poptop_ads_howto_11.htm 5.6 KB

  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  2. "http://www.w3.org/TR/html4/loose.dtd">
  3. <html>
  4. <head>
  5. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  6. <title>Poptop MSCHAP2 ADS Howto</title>
  7. </head>
  8. <body>
  9. <p><strong>17. pptp Client Installation</strong></p>
  10. <p>I will only describe the Windows XP pptp client installation. For other operating system, please see the documents in <a href="http://poptop.sourceforge.net/dox/">here</a>. </p>
  11. <ul>
  12. <li>Start -> Settings -> Control Panels -> Network Connections.</li>
  13. <li>Click on &quot;Create a new connection&quot; on the left pane. </li>
  14. <li>A Winzard starts. Click on Next.</li>
  15. <li>Choose &quot;Connect to the network at my workplace&quot;. Next.</li>
  16. <li> Choose &quot;Virtual Private Network Connection&quot;. Next.</li>
  17. <li>Key in the company name. Next.</li>
  18. <li>Choose &quot;Do not dial the initial connection&quot;. Next</li>
  19. <li>Type in the external IP address of Hostname of the pptpd gateway. Next.</li>
  20. <li>Choose &quot;Anyone's use&quot;. Next</li>
  21. <li>Check the &quot;Add a shortcut to this connection to my desktop&quot;. Finish.</li>
  22. <li>A new icon appears on the Network Connections under the header Virtual Private Network. Right click on it and choose Properties.</li>
  23. <li>Click on the Security tab. Check &quot;Advanced (custom settings)&quot; and then click the Settings button.</li>
  24. <li> Choose &quot;Maximum strength encryption (disconnect if server declines)&quot; on Data Encryption.</li>
  25. <li>In the same tab, choose &quot;Allow these protocols&quot; and undo all except &quot;Microsoft CHAP Version 2 (MS-CHAP v2)&quot;. Click OK and click OK again to close the window.</li>
  26. </ul>
  27. <p>That's all for a standard configuration. All traffic from the PC will pipe through the pptp tunnel except those for the local attached network segment. This is the recommended way of implementing VPN for security reasons.</p>
  28. <hr>
  29. <strong><a name="splittunnel"></a>17.1 Split Tunneling</strong>
  30. <p>Split Tunneling allows you to configure the network so that only selected traffic is directed to the VPN tunnel. For instance, you want browsing traffic to go to the Internet directly but corporate traffic goes via the VPN, then you will need split tunneling. It is also important if your ISP requires a heatbeat from your machine to keep the connection alive. </p>
  31. <p>While split tunneling provides convenience, it causes security problems because <span name="intelliTxt" id="intelliTxt">it essentially renders the VPN vulnerable to attack as it is accessible through the public, non-secure network. Check your company security policy before inplementing split tunneling. </span></p>
  32. <p>To set up split tunneling:</p>
  33. <ul>
  34. <li>Right click on the icon which you created in section 15 and choose Properties.</li>
  35. <li>Choose the Networking tab. Highligth the Internet Protocol (TCP/IP) and click on the Properties button.</li>
  36. <li>Click on the Advanced Button and then deselect &quot;Use default gateway on remote network&quot;. Click OK. Click OK and then click OK.</li>
  37. </ul>
  38. <p>If you have a simple private network which has only one single segment, you have finished the configuration. Take a break and enjoy you day.</p>
  39. <p>If you have multiple subnets in the private network, there are still works to do. By not using the PPP as the default gateway, we introduce another problem. The PPP client will set up routing only to the subnet that is directly attached to the pptp gateway. Traffic will not route to the other subnets. In our test environment, you can only access but not To resolve this problem, I created a VBScript to add the extra routes. </p>
  40. <p>The VBScript is listed here: </p>
  41. <blockquote>
  42. <pre>Option Explicit<br>Dim IP_Address<br>Dim TmpFile : TmpFile = &quot;c:\ip.txt&quot;<br>Dim route1
  43. <strong>route1 = &quot;route add mask &quot;</strong>
  44. SaveIP<br>IP_Address = GetIP()<br>route1 = route1 &amp; IP_Address<br>AddRoute
  45. Sub SaveIP<br> Dim ws : Set ws = CreateObject(&quot;WScript.Shell&quot;)<br> ws.run &quot;%comspec% /c ipconfig &gt; &quot; &amp; TmpFile, 0, True<br> Set ws = Nothing<br>End Sub
  46. Function GetIP()<br> Dim fso : Set fso = CreateObject(&quot;Scripting.FileSystemObject&quot;)<br> Dim re : Set re = New RegExp<br> re.Global = TRUE
  47. Dim file, fileline, matches<br> Dim pppsection : pppsection = FALSE
  48. If fso.FileExists(TmpFile) Then<br> Set file = fso.OpenTextFile(TmpFile)<br>
  49. Do While Not file.AtEndOfStream<br> fileline = file.ReadLine
  50. If Not pppsection Then
  51. If left(fileline,3) = "PPP" Then
  52. pppsection = TRUE
  53. End If
  54. Else
  55. re.Pattern = "IP Address[\. ]+: "
  56. If re.Test(fileline) Then
  57. matches = split(fileline,":")
  58. GetIP = right(matches(1),len(matches(1))-1)
  59. End If
  60. End If
  61. Loop<br> file.Close<br> End If
  62. Set re = Nothing<br> Set fso = Nothing<br>End Function
  63. Sub AddRoute<br> Dim ws : Set ws = CreateObject(&quot;WScript.Shell&quot;)<br> ws.run &quot;%comspec% /c &quot; &amp; route1, 0, True<br> Set ws = Nothing<br>End Sub
  64. </pre>
  65. </blockquote>
  66. <p>Create the VBScript file somewhere in your PC and create a shortcut on the desktop. When the PPP connects, double click on the shortcut will add the route accordingly.</p>
  67. <p><strong>Note</strong>: you will need to modify the line in bold for your environment. </p>
  68. <hr>
  69. <a href="poptop_ads_howto_12.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_10.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a><p>&nbsp;</p>
  70. <p>&nbsp;</p>
  71. </body>
  72. </html>