So after setting my Cubieboard for my liking, another thing I want is to be able to access it anywhere and anytime. The trouble is, the ISP I am with right now is blocking all incoming ports, needs a work around.
After some browsing and also from past experiences, I feel
PPTP is my best bet. Incredibly easy to implement from a client/server perspective. The challenge is to keep the tunnel open at all times.
The VM is using Ubuntu 13.04 Server image.
PPTP Server Side
This is what I did on the server end.
$ apt-get update && apt-get upgrade -y # Optional $ apt-get install -y pptpd
Server & Client IP Allocations
Now let's setup the IP Range we're gonna allocate to connecting clients. Add the lines below to
localip 10.0.0.1 remoteip 10.0.0.100-200
localip part is for the server and the
remoteip part is for connecting clients.
Defining Valid Users
Next up we're gonna setup valid clients and allocate IP Addresses based on the user they are connecting as. Edit
/etc/ppp/chap-secrets to reflect the followings.
cubie pptpd cubie_secret 10.0.0.23
We can add as many users we want. If you don't want to assign static IPs, you can use the template below.
john pptpd john_secret *
DNS for Clients
The lines below is using Google's DNS servers, if you have local DNS Servers, it will shorten round trips.
Go ahead and edit
ms-dns 188.8.131.52 ms-dns 184.108.40.206
PPTPD Configuration Done
Restart the daemon.
service pptpd restart
Setting Up Forwarding & NAT
First of all, we need to enable IP Forwarding. Go ahead and edit
net.ipv4.ip_forward = 1
Let's setup forwarding with
iptables and let clients communicate with each other.
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE && iptables-save $ iptables --table nat --append POSTROUTING --out-interface ppp0 -j MASQUERADE iptables -I INPUT -s 10.0.0.0/8 -i ppp0 -j ACCEPT iptables --append FORWARD --in-interface eth0 -j ACCEPT
Setting Up Cubieboard As a Client
My Cubieboard has a GUI set using
LXDE but I want to do this from the CLI. I've also setup a small Python script to keep monitoring the VPN Tunnel.
Installing The PPTP Client
$ apt-get install network-manager-pptp $ modprobe ppp_mppe
Configuring The PPTP Client
This is the easy part. Fire up an editor and create a new file:
pty "pptp x.x.x.x --nolaunchpppd" name cubie password cubie_password remotename pptpserver require-mppe-128
x.x.x.x line with the IP Address of your PPTPD Server. You can rename that particular
pptpserver name to something more descriptive.
Connecting To The Server
Let's connect now!
$ pppd call pptpserver
Now it won't show any logging, you can
tail the log at
$ tail -f /var/log/syslog
Or you can just check if
ppp0 is already available by doing a
ifconfig -s ppp0. A successful connection will output something like below.
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg ppp0 1496 0 7 0 0 0 7 0 0 0 MOPRU
Let's add some more routes like so.
$ ip route add 10.0.0.0/8 dev ppp0
Making The VPN Tunnel Persistent
We need the tunnel to always be available at all times so we're gonna need a monitoring solution to reconnect when the tunnel is broken. I made a small Python script available below.Save the file as `/root/bin/checkapp.py`, adjust permission and let's add this to our crontab.
$ curl https://gist.github.com/tistaharahap/8059219/raw/e3e8ac07308cc06e24694c182b09428901f36f9b/checkppp.py > /root/bin/checkapp.py $ chmod +x /root/bin/checkapp.py $ crontab -eAdd the following line below for a 5 minute check interval.
*/5 * * * * /root/bin/checkapp.py## Done Now I have a persistent tunnel and available anytime I need it.