -net 23.212.108.0/23 dev ${IFNAME}
/sbin/route add -net 66.235.148.0/23 dev ${IFNAME}
/sbin/route add -net 77.72.116.0/24 dev ${IFNAME}
/sbin/route add -net 77.72.118.0/24 dev ${IFNAME}
/sbin/route add -net 95.211.0.0/16 dev ${IFNAME}
/sbin/route add -net 216.137.62.0/23 dev ${IFNAME}
/sbin/route add -net 131.253.40.0/24 dev ${IFNAME}
/sbin/route add -net 104.16.13.0/24 dev ${IFNAME}
/sbin/route add -net 178.79.194.0/24 dev ${IFNAME}
/sbin/route add -net 178.79.195.0/24 dev ${IFNAME}
/sbin/route add -net 54.192.46.0/24 dev ${IFNAME}

#iptables -I OUTPUT 1 -d 212.0.0.0/8 -o ${IFNAME} -j ACCEPT
#iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS  --clamp-mss-to-pmtu

echo "NAT"
iptables -t nat -A POSTROUTING -o ${IFNAME} -j MASQUERADE

fi

Check the routing table

root@voyage:/etc/ppp/ip-up.d# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         *               0.0.0.0         U     0      0        0 ppp0
no.rdns-yet.uks *               255.255.255.255 UH    0      0        0 ppp0
b-ras2.srl.dubl *               255.255.255.255 UH    0      0        0 ppp0
192.168.11.0    *               255.255.255.0   U     0      0        0 br0
192.168.12.0    *               255.255.255.0   U     0      0        0 eth0
212.0.0.0       *               255.0.0.0       U     0      0       0 ppp1
Advertisements